Information Warfare: The Honey Trap

Archives

July 31, 2010: Honey pots have come of age in Cyber War. A Honey pot is an Internet server (PC a Website is running on) that looks real, but is carefully monitored to record everything an attacking hacker does. This way, computer security researchers can collect information on the Internet criminals and have a better chance of hunting them down. It's not practical to put the monitoring software on every site. Bank and high-security government servers have substantial defenses that monitor any (well nearly any) penetration and shut down if any unauthorized entry is detected. This doesn't help to identify attacking hackers, but all these sites want to do is remain secure, not play cop.

Meanwhile, the Internet has become a battlefield between evil hackers (the black hats) and their equally determined opponents the good hackers (the white hats, who work for the government, large companies and computer security firms). The battle often involves military sites, and national security. That's no accident. The Internet was designed so that it would be invulnerable in nuclear war. The net software was put together in the open, often by volunteers. Few of the net's authors thought their creation would become a worldwide electronic superhighway with more than a billion users.

Unlike earlier commercial networks, the Internet is wide open. A malicious and knowledgeable user can go anywhere and do a lot of mischief; just about anything short of bringing down the entire net (and maybe even that). Wandering around the cyberscape, snooping and vandalizing as they go, has become a favorite indoor sport. There is a "black hat (hacker) underground" dedicated to getting into places they shouldn't be and doing as they please. In the last decade, well organized and highly effective hacker organizations have been put together by criminal gangs. The white hat hackers have been outnumbered and outgunned. It's an uphill battle, and the increased use of honey pots at least lets the white hats know what they are up against.

While there are millions of semi-skilled teenagers and adults who hack for fun, they are largely a nuisance. Most worrisome are the black hats who are true criminals. Some of these black hats work for governments and use their skills to indulge in espionage and theft of technology from foreign governments. The criminal black hats go for money.

The Internet's criminal underground shares a lot of information. Technical tips and newly found net vulnerabilities are traded in password protected chat rooms and encrypted e-mail groups. When the black hats see a particularly promising new vulnerability, they go in themselves. They proceed very carefully. The criminal black hats plan their operations as thoroughly as a professional heist. Nothing is left to chance, for getting caught can be fatal. In China, they execute black hats.

Until recently, the only way you found out about a successful black hat operation was after it was too late. And sometimes not even then. The black hats covered their tracks carefully. To them, a successful operation was one that was never discovered. Then the white hats came up with the concept of Honey pots.

The Honey pots have proven useful in finding out what tools and techniques the black hats have. This makes it possible to build better defenses. Honey pots also make the black hats uncomfortable and less confident that any server they are hacking into is not rigged to catch them. This makes the white hats happy.

However, the black hats know the Honey pots are out there, and the technological war of wits continues. The white hats keep making the Honey pots more convincing. As a bonus, they add elements to non-Honey pot servers to make a knowledgeable black hat think it's a Honey pot. A bonus, as it were.

Computer security firms have found that developing new honey pots, that are cheaper to create and run, and more difficult for attackers to detect, are a good investment. If nothing else, it makes hacking a lot more difficult and nerve wracking.