Communications of the ACM
To Thwart Hackers, Firms Salting Their Servers With Fake Data
Many industrial control systems in the United States are vulnerable to hackers.
Credit: AP
Some companies are increasingly making use of controversial cybersecurity tactics involving the use of fake data on servers and Web sites meant to ensnare hackers. Sometimes referred to as honey pots, deceptive data can take any number of forms and are generally made to look valuable and used to track the activity of hackers who take the bait.
For example, Columbia University professor Salvatore Stolfo worked with a major U.S. bank two years ago to create a fake bank account whose login information he then exposed to a widely used piece of malware. By monitoring the fake account, the bank was able to track numerous attempts to shift the money in the account into a real account, the owner of which the bank was able to identify. "The use of deception is a very powerful tool going back to Adam and Eve," Stolfo says. "If the hackers have to expend a lot of energy and effort figuring out what's real and what's not, they'll go elsewhere."
However, such deceptive network security tactics, which are a type of active defense, are controversial and have been the subject of debate within the industry and on Capitol Hill.
From The Washington Post
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found