[ISN] Snouts in the honeypot

From: InfoSec News (isnat_private)
Date: Wed Jul 17 2002 - 06:45:30 PDT

  • Next message: InfoSec News: "[ISN] House agrees to increase cybercrime penalties"

    By Jay Heiser
    Posted: 16/07/2002 at 18:33 GMT
    [SCENE: A small but elegant office. Vivaldi's "Four Seasons" plays
    softly in the background. A man in a red power tie sits behind a solid
    oak desk, gently rubbing the top of a Montblanc pen across his upper
    lip while peering intently at his computer. The early afternoon peace
    is broken by heavy footsteps. A highly agitated man wearing a t-shirt
    reading "Windows Blows" barges into the office.]
    JIM: Hey, Boss! 
    BOSS: [pained expression] Yes? 
    JIM: We need to get a honeypot! 
    BOSS: A what? What do we need a honeywagon for? 
    JIM: No, not a honeywagon, a honeypot. It's a special computer you put 
    out on the Internet to attract and catch hackers. We make it easy to 
    break in, so we're sure to get lots of 'em. 
    BOSS: I'm not sure I understand. Why would we want to attract more 
    hackers than we've already got? I thought we were trying to discourage 
    JIM: That's the nice thing about the honeypot. The hackers go there 
    and sort of rummage around. Then we watch 'em! [cackle] We'll see 
    everything they do. 
    BOSS: Don't we know what hackers do already? They're trying to break 
    into our e-commerce server, put their girlfriend's naked picture on 
    our home page, and steal our customers' credit card numbers. Besides, 
    we get that monthly newsletter with all the details on what the third 
    world hackers are planning. You know, from that group staffed by all 
    the ex-government spooks? I know what they are up to. 
    Besides, we just renewed our half million dollar contract with 
    IncredibleDEF, and I get an exclusive daily update on the status of 
    all the third world hackers. They just told me that a gang of Indian 
    cyberpunks is working together to deface Pakistani web servers. Who 
    knew? Great material for our risk reports. 
    JIM: Yeah, that's cool stuff, but if we had a honeypot, we wouldn't 
    just read about the hackers. We could see 'em ourselves, sorta like a 
    digital ant farm. We can learn just how they work. When we know what 
    vulnerabilities they take advantage of, then we'll know what to fix on 
    our servers. 
    BOSS: Wouldn't it be cheaper and easier to buy a book? 
    JIM: Well, yeah ... but then one of us would have to read it ... 
    BOSS: Good point. But I'm still not convinced. I don't want to be the 
    first one to get one of these honeymucker things. IncredibleDEF says 
    this gang of teenagers from Trinidad have been performing denial of 
    service attacks using calypso music. What if the hackers use our 
    honeypot to launch an attack into someone else's system? I can see the 
    headlines now, 'Steel drum attack traced to Acronomia Inc. server. CSO 
    claims it was a hijacked honeydew.'
    JIM: Can't happen. Besides, Threelettria Corp. has had one for six 
    months, and their CSO just got his picture in Wired. (The Boss 
    silently mouths a 'wow!') I was just talking to a consultant from 
    Friday, and he said that honeypots are best practice now. All the 
    leading firms have one. (pause) You know, I'm worried that we might be 
    losing our competitive edge ... (raises eyebrows) 
    BOSS: OK, it's starting to make sense to me now. Can you talk to 
    Friday about doing a feasibility study for us? 
    JIM: I already did. They said that planning the development, 
    implementation and operation of a honeypot was one of their core 
    competencies, so they'll be able to do it for only $50K. 
    BOSS: Hey, that's reasonable. And once I've spent $50,000 on a 
    complete plan, I won't have any trouble justifying the hardware, 
    software, and staff. I'll do the deal with Friday on the golf course 
    tomorrow. Good save, Jim. Thanks. Oh, and can you have someone from 
    Marketing Communications come up? I want to talk to them about a press 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 10:06:02 PDT