Faking out hackers
Roughly 15 years ago I suggested to friends in the IT department that the best way to defeat hackers is to decieve them. My suggestion to my boss at the time was to setup a fake network filled with bogus information. The company I worked for was a credit card company and we had constant issues with security being tested by outside attacks and were always looking for new ways to defend.
My boss, being the typical book learned, college grad, thinking inside the box idiot, told me no. It was a stupid idea.
I knew better.
I used to run a BBS during the 80's and 90's. I was a member of several different pirate groups and I was always afraid I'd get caught like so many others Sysops.
I tried many different BBS programs for security purposes but the best idea I ever came up with was not what I used, but how I presented it.
I had setup a fake login when you first connected to my BBS. You'd get a DOS prompt from a very unfriendly system. Type DIR and find a slew of .EXE's to run. As you sat there trying the .EXE's the system was keeping count of your trial and error. Unfortunately for the trouble maker, the .EXE never was there and the only way you knew about it was from "word of mouth".
If you did know the .EXE then a question would pop up. Not a login. It would ask you a series of random questions. Such as, "Applecore?" Where you would need to know the next line in the dialog between Donald Duck and Dale the chimpmunk. If you got it wrong you were given a false question and a delay of 5 seconds. Each wrong question, 5 more seconds added to the delay and another wrong question.
I had about 500 false questions by the time I took the BBS down, containing movies, famous speeches, random sports trivia, etc.
Deception. That is the key.
In today's society every thing has become "inside the box". Corporations think too much inside the box. They have brilliant people working for them but the real geniuses are those trying to hack them. It's the hackers who think outside the box, with out restrictions.
Time for a change corporate world. Time to think outside the box.
http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/
- digitalbeachbum's blog
- Login to post comments
As a fellow IT guy +1
As a fellow IT guy +1
Religion Kills !!!
Numbers 31:17-18 - Now kill all the boys. And kill every woman who has slept with a man, but save for yourselves every girl who has never slept with a man.
http://jesus-needs-money.blogspot.com/
LOL! as soon as i saw
LOL! as soon as i saw "applecore" in your post, i knew exactly where that was headed. ahhh, we had a bunch of those donald duck and chip and dale cartoons on vhs when i was a kid...
"I have never felt comfortable around people who talk about their feelings for Jesus, or any other deity for that matter, because they are usually none too bright. . . . Or maybe 'stupid' is a better way of saying it; but I have never seen much point in getting heavy with either stupid people or Jesus freaks, just as long as they don't bother me. In a world as weird and cruel as this one we have made for ourselves, I figure anybody who can find peace and personal happiness without ripping off somebody else deserves to be left alone. They will not inherit the earth, but then neither will I. . . . And I have learned to live, as it were, with the idea that I will never find peace and happiness, either. But as long as I know there's a pretty good chance I can get my hands on either one of them every once in a while, I do the best I can between high spots."
--Hunter S. Thompson
ex-minister wrote: As a
I had a guy who earned his Microsoft cert before me... in fact.. he earned five different certs before I even got my first one. However, getting that Microsoft cert gave him a pay raise and a rank over me.
However he could punch his way out of a wet paper bag. He knew all the crap in the book and could go take a test but he couldn't apply any of his knowledge to every day work.
For example, there was a problem with the router connecting our offices between Michigan and Florida. He spent hours trying to figure out what was wrong, then I get a page from the guy in the other office telling me what was going on. I asked him to send me a picture of the router (front and back).
I took one look at the first picture then texted back, "Turn it on".
LMAO.
It was off. The idiot didn't recognize that no lights on up front on the router meant it was off.
I know this isn't true in all offices, but I find more and more IT people are book learned and memorized the information just to take the test. In practical every day life they can't do any thing with out it being out of the text book.
iwbiek wrote: LOL! as soon
LOL. No one ever gets that! I've done it verbally to people before just joking and they look at me like "wtf?"
I wouldn't get it lol. I'd
I wouldn't get it lol.
I'd probably pick something even more obscure though. Captain Power or Visionaries or something. Something I liked and watched but never really took off.
Enlightened Atheist, Gaming God.
Captain Power? Whoa. I
Captain Power? Whoa. I remember those! They had little toys which interacted with the television show. lol.
I don't remember the Visionaries.
There was a Visionaries
There was a Visionaries show, but I don't think it lasted very long. I remember because I had a few of the toys. They had holograms on their chests of an animal. Whatever animal it was, they could turn into it.
It probably came to mind at the same time as Captain Power because Captain Power characters all had shiny hologram-like bits that happened to signify the weak spot to hit in order to kill them.
Enlightened Atheist, Gaming God.