Blue Team vs. The Rabbits: Inside Attacks
Sofia the rabbit wants to hop out of the playpen, and she’s not going to stop trying until she succeeds. What is blue team to do?
You’ve probably heard the old adage prevention is ideal but detection is a must. However, knowing Sofia like I do, the highest priority in this case will be layers of prevention. Mitigation and recovery both come a close second. Detection is almost useless.
Her bonded mate and her neighbors are big time snitches who will thump their feet when she gets out. Blue team isn’t, and can’t be, a 24/7 operation in this case. If she makes her big break overnight, no one will check the logs until the morning. A motion sensor could work if fine-tuned to rule out false positives. A camera could work except then we’re back to no one being at the console after hours.
All the detection in the world fails if no one is willing, or able, to respond on time. Our attacker isn’t going to wait. Information wants to be free and she’s got the jump, the curious nose, and the nibble-power to do it.
Blue team has to think like a rabbit. Become the rabbit.
The first step is to build a higher pen wall and reinforce its borders. Remember, however, that human caretakers still have to get in and out. There has to be a door, or a way to lower the wall. How high to make the wall is a matter for serious consideration. Rabbits can jump higher and farther than many people think. Especially if they can use the wall to their advantage for an extra kick up.
The pen door is an unavoidable accepted risk. User error is the biggest threat here; you did latch it shut, right? Also, remember to put the latch on the outside. Rabbits are smart enough to figure out how latches work if they can reach them.
Incorrectly installed equipment is fodder for another essay.
Many pens use wire mesh instead of solid walls. Watch a video sometime of a rabbit pushing itself through a small hole. It’s quite impressive. They can do it so fast that you think they teleported. Watch out for the holes, make them smaller than you think they need to be, and then even smaller than that. Or use a solid wall pen, although those are harder to clean.
Good security sometimes means cleaning the wall more often.
If the pen is moveable Sofia might find a way to tip it just enough to get underneath. If it’s attached to the walls of the enclosing room she may nibble through the anchor points. Rabbits can chew through metal given time and motivation.
And, look, she just got out! The door wasn’t latched. Is anyone surprised? We assumed this would happen, so a mitigation and recover plan is in place.
Sofia may have made it out of the pen, but now she’s in the larger enclosing living room. There are solid walls, a glass door to outside, and another gate between her and the kitchen. The living room is braced for a rabbit breach. Nothing chewable in easy reach, power cords protected, and air vents covered. Toys are in place to catch and hold her attention until a response team arrives.
For our purposes the glass door to the outside garden is impervious to attack, she can neither dig at it nor chew it. Assuming the glass door hasn’t been left open, of course. User error is always a headache, but Sofia could also have an outside collaborator. Automated after hours door closure and locking will help, but security training for users is a must.
The biggest weakness here is, again, the moveable gate, which relies on the user closing it. The glass door might not be opened for weeks at a time, but the moveable gate is accessed multiple times per day by many different personnel. As long as the gate is high enough Sofia will have to chew through it, and she won’t have enough time. It would take days.
If blue team doesn’t respond within days they have problems beyond the scope of this essay.
If Sofia makes it past the gate she’s then in the kitchen and has a much wider house available to her. Blue team can only set up so many defenses because of cost. If she makes it out of the kitchen she’s won. The recycled newspaper pile and the house plants are hers for the nibbling. She can also implement an attack against other pens in the house.
The farther an attacker can make it out of a system the harder it is to recover. Every step past zero costs more and it can rise exponentially. Prevent inside attacks as fast as possible, and have your recovery plan in place. Detection will still be putting its shoes on.
When blue team arrives in the morning they should have a method to catch Sofia close at hand. Once she’s back in her pen it’s time for a review. Where was the breach? Start easy, what is the simplest thing it could be? Our inside attacker won’t often look for a complicated method. The weak points will be the height of the pen wall, gaps in the pen wall, the pen door, and the anchors. Repair and remediate as needed. Now might be a good time to invest in that camera. A rabbit who’s made it out once wonders to themself “could I do that again?” And their friends get ideas as well. The camera won’t stop them but will help blue team find the gaps in their defences. It’s a journey.
Real prevention is keeping the rabbit happy where she is. There’s nothing more dangerous than a disgruntled rabbit.
