The Three Little Pigs and cybersecurity

Credit to Author: Nikolay Pankov| Date: Wed, 26 Feb 2020 21:17:07 +0000

In the olden days, people paid far better attention to cybersecurity than they do now. I am sure that most of the folk tales that have survived to this day were invented specifically to prepare children for the world of cyberthreats. Take, for example, the well-known English folk tale The Three Little Pigs. Its seemingly simple plot explains not only the idea behind brute-force attacks, but also such complex concepts as honeypots and even cryptocontainers!

Many versions of the story exist, and it varies a bit depending on language, but for today we will focus on the text written by James Halliwell-Phillipps back in the 19th century. The plot dates much farther back than that, of course.

Brute-force

The tale begins with the three pigs selecting a hardware solution to protect against cyberthreats. It appears to be some kind of Internet gateway. The first chooses a device made of straw (cheap and unreliable), the second opts for wood (more reliable, but still not great), and the third puts up a real firewall made of stones.

The wolf in the fairy tale is depicted as a fairly low-skilled hacker. His approach to the information infrastructure of each little pig is to attack it with the only tool available to him: blowing. As you surely recognize, this is analogous to brute-force hacking. In cybersecurity, brute force is usually applied to cracking passwords.

The tale shows that this technique can indeed be effective when the target doesn’t pay much attention to cybersecurity: The first two porcine huts cannot withstand the brute-force attack, and the attacker gets inside. But with the third, he encounters problems. In other words, even storytellers two centuries ago knew that using inexpensive routers with default passwords was a recipe for disaster.

Compromised communication channel

Not all versions of the tale include the second traditional attack, more’s the pity. Here it is: After the first attack fails, the wolf begins to shower the third little pig with useful links. In particular, he sends the addresses of fields of turnips and apple trees, and one for a fair, suggesting the best time to go there.

One might assume the links are a form of phishing, but the English storytellers of old were actually more sophisticated. What they were describing was a completely different type of attack. The “links” in this case are not fake, they are real. And that is totally fine with the wolf: He couldn’t care less where the little pig goes, because the point is that he controls the communication channel — although only at certain hours, not 24/7.

The little pig tricks the furry hacker by visiting the useful sites, but not when the wolf wants him to. The only real danger arises in the case of the fair, when on the way back the little pig runs into the wolf. He finds a way out: Having bought a butter churn at the fair, he climbs inside and rolls down the hill, which frightens the wolf away. In modern terms, the little pig downloads data from the site in a cryptocontainer, and thus manages to stay safe despite using the compromised communication channel.

Honeypot

In a last, desperate attempt to penetrate the little pig’s infrastructure, the wolf looks for a vulnerability in the device. The only hole he can find is the chimney, so he tries to climb down, entering through the fireplace. Did the wolf stumble on this vulnerability by chance? Obviously not; the little pig has long been aware of it. Moreover, having set the trap in advance, he lights the fire and puts a cauldron over it.

In cybersecurity, the cauldron is called a honeypot. The primary purpose of intentionally exposed vulnerabilities is to monitor cybercriminals’ activities. But if the culprits are careless enough, the honeypot can also unmask them and help figure out who they are.

To be fair, some of this information was of little practical use to children in the 19th century. But the original storytellers had a different purpose in mind — to introduce useful practices into the cultural code of society, so that centuries later, with the advent of information technology, people would have a visceral sense of the threat landscape. Those who retell fairy tales to their children are effectively helping build a safer world.


https://blog.kaspersky.com/feed/