Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Thinking of a counterattack? Deception is better, say experts

Taylor Armerding | Jan. 7, 2013
Security experts say hack-backs are simply asking for more trouble, because it is almost impossible to know where an attack came from

Attribution is not a problem because the company is not going outside its own digital walls to plant the fake data -- it's not attacking anyone, but only monitoring those who are illegally inside its own walls.

"The fake information 'rabbit holes' will only be stumbled upon by people who aren't supposed to be looking there and will obviously just set off alarms for a company to identify a threat," Johansen said.

Some experts say really good hackers will be able to recognize deception, and will be more determined than ever to break into a company. But both Johansen and Wisniewski said smart companies can avoid that.

"If companies start using open-sourced or commercial-level honeypots, hackers will most likely be able to recognize certain signatures that appear the same to those solutions," Johansen said. "If a company wants to make sure their rabbit hole is successfully disguised as real data, they will likely need to design it themselves."

Wisniewski said the right technique can make it very difficult for an attacker to discern the good from the bad. "I have seen many banks use a canary-in-a-coal-mine-style approach," he said. "They sprinkle fake credit card details and accounts here and there. If there is any activity they know they have been compromised and can take action."

However, both also said deception is not enough on its own. "The better way to deal with these breaches is to spend your time addressing the root causes," Johansen said. "The majority of breaches we saw last year used SQL Injection as the exploitation method, which has been a solved problem for over a decade."

Wisniewski added: "Rather than worrying about whether someone is stealing your unprotected information you could just protect it. Encryption isn't rocket science any more."


Previous Page  1  2 

Sign up for Computerworld eNewsletters.