Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
26 March 2007  
Untitled Document
Sections

Anniversary Special
Technology Life

Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology Life - Article

Humour

When the hunters get hunted

T A Balasubramanian reveals the entrapment tools for hackers.

“If you cannot fight them alone, join hands to sock them,” says Danny DeVito, CTO of Baffle Corporation, and a humanoid by design.

You, Papyrus Bytewala, CIO of Baffle, are, however, refreshingly human. You are also caught up in the paranoid proceedings of the Hacker’s Gold Mine Meet, or HGMM, which, in turn, is happening in a corner of the crowded Techno Over-exposition of Geeks and Gizmos for Lazy Enterprises (TOGGLE). Standing next to you is Gene Hackman, CEO of Virus Busters, seemingly transfixed by Danny’s brand new brainwave.

“Go on, Danny,” he urges. “I see the beginning of a beginning in OUCH, the Organisation of Unstoppable CTO Hackers. What a juicy name. You’re a genius.”

“You were always perceptive, Gene,” says DeVito, slapping his friend on the back with a chuckle. “Well, let me tell you that CTOs of the world will be obliged to unite, and turn into de facto green hats— becoming new-age hackers themselves. They will be respected members of OUCH, mark my words. They will turn smartly on their attackers, the one who have been threatening corporate networks all these years, and chase them down into their dirty nests and slam them with hacker-loving slimy spyware and evil viruses that lurk and wait their turn to make those black hats smoulder.”

“Good strategy, Danny,” you admit, wondering how your humanoid CTO has already tuned in to the language of the alpha geeks. Not to mention the modus operandi of nasty hackers. “But how do we know that hackers are around hacking inside our system? They don’t leave their marks all the time, you know. Besides, they are adepts at disguise, like the best espionage guys.”

“If every hour a burglar turned up at your house and rattled the locks on the doors and windows to see if he could get in, you would hear it, Papyrus, would you not?” says Gene. “I admit that hackers do not come in noisy herds, rattling the disks, so to speak, but they do leave their mark. They leave signs when they sneak in.”

“Well, I’m glad to hear they do that,” you say, quietly. “How do you catch these sneaks?”

“Honeypots,” says Gene, with a broad grin.

“Huh? Is that like the bait used for trapping bears?” says DeVito, scratching his head.

“Precisely. Yes, honeypots use the same idea. Entrapment by seduction,” says Gene, winking. “We lure the bears into the den by dangling irresistible, lip-smacking offerings, and they, the fools, rush in where angels fear to tread. Except that these fools are called bots —the free-wheeling bits of code that roam around on the Web, looking for easy prey.”

“How do they work, these honeypots? I mean, how do they know that there has been an assault—or an attempt at one?” you ask.

“They work like detective evidence kits. You could say honeypots are forensic tools that are a boon to guys like me who chase online crime. We use them to collect statistics about popular attacks, to grab copies of malicious programs that carry out the attacks and to get a detailed picture of how these attacks are crafted. To the malicious programs—the bots—scouring the Web these honeypots look like any other computer. But in the backyard, the machines use a battery of forensic tools to log what happens on them. They trap the smoke from the smoking gun. Sometimes even the bullets.”

“This is wild,” says DeVito, rubbing his hands gleefully. “So what kind of honeypots have you been setting up, Gene?”

“Quite a few of them, and we give them names like Allure and Passion.”

“Oh, inspiration from the perfume guys?” you say.

“A little,” says Gene. “But these alpha hackers are getting sharper even as we chase them down. One indicator of how useful these entrapment tools have become is that the most sophisticated hacker monkeys now make their vile programs recognise when they have encountered Allure or Passion—trespassed on a honeypot, I mean.”

“So how did Allure and Passion do it?” you ask.

“Well, Allure was a standard PC running Windoves that was made as secure as possible, which we dubbed the host. This ran a software program which created another ‘virtual’ PC inside Allure—called Passion—the guest. So we had this big host and a little, innocent-looking guest inside her. Now inside Passion, we installed an unprotected version of Windoves dressed up, or configured, like any domestic PC. All sweet and approachable and irresistible, I might add.”

“You virus hunters know how to get the fish, eh?”

“We live and learn,” says Gene modestly. “Passion turned out to be pretty potent as it makes it easy to pause the ‘virtual’ PC or even roll it back to an earlier configuration. This proved essential when recovering from an attack. Armed with some forensic software, Passion became the honeypot. When we put this bait online it was like dripping honey on an open farmyard.”

“What happened?”

“The bears came swarming over,” says Hackman. “On average, Allure was hit by a potential security assault every 15 minutes. None of these attacks were solicited, mind you. Merely putting the bait online was enough to attract them. The fastest an attack struck was in mere seconds and it was never longer than 15 minutes before the honeypot logged an attempt to subvert it.”

“It’s a pretty crowded place out there in the farmyard, eh?”

“Absolutely full to the brim with mad black hatters. The majority of these attacks were merely nuisances. Many were announcements for fake security products that use leaks in Windoves to make their messages pop-up. Others were made to look like security warnings to trick people into downloading the bogus file.”

“And we carry on with our computers without being aware of all this gruesome activity going on under the board?” you say.

“There was much more than activity. At least once an hour, on average, Allure was hit by an attack that could leave an unprotected machine unusable or turn it into a launch-pad for attacking other PCs. Many of these attacks were by bugs that appeared first many years ago. These die-hard survivors swamp Net connections as they search for fresh victims and make host machines unstable.”

“Why are they still swarming around?”

“Because they have not been wiped out. They scan the Net so well that they can always find another vulnerable machine to leap to and use as a host while they search for new places to visit. They are like some of my relatives, you know. The ones who believe that the world is an extended family from which they can mooch off as long as they live.”

“I have a few sticky relatives like that too,” you say.

“Hey, don’t look at me,” says DeVito. “I have no relatives I can think of. At least not sticky ones.”

“And even more rarely,” says Gene, resuming his narrative, “Once a day on average, came Net attacks that tried to subvert Passion to put it under the control of a malicious hacker. Now these attacks came from all over the world—many clearly from other similarly hijacked PCs. Our pet honeypot was attacked by a PC from a Taiwanese charity, a server in a Burmese school and many machines in Germany.”

“It’s a flat world out there,” you say. “And we are getting flattened along with it.”

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.