If your network is hacked, you will have a multitude of reactions, including an urge to respond in kind. Technically hacking the hackers isn’t legal, but deceiving intruders is! Advanced persistent threats are targeted at those who have information of value to the hacker. Scrubbing away malware is a simple process one can move on from, but if someone is infiltrating your files, reading your internal emails, etc. you cannot simply close the vulnerability and go about business as normal. Surely the threat actors will find another way back in if you don’t discover who they are. There are varying opinions about fighting hackers with their own tools. Using deception in a legal fashion, such as with the Modern Honey Network, is preferable.
Hackers routinely use deception tactics to victimize private individuals and enterprises alike. Bots are used to scan for vulnerabilities and to crack login credentials. Once they find a way in they may spy on you indefinitely. Most cyber-crime is motivated by financial gains, either by directly stealing from accounts, or working as a hacker for hire. A black market exists where hackers sell the stolen data they’ve mined from victims. It’s scary to think of other motivations: revenge or deviance. Voyeurs and “sextortionists” can buy the tools to spy on private individuals for a paltry $40.
When you set up a deception trap using the Modern Honey Network, you make a space for hackers to incriminate themselves without endangering your actual network. It’s not a substitute for your firewall and anti-malware applications. It supplements them with contextual intelligence.
What info can you learn about hackers from a honeypot? That depends on where they are placed. Using honeypots outside your firewall will gather info about bots, malware attempts, and logs can be analyzed for unusual visitor behavior. When placed inside your network, you can learn of successful breaches, but also for internal threats. Using multiple honeypots will help protect your network by alerting you of behavior anti-malware software cannot detect. You need to be aware of events like hackers posing as legit users and employees abusing login credentials or accessing files in a pattern indicative of an info leak.
What makes the Modern Honey Network special? Two things – it’s an open source platform. The base code for a setting up a deception trap is free to download. Secondly, indicators of compromise are added to the growing library of threat intelligence used to inform future alerts.
Using intelligence from the Modern Honey Network is preferable over switching from defense to offense, which might offend and draw the ire of criminals and mischief-makers. Actually intruding into the source of malware, bots, and phishing servers to investigate them can work or backfire catastrophically. For these reasons, it’s best to deceive hackers into revealing themselves, then involve law enforcement.
Some reasons to stick to legal and ethical means of fighting hackers:
- Two wrongs don’t make a right, so hacking back in the literal sense is still illegal. Your enterprise could be held liable or individuals can be in legal trouble.
- It’s a slippery slope. Once you don the “black hat” and acquire the tools to penetrate cyber criminals’ networks, you have the tools to attack others. Wielding such a powerful tool against your competitors can be a temptation. Someone in your company may abuse it even if you’d agreed not to, and again you’d still be liable.
- You’ve got the wrong guy! It’s possible that your counter-attack leads you up a false trail to another victim’s computer, not your enemy’s.
- You may be out of your league. Established successful hackers have more experience and resources. You don’t know how deep into your system the invaders went, and may not withstand a counter-counter attack. If they are comfortable with stealing your info, they surely have no qualms with taking revenge or making an example of you by escalating their attacks.
Using technology like the threat intelligence gathered by the Modern Honey Network to fight back is your responsibility to your customers, employees, and other stakeholders (students, patients, etc.) who have entrusted you with their personal data, financial information, and their livelihoods.
Download the Security Intelligence and Information Sharing Strategy whitepaper and learn more about the new approach to threat intelligence using trusted collaboration.
Topics:Modern Honey Network