In-depth

Setting a trap for hackers

Startup CounterCraft has attracted the attention of GCHQ with its cyber security deception techniques

Building walls isn't enough to keep attackers out, so the trio of co-founders behind CounterCraft are offering companies a new weapon in their security arsenal: easy-to-make honey traps that look and act like the real thing.

CounterCraft has built a framework for building deception tools, such as fake systems and networks. When hackers attack the false environment, security staff can lock down real systems and observe attackers to uncover their motives and other key forensic information.

The idea has attracted the attention of GCHQ, with CounterCraft picked as one startup to take part in an accelerator run by the government surveillance organisation. We spoke to co-founder Daniel Brett to find out how the technology works.

What does your system do?

Advertisement
Advertisement - Article continues below

The idea of honeypots has been around since the beginning of IT security, but they tend to be more emulated, more static systems. So it's very obvious that you're getting at something that's been set up to fool you.

Our tools allow you to build up false environments that can confuse and engage with adversaries. And then, whilst they're in that environment, our tool would extract information about the adversaries. And then all of the information we gather would get pumped back into your typical IT security defence system.

The difference [versus a standard security system] is trying to treat your adversaries as a resource... of information that can help us improve the whole defence structure.

How do security staff use your tools?

We give them a series of playbooks of typical campaigns that people use, and they can range from something as simple as an insider threat to a focussed reconnaissance from external companies. And then it's up to them to adapt this and make it something that is specific and tailored to their exact business.

We need to build something that actually really does look like a real IT structure... then we have to work out where to deploy them. If someone does come across these systems and start engaging and interacting with them, then we have to take decisions about what to do next. That can be as simple as deciding that we just want information and now we're shutting down the system, or you may want to take real steps and deploy more decoy systems that take them down a path, to see what technical skills they have. That's where we start engaging to extract information from the adversaries.

What about smaller companies without a dedicated security staff?

We think at the moment the only people that can actually take advantage of these kind of systems will be the big, more mature companies. However, we want to learn how they use it and be able to build up automation, perhaps even some degree of machine learning... and then be able to encapsulate this in a much more midmarket product. But probably that'll be two years from now. At the moment we think the people who are going to get value from this are going to be the big corporations.

What sort of attackers have you seen?

We can't actually talk about who our clients are, nor can we talk about what we've seen. But in the last three months we've been on an accelerator with GCHQ, which is fascinating. Obviously, the people we are working with there, their daily job is dealing with the defence of a nation, a lot of very high-level attacks.

Advertisement
Advertisement - Article continues below

Aside from companies, who else could use CounterCraft's tools?

We've got a great European project called Titanium... working on Bitcoin with Europol, Interpol, and University College London, trying to mathematically pinpoint and identify bad Bitcoin transactions. They want to investigate how we can use our system to work out who's behind those bad transactions. We're very excited to start that project; it will be a new and interesting proactive way to be using our tool outside of its typical corporate environment.

This article first appeared in PC Pro

Main image credit: Bigstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019