Feel like a geek and get yourself Ema Personal Wiki for Android and Windows

19 November 2010

Code injection in Early Modern England

Mary Stuart
Code injection methods like SQL injection, Javascript injection or buffer overflow exploits are well known devices to break the security of a system. Much less known is that code injection is a phenomenon that was invented centuries ago and was already used in early modern history.

In 1586 the catholic conspirator Anthony Babington plotted against the protestant Queen Elisabeth I to advance Mary Stuart to the English throne. Mary Stuart was being held captive. All her correspondence was spied upon and read by Walsingham, the chief minister of Queen Elisabeth. So Babington and Mary encrypted their letters about the conspiracy to prevent non-authorized eyes to read the contents. They used a mix of a cipher and a code, which was a quite common way of encrypting diplomatic correspondence in those days.

What they did not know, was that Walsingham employed a gifted mathematician and linguist, Thomas Phelippes, who managed to break the conspirators' code. Walsingham and Elisabeth could now read everything about the plot. As could be expected, it would be quite unfavorable for the Queen's health if the plan would be brought into practice.

They could just have arrested the two conspirators, but Walsingham decided otherwise and waited. He wanted to arrest everyone involved in the plot. Because the other conspirators were unknown, Walsingham and his cryptographer decided to insert a request into one of the letters from Mary to Babington. In the code that Phelippes cracked, they encoded a request to Babington to mention all his fellow conspirators to Mary and added this request to a genuine letter.

For the story's sake it would be nice if Babington had indeed replied with the names, but he was arrested earlier and the other conspirators were discovered anyway. Code injection nevertheless had been born. 

The end of the story should be an exhortation to be very serious about the security of your code. The letters decoded by Thomas Phelippes served as evidence in a trial against Mary and her followers. Mary was convicted of treason and executed in the end.