FYI.

This story is over 5 years old.

Cybersecurity Professionals Are Using Misdirection To Combat Hacking

Cybersecurity companies are creating entire virtual networks to lead hackers down a digital hall of mirrors
Image: Pexels

Cyberwarfare operates on two assumptions: hackers are clever and their targets are honest. Every attempted or successful server breach or laptop hack occurs in order for the invader to steal some data that leverages power in the real world, be it credit card numbers, state secrets, nuclear access codes, or any other collection of sensitive data.

Successful theft, of course, requires that hackers are working with accurate, authentic information. So what happens if every dimension of their targets isn't real? That's the question at the vanguard of cybersecurity, where a combination of code, strategy, and anthropology has produced a shadowy new network of digital deception.

Advertisement

It's a well-worn IT joke that there are two kinds of companies—those who know they've been hacked, and those who haven't realized they're hacked yet. In the wake of recent high-profile breaches, corporations and countries alike are scrambling to make sure they aren't caught off-guard. According to the marketing research firm MarketsandMarkets, the global cyber security market will reach $170.21 billion by 2020, growing at a rate of nearly 10% a year.

Image Credit: Pexels

The idea of deception-based security started, like a virus itself, with a single computer. In 1998, Fred Cohn released the Deception ToolKit–a program that camouflaged a perfectly functional computer with a series of security vulnerabilities. These fake attack vectors attract hackers like digital chum, allowing the security team to observe new malware and innovations in hacking technique as they're being applied to the honeypot–so called for their similarity to Winnie The Pooh's eternal struggle with his snack container. In 1999, security engineer Lance Spitzner founded the Honeynet Project, which applied the concept not just to one machine but several (hence the term "honeynet"), thereby creating a means of gathering intel on hacker activity over an entire network.

Today, there are many honeypot security programs available with which cybersecurity teams can deploy to draw hackers' attention wherever they wish it to go. As programming has progressed, honeypots and honeynets have become increasingly etherealized; several virtual machines may all be hosted on a single physical box. But the honeypot approach has its drawbacks. Scalability is the biggest concern–virtual or not, someone has to keep an eye on these systems and corral hackers, and IT teams typically have their hands full managing the regular networks.

Advertisement

Image Credit: Pexels

But the premise of presenting invaders with false data is a potent one, and not just because it puts cybersecurity on the offensive. By violating hackers' assumptions about the reliability of their data and simultaneously appearing to reward their patience, honeypots utilize psychological and anthropological factors to neutralize aggressive, persistent threats. Despite what the elite hackz0rs of the movies may lead you to believe, successful hacking takes weeks or months, not minutes. After a successful breach, hackers can deploy botnets to bide their time until the next attack vector becomes available. If all of that hanging around took place in an entirely fake network, the entire operation could end up being one hell of a case study for cybersecurity, without any possible risk to a client's network.

As with so many good ideas, the tech needed time to catch up in order to render a useful product. The Tel Aviv-based cybersecurity company Illusive Networks, which was founded in 2014 by cybersecurity veteran Ofer Israeli, draws its engineers from Unit 8200, the Israeli equivalent of the NSA, blending advanced tactics of deception with an informed reading of hacker behavior to produce a larger and more abstract defense than a honeynet ever could. Rather than designating one machine or server to be a sitting duck for an attack, Illusive Networks plants false data at every endpoint and point of entry on a network–engineered to be virtually indistinguishable from the real thing, and invisible to regular users. While hackers may make it past other defense precautions, they are immediately misdirected into this simulated system.

The longer hackers remain in the shadow network, the more confidence they gain. The more they attempt to exploit these systems, the more information they send to the security team monitoring them. In addition to ensuring that there is no immediate threat to regular users, the monitoring team can sit back and watch what the hackers do. It's all the advantages of the honeypot with none of the risks–executing cyber-judo with the hackers' hubris.

Israel has fostered an especially robust support system for tech startups like Illusive, creating a Silicon Valley-esque tech hub with forward thinking companies leading the charge in the security sphere. Approximately 250 million dollars of cyber investment capital goes to Israeli companies, which accounts for roughly 20% of all global investment in that market. Illusive received a cut of this capital in its first round of funding,when the tech incubator Team8 invested 5 million dollars in the company, with CEO Nadav Zafrir coming on board to serve as the chairman of Illusive's board of directors. Illusive currently claims dozens of civilian and civic clients under the protection of this deception technology, establishing the relative newcomer as a global leader in the space.

So what does this all mean for the future of cyber security? If everything goes according to plan, we'll probably continue to see cyber conflict take place at ever-higher levels of artificiality. The only problem with insulating our regular digital life with increasingly perfect simulations is that, if some enterprising intruder figures out how to flip the switch, we could all be living, working, and upvoting in a simulated environment while hackers surveil us. Unless their IT managers have been reading Baudrillard and Borges, it's going to require a pretty clever defensive solution.

To learn more about Israel's role in pushing cybersecurity into the future, visit Israel Is On It This content was paid for by the advertiser and was created independently from the Motherboard editorial staff.