7 sexy legacy deception techniques that still work today

As in war, so in cyber defense and attack: legacy deception techniques still in use.

deception techniques
U.S. DefenseImagery (One-Time Use)

Fending off the bad guys

It's just a chess match. Who can stay out infront: the IT department defending its network or the rogue bad guys trying to get in and steal information. Here we look back at the various techniques used by the "good guys". Read CSO's full story here.

Quaker gun
Library of Congress (One-Time Use)

Imitation / Decoys

The 18th century Quaker Gun, a form of military decoy, looked like a cannon from a distance but was actually a tree trunk. Some soldiers carved their Quaker Guns and painted them black to give them a more realistic appearance. Low-level Honeypots, which appear as real attack surfaces, bare and waiting, lure / decoy cyber pillagers to attack, taking their time and effort in return for discouragement and empty pockets. These honeypots only accomplish wasted efforts, and only briefly.

2 camoflage

Concealment / Hiding

Camouflage, used by the U.S. military since 1898 is one example of concealment. Today, enterprises use concealment in the form of “air gaps”, separating (disconnecting) and hiding computers with sensitive data from the Internet, according to Todd Inskeep, Advisory Board Member, RSA Conference. In another example of concealment, says Inskeep, the enterprise could use a network telescope or darknet on an internal network to route stray traffic, network address probes, and other traffic that has an unknown destination address. “At some financial institutions this is called the Black Hole - any traffic directed to an unknown IP address is routed here, so they can log and capture the traffic. For an attacker, they see traffic go in, but not come out, so they don’t know what was happening. In this way, attackers don't get a null return – they get no return, and thus learn nothing from the probe,” says Inskeep.

Fake tank

Simulations / Mimicked Behavior.

More than decoys, simulations present realistic behaviors. An improvement over the original dummy tanks (a form of decoy) of the first world war, fake tanks (a form of simulation) used tank-like sounds, billows of smoke, and actual movement to be more convincing, says Inskeep. “Application Honeypots take the level of imitation to this higher level, simulating specific types of applications that are often vulnerable and found on servers as an entry point for attackers. Simulations could include an open email relay, a file/print server, or open proxies,” says Inskeep.

cuba russia
Keizers (One-Time Use)

Denial / Denying the Truth

In 1962, Russia denied attempts to install nuclear missiles in Cuba. Fast forward to today when certain nations disavow hacking the U.S. and other countries in the face of overwhelming evidence. This kind of security could be carried out as part of a PR campaign and over social media, by denying the existence or location of sensitive information.

Disinformation / Purposely Feeding the Enemy Misleading Information

Disinformation / Purposely Feeding the Enemy Misleading Information

The British clothed a cadaver during the Second World War, enclosed evidence of a bogus military offensive, and set it adrift for the enemy to retrieve so they would waste time and effort investigating an imaginary threat. According to Inskeep, a more recent type of honeypot, the so-called Client Honeypot looks for malicious servers by carefully tracking changes to the system - and provides a kind of dis-information by acting like they've accepted the changes coming from the server. In reality they are capturing and noting the changes, then resetting themselves using virtualization so that no real takeover of damage occurs, says Inskeep.

Deceptive Maneuvers

Deceptive Maneuvers

This is a ruse, a feint where in an adversary makes a performance of taking one kind of action in order to distract his opponent while he is actually making a different move. There are several anecdotes of companies periodically changing a website in order to force attackers to rebuild their systems to start over, says Inskeep.

Traps
Claus Ableiter (One-Time Use)

Traps

This broadly familiar approach appears in information security with the application of deception technologies that use emulation engines. According to Manoj Rai, a security head at Happiest Minds, an emulation engine masquerades as a run-of-the-mill operating system that contains (contrived) confidential data, perhaps labeled ‘credit card info’, which an enterprise uses to attract attackers. While the attacker steals the fake data, the deception technology records his activity, sharing it with other security tools and generally making it easier to catch the information criminal.