[ISN] Irish firms launch cyber-attack bait

From: InfoSec News (isnat_private)
Date: Wed Mar 20 2002 - 23:59:29 PST

  • Next message: InfoSec News: "[ISN] FBI considering plans to dismantle cyber-security unit"

    by Matthew Clark 
    Wednesday, March 20 2002
    Inflow, Espion and Deloitte & Touche are running a new "Honeynet" in
    Ireland to attract would-be cyber attackers and study their habits.
    The new Honeynet is already up and running at an unspecified Internet
    address. On-line for just 48 hours on four non-consecutive days, the
    decoy computer network has recorded at least 14 successful and
    potential attacks, its designers said at a briefing on Wednesday.
    The purpose of the Irish Honeynet is to collect in-depth statistical
    information of malicious attacker (also called blackhat) activities in
    Ireland and around the world. The attacks that have been made on the
    Irish Honeynet thus far have come from places like Tunisia, Germany,
    China, Russia, North America and Malaysia.
    What the executives agreed was most remarkable about the statistics is
    that the Honeynet is not promoted in any way; the attacks came from
    people who are just scanning the Net for vulnerable systems.
    The Irish Honeynet, like others around the world, is a non-profit
    enterprise designed to collect information on malicious attackers,
    their motives, techniques and habits. It is not set up as a tool to
    root out or identify attackers, and its organisers say it is not
    linked to any government authorities.
    Essentially the Honeynet consists of a server connected to the
    Internet on a random and constantly changing IP address. The server
    itself contains very little of interest in terms of information, but
    it is fully loaded with an array of tracking and monitoring tools.  
    These software tools let the experts at Inflow, Espion and Deloitte &
    Touche monitor who is attacking the computer, how they are doing it
    and from where.
    "There is this misconception out there that 'bad guys' are going after
    a computer to see what's on it. The reality is they don't care what's
    on the computer, just the fact that it's a computer with an IP address
    is enough to warrant a hack," explained Lance Spitzner, a senior
    security architect at Sun Microsystems and founder of the Honeynet
    Project in the US.
    Spitzner, a former tank officer in the US Army, said that many
    malicious cyber attackers use vulnerable computers to store data such
    as stolen credit card details. Others will use susceptible computers
    to launch attacks in a kind of malicious attack orchestra, where
    multiple computers around the world, controlled by one user, make a
    co-ordinated assault on a single, high-security network.
    Spitzner also explained that many attackers are young and
    inexperienced, and in some cases they simply launch attacks to gain
    notoriety in a sort of underground attacker sub-culture. "Many of them
    don't actually know that much about security, but they can download
    the tools they need easily from the Internet and the tools are getting
    better," he added.
    The Honeynet Project in the US is also non-profit and around 30
    volunteers work on it with a variety of backgrounds from IT security,
    to psychology, to statistical analysis. Other individuals who have
    close connections to the blackhat community are also involved.
    Currently there are six Honeynets around the world associated with the
    Honeynet Project which share information and data about the work they
    carry out in what is called the Information Alliance. There are four
    existing Honeynets in the US as well as one in both Greece and India.
    The Irish Honeynet will be what Gerry Fitzpatrick, partner in Deloitte
    & Touche describes as a "mirror Honeynet" of the US operation.  
    Spitzner said the Irish operation would be welcomed to join the
    alliance, but was under no obligation to do so.
    Spitzner will be speaking at the National IT and E-Security (NITES)  
    Summit set to take place in Leopardstown on 21 and 22 March. For more
    information on the Honeynet project visit
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 03:06:09 PST