A recent report in the Washington Post describes how a number of companies have started using fake data to consume the attention of hackers. Essentially giving them something they can sink their teeth into early, before they get to the bone of the businesses infromation.
The article states that the bait was varied — including bogus user log-ins and passwords and phony system configuration files. Anyone who has confidential data can image other pieces of information like false phone numbers, physical addresses, emails or even more detailed business information like purchase orders. It needs to appear ‘hackworthy’.
“We’re taking the hackers’ strengths and we’re making it their weaknesses,” said Nathan Hosper, a senior information technology officer at Brown Printing Co. explained, in the article “They get caught up in this cycle of fake information.”
The article also quotes former Justice Department security expert Michael DuBose as saying that companies are “tired of just playing defense”, and want to fight back as much as it’s possible to do so.
There is always a risk that it could make the hacker community focus its attention even more, if they realize what is happening.
“It’s best not to go punch your neighbor in the face before you hit the weight room,” said Rep. Mike Rogers (R-Mich.), the chairman of the House Intelligence Committee. IT organizations that use techniques like this can often underestimate the skills of those who encounter them.
As Mark Twain said “Few things are harder to put up with than a good example.”