The art of deception in cyber security

Come to think of a night bank robber wearing their little overhead-masks and hand gloves. They peep fondly past the cameras as they tarnish the front glasses of the same with sprays. Then, they take hold of the boss and use him to open the combinational lock of the giant vault door, after which they render him useless and lay him waste. Vwallah!! Welcome to the treasure land. Brain bypassing the brawn, they are soon greeted with an array of safes with their own combinational locks, each labeled 'money'. What do they do next? They ought to resurrect the useless boss who, for now, is even more useless; or they should apply mathematics’ probability, and filtering algorithms, after all, a bunch of serious bank robbers should always house a geek amongst them. For in such predicaments, knowledge will always occupy the throne, with foolishness often a subject of the former who might order him to do God knows what. But with each time passing by, secondary security is beefed up until an escape, even if with nothing, is a suicidal call. Whatever happened in that vault was unexpected. It is the art of deception and who is better at the game always will win the battle. Below is an illustration of how this art is proving to be very important in the field of cybersecurity.

Take it from Sun Tzu

The art of war (to be discussed in a future article) is governed by five constant factors: the moral law, heaven, earth, the commander, method and discipline. I am only interested in the second and third element. The heaven signifies night and day, cold and heat, times and seasons. Earth signifies distances, great and small; danger and security; open ground and narrow passes; the chances of life and death. Combine these two and you have the most important factor for any military-based (others are more tactical than pure fire exchange) army; the battlefield. He who masters the battlefield will most probably win. It, therefore, goes without saying that, “dare you not allow your enemy to choose a battlefield.” And so this is the point of interest in this article, the battlefield in cybersecurity.

The old security model

99% of our computer networks have the administrators sit around the control panel. Other than assigning resources to customers and newcomers, they do the vigilante work. They set up a security model. This comprises of packet filters and firewalls, intrusion detection systems (IDs) like the famous Snort, antiviruses, authentication mechanisms, and encryption algorithms. Then they keep vigil of any malicious or suspicious item and/or activity as if they are Avast themselves (which often wakes you from slumber with the famous audio compilation of “suspicious item…detected.” With these, the security model is complete, and the rest is left for the weakest part of the infrastructure, the human, to decide. Take it from me, security is but an illusion, a curtain behind which lurks a dagger (like Dr. Henry Morgan’s of the series Forever), waiting to plough that soft chest of God knows who. If I am an asset weak enough to attract the character of trust, then fail not to take it from Katy Perry’s chained to the rhythm. Or rather study Win Chun instead of ‘self-defence.’ 

The new security model

The honeypots

These have existed for quite a while. From their name, foreign bees will rather run for your sweet defenseless honey pot other than attack you with the risk of losing their lives. As you might have thought, the honeypot is a live server of resources. But the resources are rather a dummy than real. Think of it as residual honey with dirt particles of comb, dead bee, mud, etc. that ought to be disposed off. The major aim? To misdirect the intruder and occupy him in consuming false resources, as you make away with/ protect your genuine resources.

The maze runner

Leave your house door closed but unlocked, welcoming all the intruders, but on entry…ask the movie, home alone. Cymmetria sells a product called MazeRunner. If you have watched the movie franchise, maze runner, then you know what the detainers ought to achieve by building the maze. It is specifically designed to detect "lateral movement" inside a secure network. When a hacker infiltrates a system -- maybe with a username and password data stolen through a phishing scam -- he doesn't know exactly what he wants to steal, so he moves from server to server looking for the juiciest assets. MazeRunner lays down realistic breadcrumbs for unwitting hackers to follow, leading them into decoy servers that are rigged to alert the security team. All it takes is one false move, one wrong turn in the maze, and the hacker trips the alarm. Unfortunately, the giant spiders of the maze runner don't care or know shit about you, all they wanna do is to simply have a bite.

The honey badger and beacons

Think of this as the honeypot discussed above but in addition, the honey is special in that it has a marker, some kind of a ‘badge’. Lick the honey and run away but imprinted on your stomach is the badge with which you are tracked.  In a nutshell, a honey badger is a live server with no real use, complete with administrative controls. However, if it is hacked, it locates the source of the cyberattack and tracks its location with a satellite picture. The next move I believe is known to you.

The beacons mentioned above is a badge in documents, that detects when and where data is accessed. After which the CIA hitman steps in.

Hacking back

If an intruder can be tracked by the above techniques like document beacons, then it is wise to say that their computers can also be accessed and data deleted. This is an eye for an eye model and as you might have guessed the Bible is against it and so does the world. Unfortunately, the new age men are law changers. For now, it’s at stage two: controversy, having skipped the first stage of obedience. The third stage of men’s activities is, of course, a pendulum’s swing to the other side, with a few taking permanent residence while a few journeying back with the free ride. Only if they knew the limits of the pendulum’s momentum: some wouldn’t be trapped between.

An application: The 2017 French presidential election

When Russian hackers tried to mess with the 2017 French presidential election. According to reports from President Emmanuel Macron's security staff, the Macron campaign fooled the cyber attackers or at least slowed their progress substantially -- by stuffing their own servers with phony documents and made-up passwords. "We created false accounts, with false content, as traps," Macron's digital director, Mounir Mahjoubi, told The New York Times. "We did this massively, to create the obligation for them to verify, to determine whether it was a REAL ACCOUNT. Even if it made them lose one minute, we're happy."

It's called "cyber-blurring" or "cyber deception," and the thwarted French election hack provided one of the first public examples of a creative cybersecurity technique that shifts the power away from hackers and back to the home team. "It's about taking control," says Gadi Evron, a cybersecurity expert, and CEO of Cymmetria, a security firm that helps organizations protect sensitive data by luring hackers into a hall of mirrors built from decoy servers and phony documents. "Cyber deception says, 'We're not taking it lying down anymore. We're no longer waiting for them to come in,'" says Evron. "It's about controlling your own network. Controlling the geography of the battlefield. If they go into my home, I know how I want to arrange things so that they go where I want them to go."

What does the future hold?

A funny question indeed. By the look of things alone, a system will be in place. Hack my network, the system will track down the intruder’s machine, access it, and do whatever it wants with it. Including frying it like an egg in a frying pan. All while you watch. The new age of machine learning and artificial intelligence is directly in aid of this. Albeit dummy than you, the machines operate in their own realm. If you fathom the realm, you can harvest a lot of manna from the same.