The camouflage techniques of one unit active in North Africa, which on one occasion consulted a stage magician about the way he fooled audiences, proved decisive in several key battles. And the biggest deception of all was Operation Fortitude which fooled the Nazis about where the D-Day landings would actually take place.The same principles of deception and misdirection, albeit on a much smaller scale, are now starting to be used by some organisations to thwart malicious hackers keen to establish a bridgehead on internal networks. “It’s a classic idea of warfare to prevent the adversary from having a real understanding of your reality,” said Ori Bach from deception technology firm Trapx. “It’s just like the Allies in WWII. They made fake tanks, fake air bases, fake everything.”
And just like those ersatz weapons of war, the fakes implanted on a network look just like the real thing.
“We create a shadow network that is mimicking the real network and is constantly changing,” he said.
The use of so-called deception technology has grown out of a realisation that no organisation can mount perfect digital defences. At some point, the attackers are going to worm their way in.
Given that, said Mr Bach, it was worth preparing for their arrival by setting up targets that are simply too juicy for the malicious hackers to ignore once they land and start looking around.
“We want our shadow network to be more attractive to the hackers than the real stuff,” he said.
Deception technology has grown out of work on another useful cyber-thief tracking technology known as honey pots, said Joe Stewart of deception firm Cymmetria.
honey pot is a computer that resembles a typical corporate server to the automated tools that many hackers use to scour the net for targets. Many large security firms set up lots of individual honey pots, he said, to gather intelligence about those tools and the malware being used to subvert them.
But, said Mr Stewart, the problem with honey pots is that they are passive and only involve a few separate servers. By contrast, deception technology is generally used on quite a grand scale so any attacker that turns up has little clue about what is real and what is fake.Typically, said Mr Stewart, the spoofed network will be made to look more attractive to hackers by seeding the real network with “breadcrumbs” of information that lead to the fake network.
These tantalising chunks of data hint at all kinds of goodies that hackers are keen to steal, such as payment data, customer details, login credentials or intellectual property. But, instead of leading attackers to data they can sell, it leads them down a deep confusing hole that gets them no closer to that elusive, valuable data they crave.
He added that as soon as they start following the crumbs and interacting with that fake network, everything they do is recorded. That intelligence can be hugely useful, said Mr Stewart, because it involves what attackers do after their automated tools have got them a toehold on a network.
“The initial intrusion was probably done with something that was just spammed out,” he said and, as such, would be spotted and logged by many different defence systems.
“What’s much more interesting is the second stage persistence tools.”
Organisations rarely get a look at these, he said, because once an attacker has compromised a network they usually take steps to erase any evidence of what they did, where they went and what software helped them do that.
For read more:- go here