Catch a Hacker in the Act

passwords

In this great article on Motherboard, Thomas Brewster tells the story of how security experts are trying to catch hackers in the act of attacking their systems.

But in the name of security research, some are turning the tables on the daily deluge of maliciousness. They set up what are known in the industry as “honeypots,” fake but genuine-looking internet servers that are used by security teams to attract attackers in order to understand their latest techniques and the hottest malicious software doing the rounds.

Earlier this year, in the black heart of the City of London, Europe’s financial capital, I talked to a group of penetration testers (ethical hackers who poke holes in their customers’ systems to figure out where they are weakest), who agreed to create some new honeypots and demonstrate their use for me. I wanted to understand more about how honeypots were built, and whether we could glean any patterns if we added fresh traps in new locations.

Honeypots are normally created on virtual private servers—rentable places to host things on the internet. Once you’ve bought your plot of land for a couple of quid, you download honeypot software; in our case, we used programs known as Dionaea andKippo. This process is essentially like installing a new operating system onto a dumb machine, and creates what appears to hackers to be a genuinely vulnerable server. In reality, none of the features of the systems work, but they look real enough. 

I recommend you read this article if you have any interest in internet security.

Advertisements

1 thought on “Catch a Hacker in the Act”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s