Cyber ​​incidents in folk tales

We have established long ago that the famous storytellers Charles Perrault , the brothers Grimm and Hans Christian Andersen were in fact popularizers of the topic of information security. But where did they get the stories from which they wrote their incident reports? It is believed that most of the author’s tales are based on folk. We decided to dig deeper and find out if there are other descriptions of the so-called “cases” among the folk tales that eminent authors did not have time to retell.

As usual, reality exceeded our expectations – almost all fairy tales allegorically describe certain cyber incidents! Moreover, despite the outward simplicity of each of the tales, in fact, they contain a surprisingly significant amount of information.

The fox and the wolf, or the beaten unbeaten is lucky

The tale about the fox, which in every possible way deceives the wolf and some villagers, is just a collection of classic cyber attacks. The version that has survived to our times combines three incidents, which, most likely, were once separate cases. Let’s break them down in order:

1. Trojan fox. It all starts with a man carrying freshly caught fish on a cart. A cart here clearly means a not very modern computer. And the obvious allusion to Mikhailo Lomonosov, most likely, should hint that this is an official machine for scientific work. On the cart, he downloads a Trojan fox in the hope of making his wife happy with a fancy skin (possibly a Firefox distribution). But the Trojan fox is activating and pumping out the fish database somewhere outside.
2. Phishing hole. The fox advertises freshly caught fish among forest animals, which arouses some interest in the wolf. Using this, the fox sends him a link to a phishing hole. By clicking on the link in the hope of free fish, the wolf freezes into the divorce, eventually loses its tail, and in addition is bullied with buckets and rocker arms by peasant women. It is not known exactly what benefit the fox was counting on here – perhaps it was pure trolling (this is also hinted at by the anonymous comments “Brighter, brighter in the sky are the stars, freezing, freezing wolf’s tail,” left in the nearby bushes).
3. Compassion manipulation. The fox, using a stolen test, simulates a head injury and, playing on the wolf’s feelings of pity, forces him to engage in his own transportation. That is, it conducts a successful attack using social engineering.

Gingerbread man

We suspect that initially the tale was still called “Kolobot” , but over the centuries, after numerous retellings, the last letter morphed into “k”. This is a story about how a grandmother, commissioned by his grandfather, created a certain bot and put it on the window to cool down – read, uploaded it to a vulnerable Windows server – from where it safely leaked out and began to surf the Web.

The functions of the bot become obvious after the very first dialogue with the hare – it serves for DoS attacks on forest dwellers. Kolobot dumps streams of absolutely unnecessary information onto the beast who did not expect a trick and, taking advantage of the animal’s confusion, goes to the following address. It probably also hints at the functionality of the worm.

Interestingly, in the stream of meaningless data, the bot leaves the so-called “bread crumbs” – it lists the addresses that it attacked before (it left the grandmother, left the grandfather, left the hare, left the wolf). A “combat” bot would not need it – perhaps it is some kind of debugging information that has not been removed by the developers. In other words, additional confirmation that the code was leaked prior to release.

Perhaps, if not for the leak, grandma and grandfather would have created a whole botnet of such kolobots and used them for a distributed attack (DDoS) for profit. At the beginning of the tale, the authors of the bot mention the lack of food – apparently, in this way the storytellers hint at the motivation of their criminal activities.

Fortunately, the bot eventually stumbles upon a fox with DoS protection enabled. While it repeats its flow of information over and over again, the system filters out noise, and the fox operators calculate the exact address of the bot and successfully eliminate the threat.

Masha and the Three Bears

This tale tells in detail about the investigation of the cyber incident. It all starts with the “Masha” malware infiltrating the infrastructure guarded by three bears and taking over there. Fortunately, the defenders notice that something was wrong in time and begin to thoroughly study the incident. First, they notice traces of manipulation of the chairs and the fact that the smallest chair has been cracked at all – there are all signs of penetration into the system.

Then the abnormal consumption of the porridge becomes apparent. Some researchers believe that “porridge” should be understood as the processor’s cache, which “Masha” downloaded for some of her hacking purposes . But this version does not stand up to criticism: in this case, the bears would hardly find a shortage. Most likely, there is no need to look for consonance here, and porridge, most likely, means the electricity that Masha spent for mining purposes.

Finally, they figure out where the malicious code might be hiding. After examining the two “beds” on which “Masha” left traces of her presence as a diversionary maneuver, they finally find the malware code. Unfortunately, he manages to remove himself, and the bears fail to thoroughly examine his insides. But at least the threat has been successfully eliminated.

By the way, nowhere is it said that the bears were not green – perhaps this tale anticipates the appearance of our experts involved in monitoring and responding to cyber incidents .