Tortoise and Hare and the Internet

Once upon a time, Tortoise and Hare both decided to start their own e-commerce firms. Both received roughly the same amount of bank financing, but while Tortoise put some funds towards a firewall, an IPS, and an anti-phishing program, Hare went cheap on his firewall and put everything he had into fancy marketing materials. For storage, Tortoise kept his data on-premises while Hare put all his data into the cloud.

Hare thought he was pretty slick as he started to rack up contracts at a faster pace than Tortoise.

One day, though, a Big Bad Moose pointed his tools at the IP range that included the public addresses of both Tortoise’s and Hare’s firms. The Big Bad Moose didn’t specifically target Tortoise or Hare: their numbers had just come up, so it was their turn to be targeted by the Big Bad Moose. Next week, it would be the Big Bad Duck or the Big Bad Gerbil, or, well, {Big Bad {$SPECIES}} would pretty much define all the evil hackers out there in the land. Point being, there were lots of hackers of all different types, so one shouldn’t be surprised if a Big Bad Moose is trying to pwn servers.

While Hare’s cheap firewall was enough to stop Moose’s general port scan, it didn’t do a thing against Moose’s SQL injection attacks on Hare’s firewall or the spear fishing emails to CarrotFest that Moose sent to people in Hare’s company.

Meanwhile, Tortoise’s IPS caught the SQL injection attacks and his phishing defenses blocked the emails to LettuceCon that Moose had sent to Tortoise’s company. Moose didn’t care. In his work, some attacks worked and some just made one focus on the attacks that worked.

After the Big Bad Moose got some username and password combos for Hare’s network, he was delighted to discover that the RDP port was allowed in from the firewall to servers and desktops inside. Moose used the stolen credentials to get good stuff like financial details and company credit card info, which he then used to buy lots and lots of stuff for himself, particularly big-ticket items like home theater systems that would fetch a pretty good return on eBay in “unopened” condition. Once those transactions had cleared, he sold the credit card numbers.

Big Bad Moose then sold access to Hare’s open relay mail server to a Big Bad Komodo Dragon. Within seconds, millions of spam mails in Bahasa Indonesia were flying through Hare’s mail server, effectively shutting down his business operations. Worse, only a few hours later, Hare’s email server got black-holed. Hare had no idea about what to do to get back into production. Nobody at Hare’s company knew what to do except to shut down the email server, which they did for a day, allowing them to get off the blacklist.

But, as soon as they turned it back on, the Indonesian spam from Big Bad Komodo Dragon came back on, as well. Hare shut down the email server again and called a consulting company to assess the damage. When the consultants found all the penetrations on Hare’s network, they recommended that he flatten all his systems and start over. When Hare looked at the consultants like they were crazy, the consultants showed Hare where his servers were now storing illegal pornography. That got Hare to agree with the consultants.

Meanwhile, Tortoise kept going like business as usual. He even started to get clients that had dropped Hare, due to Hare’s extended outage.

Hare noticed how Tortoise was getting more business and reckoned that his was going to fail soon. Hare made a career change and got into consulting, so that he could share his lessons learned with other small business owners. Whenever he saw another business owner trying to go as fast as possible without putting much emphasis on security, Hare would say, “Not so fast, there, buddy! Let me tell you why slow, steady, and secure can win the race…”

Leave a Reply

Your email address will not be published. Required fields are marked *