The evolution of deception technology
Cybercriminals regularly use deceptive techniques as part of their campaigns because it’s effective, quick, and inexpensive
According to the FBI, phishing was the most common type of cybercrime in 2020, with phishing incidents nearly doubling in frequency in 2020 and more than 11 times as high when compared to 2016. Recognizing this, cybersecurity professionals now frequently incorporate deception technology as part of their defense-in-depth strategies. By understanding what deception technology is, and how it has evolved, organizations can more effectively use it against cybercriminals.
The Origins of Deception Technology
Although currently viewed through the lens of cybersecurity, deception technology and techniques existed long before computers. Deception techniques, whether used by the military, cybercriminals, or cybersecurity professionals, mislead people into acting against their best interests. Historically, governments, military organizations, and intelligence agencies use deception technologies to leverage their adversaries’ weaknesses against them.
The Trojan Horse
The Trojan army offers one of the most famous and the earliest example of deception technology. After a decade of war, the Greeks built a large horse and left it at the city’s front gate as a peaceful, religious offering.
With the horse inside the walled city, the Greek soldiers hiding inside it opened the city’s gates so the army could end the war by storming the city. Ultimately, the Greeks used the Trojans’ religious beliefs against them. In doing so, they were able to build a false sense of security luring the adversary into actions. In short, the Trojan Horse might be the first recorded social engineering attack.
The American Revolution
By the time of the American Revolution, the use of coding and decoding tools shows the continued evolution and use of deception technologies as part of modern warfare. Knowing that the Americans were intercepting their letters, British Generals Burgoyne, Clinton, and Howe would send letters with real and false information.
If decoded with the appropriate tool, the messages provided directions. However, when the American troops intercepted the messages and read them without the appropriate tool, they lured the Americans into thinking that they had sensitive data, when what they really had was fake information that sent them in the wrong direction
World War II and D-Day
“Ultra,” the Allied intelligence project focused on decrypting German messages played a significant role in the subterfuge that led to D-Day’s success. The Allies created a large-scale deception plan focusing German attention on Pas de Calais.
They deployed inflatable tanks and fake landing crafts, with double agents reinforcing the ruse. Moreover, knowing that the Germans believed General Patton was one of the best Allied generals, the Allies used him as a lure by placing him in Pas de Calais to give credence to the fake plans. Meanwhile, the codebreakers provided near-real-time insight into German activities.
For example, the code-breakers would intercept, decrypt, and translate German naval messages within two and a half hours. Ultimately one of the most successful deceptions in history, the Allies used their knowledge that the Germans were continuously monitoring their actions to make them believe a false narrative that made D-Day a turning point in the war.
The key for the Allies was engaging in mass deception through various people, processes, and technologies.
Maggie Thatcher’s “data leaks”
During the 1980’s, the British Prime Minister, Maggie Thatcher, used deception practices to trace Cabinet documents leaked to the press. She altered the government word processors to encode users’ identity into the space between words.
When leaked material was recovered, the pattern of spaces encoded into the documents directly linked back to the original author. Even before the digital revolution, encoding messages into documents provided a low cost, highly secretive way of detecting stolen data.
Thatcher was able to trace data leakage by using the analog version of “digital tracking.”
Combining the Digital and Physical: 21st Century Deception Technology
As organizations build out their cyber defenses, they can learn much from historical military deception techniques. Although the process may look different in a digitally transformed world, the outcomes are the same.
French Election of 2017
Seeing the signs that threat actors would attempt to undermine their election, President Macron and his technology team created a “cyber blurring” strategy. The team logged into the addresses provided in threat actor phishing emails, providing both real and fake logins, passwords, and documents.
Using threat actors’ technology against them, this process slowed down the malicious actors’ ability to share real data and undermined the validity of any data they shared. The French IT team was able to successfully use cybercriminals’ own strategies against them.
Fundamentally, they socially engineered the social engineers. Equally important, the small IT team was able to effectively reduce the threat actors’ impact on the election without incurring additional financial or human resource costs.
Operation Trojan Shield
In 2017, the FBI investigated an encrypted device company, Phantom Secure, that was known to work with criminals. In 2018, the FBI recruited a Confidential Human Source (CHS) who had been working on Anom, a next-generation encrypted device.
Additionally, since Phantom Secure had invested in Anom, the CHS was able to distribute the device across to criminal actors. As part of Operation Trojan Shield, the FBI and Australian Federal Police built a master key into the encryption that would attach a “digital tracker” to each message.
This master key enabled law enforcement to decrypt and store messages as the criminals transmitted them, passing the information to an FBI-owned server. Ultimately, the FBI translated more than 20 million drug-trafficking messages from 11,800 devices across 90 countries.
In this case, the FBI was able to streamline their operations. Instead of manually tracking criminals across 90 different countries, they were able to reduce time and cost by using lures. Inserting this digital tracker into each message gave law enforcement a low-touch solution to monitoring criminal activity.
Instead of trying to locate every device, they were able to use this information to effectively eliminate the threat.
Cyber Deception Technology: Cost-Effective Risk Mitigation by Socially Engineering the Social Engineers
While deception technology has evolved over time, the fundamental principles underlying it remain the same. As organizations monetize data, cybercriminals look for new ways to steal information and evade detection. As threat actors evolve their methodologies, organizations need to evolve their detection and risk mitigation practices.
Reduced Costs and Risk
Deception technology is nothing new to cybersecurity. Honeypots, fake systems that attract threat actors, have been used since the 1990s. If an organization uses a static honeypot, then it can reduce costs and risk.
A low-interaction honeypot can provide a high return on investment, but threat actors can often detect these because they lack the sophistication of a real network.
Visibility with context
With deception technology, organizations gain visibility into their own security posture. For example, using a real system as the model for the honeypot gives the organization a way to track tactics, techniques, and procedures (TTPs).
This also provides visibility into the type of sensitive data threat actors want, like personally identifiable information (PII), credentials, or intellectual property.
Higher fidelity detection
In theory, legitimate users have no reason to interact with the deception technology. Thus, any interaction becomes suspect, whether it’s internal or external users. Unlike other detection tools, deception technology rarely sends a false alert. Thus, it reduces the amount of time spent investigating false alerts.
Seedata.io: Deception Technology for Data
Traditional cyber deception technologies focus on alerting organizations to malicious activity within their perimeter, but fail to go beyond that.
Seedata detects malicious activity against data within our clients’ environments by planting unique, trackable records within their systems, and monitoring the surface, deep, and dark web for potential data exposure.
As technology and threat actor methodologies evolve, deception technology must evolve to meet new demands. Seedata offers a cost-effective solution for including deception technology “as-a-Service” within your security architecture.