Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

War room: A website can use Mykonos software to track attackers and deploy counter responses designed to drive them away with delays and false information.

Mykonos’s software creates the illusion that the hacker is making progress. “We can intercept their scans and inundate them with fake values,” says Koretz. “It takes much longer [for an attacker to scan a site], and the results are useless.”

A scan that might usually take five hours could take 30, Koretz says. Other tactics include offering up dummy password files, which can help track an attacker when he or she tries to use them. “We’ll let them break the encryption and present a false login page. We have the ability to hack the hacker,” says Koretz.

As a promotional tool to impress potential clients, Mykonos engineers have built versions of the company’s software that taunt attackers. One directs a hacker to a Google Maps search for nearby criminal attorneys. Another parodies Microsoft’s now-defunct anthropomorphic paper clip, Clippy, with the message: “It looks like you’re an unsophisticated script kiddie. Do you need help writing code?”

Mykonos could use its system to simply block attackers, but Koretz says hackers expect such behavior and will simply keep looking for new ways in. “If you just block, they will find a different route to attack you. If you ensnare them in a painful way, you change the economics of the attack—it becomes much more expensive.”

Sven Dietrich, an expert on computer security and a professor at Stevens Institute of Technology, says annoying attackers can be a bad idea. “It’s conceivable that when he or she finds out that they’ve been had, they will seek retribution,” says Dietrich.

Security researchers sometimes use sacrificial “honeypot” computers as a way to study attacks up close in a safe environment. Dietrich says it’s important to carefully separate these machines from other computer networks to reduce the potential impact of revenge attacks, but this is not an option for a company using Mykonos’s software. “If you are using it in a production system, then they know who created it and is trying to deceive them.”

Koretz argues that the frustrations his software delivers can crop up naturally in the course of hacking a site, so many attackers will likely ascribe them to bad luck and move on to another possible target.

Dietrich also says that actively scanning, or installing pieces of tracking code on another computer, could make it unstable. If attackers compromise an innocent machine, “the risk is that you may affect systems that are critical or cause someone to lose their digital goods or worse,” he says.

Koretz predicts that the approach will become more common as conventional security software proves increasingly ineffective. “Deception is a legitimate defense,” he says.

21 comments. Share your thoughts »

Credits: Mykonos Software

Tagged: Computing, Web, security, software, hackers

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me