Hacker tracking: New software identifies and monitors would-be attackers. A profile of one such individual is shown here.
Credit: Mykonos Software
Web
Wasting Hackers' Time to Keep Websites Safe
Instead of blocking attacks, a startup distracts attackers with false information.
- Tuesday, January 24, 2012
- By Tom Simonite
Most security software defends PCs and websites by acting like a locked door to shut hackers out. A new security company, Mykonos Software, instead invites hackers in through a fake entrance and plays tricks on them until they give up.
"If you break in, I want to have fun with you," says David Koretz, CEO of Mykonos. Koretz claims that the computer security industry is too timid—he advocates making hackers' lives tedious and difficult instead.
Mykonos sells software intended to protect websites against attacks—like those on Sony's websites last year that yielded thousands of credit-card numbers—aimed at gaining access to valuable data such as user credentials. When Mykonos's software identifies an attacker, it tries to waste the hacker's time by offering false data such as phony software vulnerabilities and fake passwords. This week, the 19-person company announced it had received $4 million in investments from a number of Web and technology company leaders, including Jeff Clark, the chairman of Orbitz.
The company's software is aimed primarily at hackers who use automated tools that identify and exploit vulnerabilities in websites, says Koretz. Such tools allow even relatively unskilled hackers, sometimes dubbed "script kiddies," to cause considerable damage.
Wasting assailants' time "changes the economics" of attacking websites, says Koretz. "At the end of the day, there are a finite number of hackers, and if you break all of the automation, it becomes something only some people can do," he says. "It's a step towards making it more like bank robbery, a manageable problem."
Mykonos software first needs to accurately identify attackers, to avoid breaking a site for legitimate users. The company's software does that by using small snippets of code injected into Web pages, forms, and other data sent out to a computer accessing the site. The snippets are placed so that they will be altered by the most common methods used to probe for security vulnerabilities. When these snippets are altered, Mykonos's software automatically notes the IP address of the potential attacker.
If an attacker is using a Web browser to probe a site, a small, tough-to-delete tracking file known as a "supercookie" is injected into it. If nonbrowser software is being used, the characteristics of the attacker's computer are "fingerprinted." When the same computer returns, the defense software knows and can respond appropriately.
- 1
- 2
Related Articles
Data Security Is a Risk-Management Problem
It's unproductive to think of security as a series of threats to be overcome, a computer scientist argues.
Got an iPhone? There's an App for Hacking That
New attacks highlight the growing threat to smart phones.
Search Spammers Hacking More Websites
The head of Google's Web-spam-fighting team warns that spammers are increasingly attacking websites.
S0ma
90 Comments
- 29 Days Ago
- 01/24/2012
oddly reminiscent of sony rootkit, imo.
im sure further down the road these 'secure'
sites will force our browsers to install these
'supercookies' for 'our own protection' and
then after being used as a hackable exploit
everyone will realize that when some teens
are motivated [e.g. DVD Jon et al] nothing is
really secure...
anti-hacking is motivated by monetary means...
hackers are [sometimes] motivated by their
ideals...
measure the intensity of each fire and then
check the results.
securing banks and transactions; great, all for it
taunting a group of people whom are essentially
testing the security of your systems [for free]
... enter are your own risk
Spicoli
166 Comments
donnert
3 Comments
- 29 Days Ago
- 01/24/2012
I had an attack on one of my websites which was an interesting battle with a Chinese hacker motivated by money. Basically, when I trapped his IP - he changed it every time until finally he was reporting no IP at all. Everything I would do that gave him a negative response would result in him finding a way around it. That was until I quit giving him negative responses. I made it look as if his script(s) were working. He was getting bogus data and had no way to determine that it was bogus. It was a fun challenge. He finally gave up. But my point is that road blocks(such as sending them to hell.com upon detection) gives hackers something that they can sink there teeth into. If you give them what looks like an open road - they'll take it all the way into oblivion. Imagine what might happen to a hacker that thinks he's downloaded 10mb of credit card data and then sells that data...
morninj
1 Comment
- 29 Days Ago
- 01/24/2012
Go away, or I shall taunt you a second time!
Smart, but I can only think of this.
DeveloperChris
8 Comments
- 28 Days Ago
- 01/25/2012
Having an open door to a special hackers only room may be fun in the short term. but as more and more scripts attack it trying to get access, you will end up wishing you hadn't invited them in in the first place. I can only see this ending in tears.
