"We're making honeypots": How to lure hackers into a trap

In our networked world, digital infrastructures are becoming a basic requirement of everyday life.

"We're making honeypots": How to lure hackers into a trap

In our networked world, digital infrastructures are becoming a basic requirement of everyday life. The Internet and telecommunications, as the lifeblood of our society, are particularly vulnerable. Researchers from the Helmholtz Association are looking for ways to close the vulnerabilities.

"The security risks for IT systems are diverse," says Jörn Müller-Quade. The professor for IT security leads the research group "Cryptography and Security" at the Institute for Information Security and Reliability (KASTEL) of the Karlsruhe Institute of Technology (KIT) and is Director at the Research Center for Information Technology (FZI). "The best known are certainly malware and classic hacker attacks. But many attacks go unnoticed, for example when systems are spied on and information about their vulnerability is collected."

Today, these are no longer only provided by computer freaks who want to try out their skills. Other groups also use them for various purposes: For example, criminals use ransomware to encrypt computers in order to only release them again for a ransom. The military apparatuses of states are trying to weaken the infrastructure of their opponents via digital channels. And the secret services also use special programs, for example to find out more about the economy of friend and foe.

The attackers seem to have a fundamental advantage here. "There really is an asymmetry in IT security," explains Jörn Müller-Quade. "The defenders have to close all security gaps, while the attackers only have to find an open one." The only exception to this rule, adds the encryption expert, would apply to cryptography. "Here we have known since Edward Snowden's revelations that even the NSA has had a hard time with modern encryption methods." However, and the revelations also show that, the secret service got hold of the desired data in other ways. For Jörn Müller-Quade it is therefore clear: "The biggest challenge we face is overall system security." So it's of little use if the heavy steel door is firmly closed with five bolts, but the window is half open.

This challenge grows all the more, the faster the system boundaries fall. Because today not only computers and telephones are connected to each other via the network. Power plants and industrial plants, refrigerators and televisions or smart home systems and electricity meters also exchange information with each other. "We shouldn't network everything that can theoretically be networked," says the IT expert. "Because a lot of people don't see the scalability of cyber attacks."

What he means by that is easily explained with a trip into the classic gangster milieu: In the offline world, the number of burglaries scales with the number of burglars. Because even the fastest thief can only penetrate a certain number of buildings per night. "This is no longer the case with cyber attacks," says Jörn Müller-Quade. "There are hardly any resource limits for a capable attacker here." Because the perpetrator does not always have to provide the resources for an attack himself. He often puts the hijacked computer systems of unsuspecting users around the world to work for him. Attacks of this type include overload attacks, known in technical jargon as distributed denial of service attacks.

"In such attacks, the attacker floods the victim's system with enormous data traffic," explains Christian Rossow. The computer security professor heads the Systems Security research group at the Helmholtz Center for Information Security (CISPA). "This usually exceeds the victim's processing capacity and paralyzes their website, for example, since regular inquiries can hardly be answered." It's a bit like sending someone thousands of meaningless letters a day. That would overburden the person concerned. The attackers often use hundreds of computers around the world that they have previously infected with malware. Without the owners noticing anything, their computers are turned into weapons.

"Such attacks occur, for example, on websites and online shops," explains the expert. This not only causes image damage, but sometimes also serious sales losses. This can be wanted by a competitor as well as by activists or secret services. "But some of these attacks are also used to blackmail people, companies or organizations," he adds. "With these attacks, however, it is also possible to attack critical infrastructures directly," says Christian Rossow. "If, for example, several power plants are connected for remote control, a mass attack could cause sensitive disruptions."

The IT expert and his team have therefore made it their task to find such mass attacks on the Internet. "We make ourselves a honey pot," he says with a smile. "That means we're posing as an abuseable means system." If the attacker bites, he uses Rossow's globally distributed network of rented servers for his attacks and the IT expert is right in the middle. "Of course, if the attack is launched using our systems, we face a dilemma. On the one hand, we don't want to be noticed, but on the other hand we don't want to be actively involved in the attack. That's why we only send a few data packets to avert damage." But his team sits in the front row and can document the attacks live. And they find tens of thousands of them every day.

"That way, we can quickly notify victims so they can take countermeasures," he explains, "and we can help identify the attackers." Christian Rossow and his team have developed a special fingerprint method for this. You give every attacker a personal fingerprint and can thus find out where his network is. "We are working with the state criminal police and Europol to track down such attackers," says the IT specialist. "The attacks used to be completely anonymous, which made criminal prosecution almost impossible. Now the FBI is also very interested in our services."

For the researchers at CISPA, this is an active and exciting field of research. "Our fingerprint often helps, but not always," says Christian Rossow. "That's why we're constantly looking for new ways to identify the perpetrators of such mass attacks."

Read more: This article first appeared on helmholtz.de.

Yorum yapabilmek için üye girişi yapmanız gerekmektedir.

Üye değilseniz hemen üye olun veya giriş yapın.