http://www.electricnews.net/news.html?code=6669234 by Matthew Clark Wednesday, March 20 2002 Inflow, Espion and Deloitte & Touche are running a new "Honeynet" in Ireland to attract would-be cyber attackers and study their habits. The new Honeynet is already up and running at an unspecified Internet address. On-line for just 48 hours on four non-consecutive days, the decoy computer network has recorded at least 14 successful and potential attacks, its designers said at a briefing on Wednesday. The purpose of the Irish Honeynet is to collect in-depth statistical information of malicious attacker (also called blackhat) activities in Ireland and around the world. The attacks that have been made on the Irish Honeynet thus far have come from places like Tunisia, Germany, China, Russia, North America and Malaysia. What the executives agreed was most remarkable about the statistics is that the Honeynet is not promoted in any way; the attacks came from people who are just scanning the Net for vulnerable systems. The Irish Honeynet, like others around the world, is a non-profit enterprise designed to collect information on malicious attackers, their motives, techniques and habits. It is not set up as a tool to root out or identify attackers, and its organisers say it is not linked to any government authorities. Essentially the Honeynet consists of a server connected to the Internet on a random and constantly changing IP address. The server itself contains very little of interest in terms of information, but it is fully loaded with an array of tracking and monitoring tools. These software tools let the experts at Inflow, Espion and Deloitte & Touche monitor who is attacking the computer, how they are doing it and from where. "There is this misconception out there that 'bad guys' are going after a computer to see what's on it. The reality is they don't care what's on the computer, just the fact that it's a computer with an IP address is enough to warrant a hack," explained Lance Spitzner, a senior security architect at Sun Microsystems and founder of the Honeynet Project in the US. Spitzner, a former tank officer in the US Army, said that many malicious cyber attackers use vulnerable computers to store data such as stolen credit card details. Others will use susceptible computers to launch attacks in a kind of malicious attack orchestra, where multiple computers around the world, controlled by one user, make a co-ordinated assault on a single, high-security network. Spitzner also explained that many attackers are young and inexperienced, and in some cases they simply launch attacks to gain notoriety in a sort of underground attacker sub-culture. "Many of them don't actually know that much about security, but they can download the tools they need easily from the Internet and the tools are getting better," he added. The Honeynet Project in the US is also non-profit and around 30 volunteers work on it with a variety of backgrounds from IT security, to psychology, to statistical analysis. Other individuals who have close connections to the blackhat community are also involved. Currently there are six Honeynets around the world associated with the Honeynet Project which share information and data about the work they carry out in what is called the Information Alliance. There are four existing Honeynets in the US as well as one in both Greece and India. The Irish Honeynet will be what Gerry Fitzpatrick, partner in Deloitte & Touche describes as a "mirror Honeynet" of the US operation. Spitzner said the Irish operation would be welcomed to join the alliance, but was under no obligation to do so. Spitzner will be speaking at the National IT and E-Security (NITES) Summit set to take place in Leopardstown on 21 and 22 March. For more information on the Honeynet project visit http://www.project.Honeynet.org. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 03:06:09 PST