Setting a trap for hackers

Startup CounterCraft has attracted the attention of GCHQ with its cyber security deception techniques

Building walls isn't enough to keep attackers out, so the trio of co-founders behind CounterCraft are offering companies a new weapon in their security arsenal: easy-to-make honey traps that look and act like the real thing.

CounterCraft has built a framework for building deception tools, such as fake systems and networks. When hackers attack the false environment, security staff can lock down real systems and observe attackers to uncover their motives and other key forensic information.

The idea has attracted the attention of GCHQ, with CounterCraft picked as one startup to take part in an accelerator run by the government surveillance organisation. We spoke to co-founder Daniel Brett to find out how the technology works.

What does your system do?

Advertisement - Article continues below
Advertisement - Article continues below

The idea of honeypots has been around since the beginning of IT security, but they tend to be more emulated, more static systems. So it's very obvious that you're getting at something that's been set up to fool you.

Our tools allow you to build up false environments that can confuse and engage with adversaries. And then, whilst they're in that environment, our tool would extract information about the adversaries. And then all of the information we gather would get pumped back into your typical IT security defence system.

The difference [versus a standard security system] is trying to treat your adversaries as a resource... of information that can help us improve the whole defence structure.

How do security staff use your tools?

We give them a series of playbooks of typical campaigns that people use, and they can range from something as simple as an insider threat to a focussed reconnaissance from external companies. And then it's up to them to adapt this and make it something that is specific and tailored to their exact business.

We need to build something that actually really does look like a real IT structure... then we have to work out where to deploy them. If someone does come across these systems and start engaging and interacting with them, then we have to take decisions about what to do next. That can be as simple as deciding that we just want information and now we're shutting down the system, or you may want to take real steps and deploy more decoy systems that take them down a path, to see what technical skills they have. That's where we start engaging to extract information from the adversaries.

What about smaller companies without a dedicated security staff?

We think at the moment the only people that can actually take advantage of these kind of systems will be the big, more mature companies. However, we want to learn how they use it and be able to build up automation, perhaps even some degree of machine learning... and then be able to encapsulate this in a much more midmarket product. But probably that'll be two years from now. At the moment we think the people who are going to get value from this are going to be the big corporations.

What sort of attackers have you seen?

We can't actually talk about who our clients are, nor can we talk about what we've seen. But in the last three months we've been on an accelerator with GCHQ, which is fascinating. Obviously, the people we are working with there, their daily job is dealing with the defence of a nation, a lot of very high-level attacks.

Advertisement - Article continues below

Aside from companies, who else could use CounterCraft's tools?

We've got a great European project called Titanium... working on Bitcoin with Europol, Interpol, and University College London, trying to mathematically pinpoint and identify bad Bitcoin transactions. They want to investigate how we can use our system to work out who's behind those bad transactions. We're very excited to start that project; it will be a new and interesting proactive way to be using our tool outside of its typical corporate environment.

Advertisement - Article continues below

This article first appeared in PC Pro

Main image credit: Bigstock

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020