Q&A: Set­ting a trap for hack­ers

Startup Coun­terCraft has at­tracted the at­ten­tion of GCHQ with its cy­ber se­cu­rity de­cep­tion tech­nique, which sets out a fake IT sys­tem as a trap for at­tack­ers. Co-founder Daniel Brett re­veals how it works

PC Pro - - News -

We spoke to the co-founder of Coun­terCraft, which traps at­tack­ers us­ing fake IT sys­tems.

BUILD­ING WALLS ISN’T enough to keep at­tack­ers out, so the trio of co­founders be­hind Coun­terCraft are of­fer­ing com­pa­nies a new weapon in their se­cu­rity arse­nal: easy-to-make honey traps that look and act like real IT in­fra­struc­ture.

Coun­terCraft has built a frame­work for build­ing de­cep­tion tools, such as fake sys­tems and net­works. When hack­ers at­tack the false en­vi­ron­ment, se­cu­rity staff can lock down real sys­tems and ob­serve at­tack­ers to un­cover their mo­tives and other key foren­sic in­for­ma­tion.

The idea has at­tracted the at­ten­tion of GCHQ, with Coun­terCraft picked as one startup to take part in an ac­cel­er­a­tor run by the gov­ern­ment sur­veil­lance or­gan­i­sa­tion. We spoke to co-founder Daniel Brett to find out how the tech­nol­ogy works.

What does your sys­tem do? The idea of honey pots has been around since the be­gin­ning of IT se­cu­rity, but they tend to be more em­u­lated, more static sys­tems. So it’s very ob­vi­ous that you’re get­ting at some­thing that’s been set up to fool you.

Our tools al­low you to build up false en­vi­ron­ments that can con­fuse and en­gage with ad­ver­saries. Then, whilst they’re in that en­vi­ron­ment, our tool would ex­tract in­for­ma­tion about the ad­ver­saries. And then all of the in­for­ma­tion we gather would get pumped back into your typ­i­cal IT se­cu­rity de­fence sys­tem.

The dif­fer­ence [ver­sus a stan­dard se­cu­rity sys­tem] is try­ing to treat your ad­ver­saries as a re­source… of in­for­ma­tion that can help us im­prove the whole de­fence struc­ture.

How do se­cu­rity staff use your tools? We give them a se­ries of play­books of typ­i­cal cam­paigns that peo­ple use, and they can range from some­thing as sim­ple as an in­sider threat to fo­cused re­con­nais­sance from ex­ter­nal com­pa­nies. And then it’s up to them to adapt this and make it some­thing that is spe­cific and tai­lored to their ex­act busi­ness.

We need to build some­thing that ac­tu­ally does look like a real IT struc­ture… then we have to work out where to de­ploy them. If some­one does come across th­ese sys­tems and starts en­gag­ing and in­ter­act­ing with them, then we have to take de­ci­sions about what to do next. That can be as sim­ple as de­cid­ing that we just want in­for­ma­tion and now we’re shut­ting down the sys­tem, or you may want to take real steps and de­ploy more de­coy sys­tems that take them down a path, to see what tech­ni­cal skills they have. That’s where we start en­gag­ing to ex­tract in­for­ma­tion from the ad­ver­saries.

What about smaller com­pa­nies with­out a ded­i­cated se­cu­rity staff? We think at the mo­ment the only peo­ple that can ac­tu­ally take ad­van­tage of th­ese kind of sys­tems will be the big, more ma­ture com­pa­nies. How­ever, we want to learn how they use it and be able to build up au­to­ma­tion, per­haps even some de­gree of ma­chine learn­ing… and then be able to en­cap­su­late this in a much more mid-mar­ket prod­uct. But prob­a­bly that’ll be two years from now. At the mo­ment, we think the peo­ple who are go­ing to get value from this are the big cor­po­ra­tions.

What sort of at­tack­ers have you seen? We can’t ac­tu­ally talk about who our clients are, nor can we talk about what we’ve seen. But in the last three months we’ve been on an ac­cel­er­a­tor with GCHQ, which is fas­ci­nat­ing. Ob­vi­ously, the peo­ple we are work­ing with there, their daily job is deal­ing with the de­fence of a na­tion, a lot of very high-level at­tacks.

Aside from com­pa­nies, who else could use Coun­terCraft’s tools? We’ve got a great Euro­pean project called Ti­ta­nium… work­ing on Bit­coin with Europol, In­ter­pol, and Univer­sity Col­lege Lon­don, try­ing to math­e­mat­i­cally pin­point and iden­tify bad Bit­coin trans­ac­tions. They want to in­ves­ti­gate how we can use our sys­tem to work out who’s be­hind bad trans­ac­tions. We’re very ex­cited to start that project; it will be a proac­tive way to be us­ing our tool out­side of its typ­i­cal cor­po­rate en­vi­ron­ment.

RIGHT Coun­terCraft’s tools cre­ate false en­vi­ron­ments that con­fuse at­tack­ers BE­LOW The se­cu­rity startup was se­lected to take part in an ac­cel­er­a­tor run by GCHQ

Daniel Brett is one of the three co-founders of Coun­terCraft

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.