Humour

Let them come in and play

T A Balasubramanian on setting up an elaborate Web deception.

“The scum of the cyberuniverse, eh? I like that,” says Gene Hackman, CEO of Virus Busters. “It describes those black hatters delightfully well. And yes, OUCH, the Organisation of Unstoppable CTO Hackers, would have plenty of hard data that would show them what their enemies—the scum—are up to.”

Gene is talking to your humanoid CTO, Danny DeVito, and applauding the latter’s proposal to set up an elaborate Web of deception. Named a honeynet, this device is expected to be an irresistible lure for bringing in the hoards of reckless hackers who make life miserable to IT managers and anyone who uses computers. As DeVito imagines, his clever ploy would give the legion of newly minted green hats—the soon-to-be-enrolled members of OUCH, a fighting chance to get an upper hand in the black hacker wars.

You, as the CIO of Baffle Corporation, are on a freewheeling tour of the Techno Over-exposition of Geeks and Gizmos for Lazy Enterprises (TOGGLE), and your present spin has landed you in the middle of the Hacker’s Gold Mine Meet, or HGMM, which is part of the sprawling trade show. And you are currently playing the role of a witness to DeVito and Hackman, a mind-bending task which adds further to the sensation of being embroiled in a world without a centre.

“I like the idea of us CTOs wearing green hats and snooping around mysteriously, setting up honeypots and honeynets,” says DeVito, puffing out his chest in what appears to be a bout of human pride. “Those monkey hacker crackers have their days numbered, Gene.”

How did they get a humanoid to do that, you wonder. By making smugness a part of the program? Or was DeVito picking up cues about human vanity on his own? And how did he learn to dream up a fiendishly diabolic strategy to get CTOs on a common platform, or at least make the first move towards it? Was he becoming alarmingly smarter than the average human CTO? Was he gaining altogether new forms of intelligence that no machine had ever done in history? You mentally file away a memo deciding to check out these quirks at a later date with the beautiful Prof Ironica Asimova, Danny’s creator and Head of Ironica Robotica. Or with her lovely Chief Designer, Lola Lipton, who has crafted much of DeVito’s intelligence. You recall Ironica’s description about Chaibo, the chai-serving robot at Baffle, who, “reacts to stimuli and, in effect, learns, responding according to a programmed personality that develops freely.” Was DeVito, a far superior creation than Chaibo, developing far too freely?

“Well, Danny,” you hear Hackman saying, “before you start numbering their days, have you given a thought as to what you're going to dangle as bait to your much-loved black hats?”

“Bait?” says DeVito, frowning. “What bait?”

“Well, Danny, if your OUCH honeypot is like most traditional plain vanilla honeypots, there’s not going to be much for an attacker to do after he gets in—unless you plan some entertainment just for him. Once a black hat has taken all the trouble to set up shop on your honeypot, he will probably want to see what else there is to play with. What you really want is to get this monkey excited. Make him go crazy and transfer down all the other toys in his jungle house so you can have a copy as well.”

“Oh, I never thought of that,” says DeVito, scratching his chin. You imagine that your CTO’s usually smooth silicon gears are meshing a little slower as he does this. Hackman, however, has no clue as he continues his discourse.

“You should think of it, if you want results. You see, most honeynets are put out there by sloppy casters. Just an extra box someone has dumped around, hoping to catch some fish unawares. That kind of laziness would only make you lose some of the most interesting parts of what a honeynet can do."

“All right. So what do you suggest?”

“Honeynets can be made into very sophisticated baits to ensnare and beguile some of the most nefarious alpha hackers—the royal crackers. These are the elite bad guys you should entice. Work on them with as much deviousness as they have, match them, step by step, and cajole them to give you more of their secret research information. All of which, of course, would help in getting the green hat community a few steps ahead in this war of nerves.”

“So what do we do? What’s the juiciest bait to dangle?”

“Well, you could come up with what I imagine would be cool and fun things to do with honeynets. Royal crackers are very demanding, very vile. And they tend to get bored easily."

“What do they want to see?"

“Traffic," says Hackman, fluttering his fingers rapidly. “Plenty of action. One of the easiest ways to do that is to create simulated traffic to and from the honeypot. You must work at creating a lot of juicy traffic to entice the attacker to investigate your honeynet. If it’s not there, you could simulate it—make a lot of traffic happen.”

“Well, Gene,” you say, thoughtfully, “Much of the traffic you would see on Baffle’s computers would be gibberish. We are a boring company. We exchange e-mails over anything and everything. Except work, maybe. Family outings. Cricket scores. Cribs and rants.”

“Well, boring to you, maybe, but not for a savvy cracker. You can't imagine how much a vile hacker can dredge up from idle gossip, Papyrus,” Hackman says.

“Hackers love listening in on idle chatter. That’s when people imagine that what they say is not being overheard, or what they write is not being looked at, by strangers with a glint in their beady eyes. The chatter can be e-mails, passwords, hostnames, or other common traffic. It’s a gold mine for hackers. And replaying all this ‘boring’ traffic on the network can prompt the cracker to investigate other portions of your honeynet. It’s the old tale of curiosity and the cat.”

“Oh? So what else can we dangle before the cat?”

“Simulated traffic can be used alongside simulated targets. A simulated target—or a decoy—is where you can replay traffic from those simulated hosts to lure the cracker—or maybe the sniffer, if you like a more feline phrase —to dig further. Such traffic could be files or music being downloaded from your simulated targets. Traffic from services known to have a bad security history will definitely prompt the cat to investigate further.”

“How does all this help?" you ask. “I mean, help to bell the cat?”

“Ah, good question, Papyrus. It gives you vital clues about the cat’s intentions. Now if you want to really see what the attacker is all about, simulate traffic that looks like someone trading music in MP3 files, then vary it so that it looks like someone transferring business documents, say DOC files. If the cracker spends most of his time looking at the MP3 traffic, he is probably pretty harmless—a kitten. If he spends his time looking at the documents, he is probably very dangerous—a tiger.”

“Bell the cat? Curiosity and the cat?” says DeVito, holding up his hand as though searching through his memory.

“Wait a minute, wasn’t it curiosity that killed the cat?”

“Precisely, Danny,” says Hackman. “Those old fairy tales pack quite a punch, eh?”