In this great article on Motherboard, Thomas Brewster tells the story of how security experts are trying to catch hackers in the act of attacking their systems.
But in the name of security research, some are turning the tables on the daily deluge of maliciousness. They set up what are known in the industry as “honeypots,” fake but genuine-looking internet servers that are used by security teams to attract attackers in order to understand their latest techniques and the hottest malicious software doing the rounds.
Earlier this year, in the black heart of the City of London, Europe’s financial capital, I talked to a group of penetration testers (ethical hackers who poke holes in their customers’ systems to figure out where they are weakest), who agreed to create some new honeypots and demonstrate their use for me. I wanted to understand more about how honeypots were built, and whether we could glean any patterns if we added fresh traps in new locations.
Honeypots are normally created on virtual private servers—rentable places to host things on the internet. Once you’ve bought your plot of land for a couple of quid, you download honeypot software; in our case, we used programs known as Dionaea andKippo. This process is essentially like installing a new operating system onto a dumb machine, and creates what appears to hackers to be a genuinely vulnerable server. In reality, none of the features of the systems work, but they look real enough.
I recommend you read this article if you have any interest in internet security.