Setting a trap for hackers

Startup CounterCraft has attracted the attention of GCHQ with its cyber security deception techniques

Building walls isn't enough to keep attackers out, so the trio of co-founders behind CounterCraft are offering companies a new weapon in their security arsenal: easy-to-make honey traps that look and act like the real thing.

CounterCraft has built a framework for building deception tools, such as fake systems and networks. When hackers attack the false environment, security staff can lock down real systems and observe attackers to uncover their motives and other key forensic information.

Advertisement - Article continues below

The idea has attracted the attention of GCHQ, with CounterCraft picked as one startup to take part in an accelerator run by the government surveillance organisation. We spoke to co-founder Daniel Brett to find out how the technology works.

What does your system do?

The idea of honeypots has been around since the beginning of IT security, but they tend to be more emulated, more static systems. So it's very obvious that you're getting at something that's been set up to fool you.

Our tools allow you to build up false environments that can confuse and engage with adversaries. And then, whilst they're in that environment, our tool would extract information about the adversaries. And then all of the information we gather would get pumped back into your typical IT security defence system.

Advertisement - Article continues below

The difference [versus a standard security system] is trying to treat your adversaries as a resource... of information that can help us improve the whole defence structure.

Advertisement - Article continues below

How do security staff use your tools?

We give them a series of playbooks of typical campaigns that people use, and they can range from something as simple as an insider threat to a focussed reconnaissance from external companies. And then it's up to them to adapt this and make it something that is specific and tailored to their exact business.

We need to build something that actually really does look like a real IT structure... then we have to work out where to deploy them. If someone does come across these systems and start engaging and interacting with them, then we have to take decisions about what to do next. That can be as simple as deciding that we just want information and now we're shutting down the system, or you may want to take real steps and deploy more decoy systems that take them down a path, to see what technical skills they have. That's where we start engaging to extract information from the adversaries.

What about smaller companies without a dedicated security staff?

Advertisement - Article continues below

We think at the moment the only people that can actually take advantage of these kind of systems will be the big, more mature companies. However, we want to learn how they use it and be able to build up automation, perhaps even some degree of machine learning... and then be able to encapsulate this in a much more midmarket product. But probably that'll be two years from now. At the moment we think the people who are going to get value from this are going to be the big corporations.

What sort of attackers have you seen?

We can't actually talk about who our clients are, nor can we talk about what we've seen. But in the last three months we've been on an accelerator with GCHQ, which is fascinating. Obviously, the people we are working with there, their daily job is dealing with the defence of a nation, a lot of very high-level attacks.

Advertisement - Article continues below

Aside from companies, who else could use CounterCraft's tools?

We've got a great European project called Titanium... working on Bitcoin with Europol, Interpol, and University College London, trying to mathematically pinpoint and identify bad Bitcoin transactions. They want to investigate how we can use our system to work out who's behind those bad transactions. We're very excited to start that project; it will be a new and interesting proactive way to be using our tool outside of its typical corporate environment.

This article first appeared in PC Pro

Main image credit: Bigstock

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020

The growing case for IT flexibility

30 Jun 2020