Finding The Hidden InfoSec Story

Malvolio the Incorruptible

Creator: Johann Heinrich Ramberg

Shakespeare’s late comedy Twelfth Night contains a fine example of how even the most incorruptible people can become manipulated in the right circumstances.

In the play, we are presented with the character of Malvolio, a severe and humourless courtier. As steward to the countess Olivia, he carries a certain amount of power that he wields enthusiastically against the more light-hearted members of the household, such as the maidservant Maria.

It is Maria who finally decides to act against Malvolio when he threatens to report her and others for their drunken behaviour. She describes him as “a kind of Puritan”, who is, “so crowned, as he thinks, with excellences that it is his grounds of faith that all that look on him love him; and that vice in him will my revenge find notable cause to work.”

In other words, she sees an underlying vanity that she can exploit; and this is what she does. She forges a letter in the handwriting of Olivia that gives just enough coded encouragement for Malvolio to believe that she loves him.

It urges him to “Be not afraid of greatness”, reminding him that “some are born great, some achieve greatness, and some have greatness thrust upon them.”

While Maria and others watch in secret, Malvolio finds the letter and falls hook, line and sinker for the trick. In order to show his love for Olivia, he learns that he must constantly smile, and should wear yellow, cross-gartered stockings.

Suffice to say that not only are these two requests totally at odds with Malvolio’s usual behaviour, but they are also two things that Olivia personally detests.

And so we have the situation where the puffed-up Puritan, already dreaming of becoming “Count Malvolio”, cavorts before Olivia smiling and wearing the ridiculous stockings, thinking that this will win her love. Despite her shock and disgust, Malvolio manages to interpret her behaviour in a favourable way. He has lost all sense of reality.

And of course, in the end the trick is revealed and poor Malvolio is publicly shamed and humiliated, much to the amusement of everyone else.

So what is the moral of the tale for security folk? Well, it shows once more the power of flattery, and should remind us that even the most upright and reliable of users is vulnerable to the right kind of social engineering. Maria spotted Malvolio’s weak spot and exploited it for all its worth.

So by all means trust your users to do the right thing, but always put extra safety features in place as well. Then if trust breaks down for any reason, then you have a back-up plan.

Author: Ron Condon

Share This Post On