Spicoli
166 Comments
- 28 Days Ago
- 01/25/2012
I don't see that. You put up any web site and it will be constantly hit by script kiddies. I don't think diverting them will encourage any increase in that level.
sweerek
55 Comments
- 25 Days Ago
- 01/28/2012
If there's only one poisoned candy pot, yes you might be 'very successful'. You'd simply limit the number of customers inside the store at one time. If there's many pots, the badguys will build automation to detect bad-candy and move on. You just defended your site in both cases.
sweerek
55 Comments
- 25 Days Ago
- 01/28/2012
Any practical system (cyber or physical) cannot be made perfectly secure THUS one only has to make it too costly for an attacker (who'll go to easier pickin's or get a honest job).
Wasting hackers resources is a perfectly acceptable counter - be it time, bandwidth, reputation in the market, operating systems (CPU chewing malware), etc.
I'd like to see more CAPCHA'd sites that respond negatively to too many failed connections.
Even if many sites deploy such honeypots (and poisoned candypots) there will be many more who don't. Cyber crime is by far mostly a business that seeks to maximize revenue (intellectual property) & minimize costs (computers & time).
sweerek
55 Comments
- 25 Days Ago
- 01/28/2012
DOWNSIDE -- its a constant race
Assuming poisoned candy pots become popular. Advanced bad guys will buy the same software, test their automation against it (like they use Virus Total), and perhaps even find exploits within it itself. To be more successful Mykonos (et al) should only sell the software to known-good companies and only update/patch those w/ proven reputations and only those copies actually in use online.
Could Mykonos devise bad-candy pots that are polymrphic that give each 'customer' a totally unique experience & content?
zedaxis
2 Comments
- 6 Days Ago
- 02/16/2012
Nice idea, I'll keep my custom firewall thank you
It's a great idea, unfortunately, I wonder if it grasps the idea of rotating or dynamic IP addresses completely. Cookies can be deleted, or even sand-boxed within sessions, even super cookies. It's going to need more than that to survive. I personally prefer my firewall technique, that for all intensive purposes, ignores all requests on servers and computers that contain sensitive data. In fact, my most sensitive data is not even connected to the server.
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
RD
212 Comments
Other tactics
Why not put cultural obstacles in their path?
Put all sorts of Falun Gong and anti-Mohammed propaganda on pages. That will ensure the Chinese and Muslim sensors execute their own hackers. Then put a number of anti-Putin rants on it, and those hackers will be sent to the Gulags.
As for American Hackers - make sure links to Obama's speeches flood their system. That will put them to sleep.
Reply
herby325
1 Comment
Re: Other tactics
Brilliant!
Reply
gabrielg01
450 Comments
Re: Other tactics
Besides giving them fake data, these feeder files should also be infected with Trojans. So, when they download those files, you can counter-hack them. Damage their hard drive, and screw up their BIOS. They won't even be able to reboot.
Alternatively, upload compromising info to their system (political, porn etc.). Most of them live in s***y totalitarian societies, where they go to jail for "subversion".
Reply
petermare
20 Comments
Re: Other tactics
So, don't tell them that they have been had and, infect them!
LOVE IT!
I wonder if the developer of the software is reading this because that would be more effective than taunting them.
Reply
DeveloperChris
8 Comments
Re: Other tactics
You have some interesting morals. Counter hacking is as illegal and immoral as hacking. If someone attacks you you are allowed to defend yourself and your property. By hacking them in return, you are reducing yourself to their level. I can just imagine the childish rants "Awww but they started it"
Reply
Spicoli
166 Comments
Re: Other tactics
I don't agree. The one that initiated a fight is responsible for it.
Reply
topfuel
1 Comment
Re: Other tactics
More wonderful liberal thinking!
Reply
gabrielg01
450 Comments
Re: Other tactics
You can send flowers to your hackers, my dear Chris. I'll do other things to them...
Reply
dmm
271 Comments
Re: Other tactics
Attacks are often carried out by zombie computers under the control of a master (or, in a big bot network, by "zombie masters" under the control of a master). So attacking the attacker will often have the effect of messing up innocent (and probably clueless) people's computers, without doing anything to the real perpetrator.
Reply
Spicoli
166 Comments
Re: Other tactics
It will require them to get it fixed and remove a compromised system from the network.
Reply