Irish firms launch cyber-attack bait

[InfoSec News <isn () c4i org>]

http://www.electricnews.net/news.html?code=6669234

by Matthew Clark 
Wednesday, March 20 2002

Inflow, Espion and Deloitte & Touche are running a new "Honeynet" in
Ireland to attract would-be cyber attackers and study their habits.

The new Honeynet is already up and running at an unspecified Internet
address. On-line for just 48 hours on four non-consecutive days, the
decoy computer network has recorded at least 14 successful and
potential attacks, its designers said at a briefing on Wednesday.

The purpose of the Irish Honeynet is to collect in-depth statistical
information of malicious attacker (also called blackhat) activities in
Ireland and around the world. The attacks that have been made on the
Irish Honeynet thus far have come from places like Tunisia, Germany,
China, Russia, North America and Malaysia.

What the executives agreed was most remarkable about the statistics is
that the Honeynet is not promoted in any way; the attacks came from
people who are just scanning the Net for vulnerable systems.

The Irish Honeynet, like others around the world, is a non-profit
enterprise designed to collect information on malicious attackers,
their motives, techniques and habits. It is not set up as a tool to
root out or identify attackers, and its organisers say it is not
linked to any government authorities.

Essentially the Honeynet consists of a server connected to the
Internet on a random and constantly changing IP address. The server
itself contains very little of interest in terms of information, but
it is fully loaded with an array of tracking and monitoring tools.  
These software tools let the experts at Inflow, Espion and Deloitte &
Touche monitor who is attacking the computer, how they are doing it
and from where.

"There is this misconception out there that 'bad guys' are going after
a computer to see what's on it. The reality is they don't care what's
on the computer, just the fact that it's a computer with an IP address
is enough to warrant a hack," explained Lance Spitzner, a senior
security architect at Sun Microsystems and founder of the Honeynet
Project in the US.

Spitzner, a former tank officer in the US Army, said that many
malicious cyber attackers use vulnerable computers to store data such
as stolen credit card details. Others will use susceptible computers
to launch attacks in a kind of malicious attack orchestra, where
multiple computers around the world, controlled by one user, make a
co-ordinated assault on a single, high-security network.

Spitzner also explained that many attackers are young and
inexperienced, and in some cases they simply launch attacks to gain
notoriety in a sort of underground attacker sub-culture. "Many of them
don't actually know that much about security, but they can download
the tools they need easily from the Internet and the tools are getting
better," he added.

The Honeynet Project in the US is also non-profit and around 30
volunteers work on it with a variety of backgrounds from IT security,
to psychology, to statistical analysis. Other individuals who have
close connections to the blackhat community are also involved.

Currently there are six Honeynets around the world associated with the
Honeynet Project which share information and data about the work they
carry out in what is called the Information Alliance. There are four
existing Honeynets in the US as well as one in both Greece and India.

The Irish Honeynet will be what Gerry Fitzpatrick, partner in Deloitte
& Touche describes as a "mirror Honeynet" of the US operation.  
Spitzner said the Irish operation would be welcomed to join the
alliance, but was under no obligation to do so.

Spitzner will be speaking at the National IT and E-Security (NITES)  
Summit set to take place in Leopardstown on 21 and 22 March. For more
information on the Honeynet project visit
http://www.project.Honeynet.org.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.