04 Aug Hunting criminals with honeypots
07-05-2018 by Fernando Azevedo
Is our police as creative as criminals are? I hope they are.
translated automatically from Portuguese
In cybersecurity there is a highly effective protection technique called a honeypot.
On the internet we have robots, or bots, that are computer programs that scan addresses of servers and internet applications, such as websites and emails, in search of failure and opportunities for attack.
It is very common to create failing servers or applications to attract robots and hackers. By allowing hackers to enter a fragile server, separate from a client’s important servers, we can identify who is behind the attacks, how they work, what they are looking for, that is, we try to get as much information as we can to be able to defend the other servers of our customers that are the important ones.
For large companies, we still offer more servers of this type. We can put servers without protection or almost none and still go scaling levels of protection for several servers. A successful attack on a moderately protected server is already an indication that there are professional hackers trying to hack into our client.
On both the vulnerable servers we install and on important company servers, we also install files that appear to contain confidential information. We often create files that pretend to have bank information, passwords, and crypto-data. These files contain defense viruses, whose purpose is to collect as much information about who accesses them.
Honeypots like these also warn us when an attack is being made and gives us the chance to spot the thief with the “mouth in the bottle”. So we can monitor if they are actually having success in invading our customers.
What amazes us most is that we do not have a police force to file a complaint. The attacks are most often anonymous and scattered around the world. Hackers can hide through multiple layers of addresses and even if we find them, how can we make a complaint against a person who is in a distant country, who can be a citizen of a second country and have his business registered in a third country and still command attacks of a fourth country?
So we always preach in our books and lectures that we need to improve internet security.
But another thought came to us this week. And if in the real world, in the world where there are crimes recorded in the police and criminals operating in a region, could we use the honeypot to hunt the criminals?
Could the police simulate operations of big criminals so that they fall into the trap of trying to bargain, steal, and do whatever the illegal activity is?
For example, the police could turn out to be a major supplier of drugs to capture local traffickers, or they could be a big buyer of guns to find out who gets them.
And if the police already do these operations, we need to spread more, because this way we can make life difficult for criminals and make them very suspicious. We can make them so suspicious that maybe it’s even not worth to try anything illegal at all.
This week we had the opportunity to read that criminals use drones to monitor containers in ports. When they realize that the surveillance comes close to containers containing illegal cargo, they create distractions such as false fire alarms, explosions, gunfire, attempted assault in other areas of the port, all to distract inspection.