Setting a trap for hackers

Startup CounterCraft has attracted the attention of GCHQ with its cyber security deception techniques

Building walls isn't enough to keep attackers out, so the trio of co-founders behind CounterCraft are offering companies a new weapon in their security arsenal: easy-to-make honey traps that look and act like the real thing.

CounterCraft has built a framework for building deception tools, such as fake systems and networks. When hackers attack the false environment, security staff can lock down real systems and observe attackers to uncover their motives and other key forensic information.

The idea has attracted the attention of GCHQ, with CounterCraft picked as one startup to take part in an accelerator run by the government surveillance organisation. We spoke to co-founder Daniel Brett to find out how the technology works.

What does your system do?

The idea of honeypots has been around since the beginning of IT security, but they tend to be more emulated, more static systems. So it's very obvious that you're getting at something that's been set up to fool you.

Our tools allow you to build up false environments that can confuse and engage with adversaries. And then, whilst they're in that environment, our tool would extract information about the adversaries. And then all of the information we gather would get pumped back into your typical IT security defence system.

The difference [versus a standard security system] is trying to treat your adversaries as a resource... of information that can help us improve the whole defence structure.

How do security staff use your tools?

We give them a series of playbooks of typical campaigns that people use, and they can range from something as simple as an insider threat to a focussed reconnaissance from external companies. And then it's up to them to adapt this and make it something that is specific and tailored to their exact business.

We need to build something that actually really does look like a real IT structure... then we have to work out where to deploy them. If someone does come across these systems and start engaging and interacting with them, then we have to take decisions about what to do next. That can be as simple as deciding that we just want information and now we're shutting down the system, or you may want to take real steps and deploy more decoy systems that take them down a path, to see what technical skills they have. That's where we start engaging to extract information from the adversaries.

What about smaller companies without a dedicated security staff?

We think at the moment the only people that can actually take advantage of these kind of systems will be the big, more mature companies. However, we want to learn how they use it and be able to build up automation, perhaps even some degree of machine learning... and then be able to encapsulate this in a much more midmarket product. But probably that'll be two years from now. At the moment we think the people who are going to get value from this are going to be the big corporations.

What sort of attackers have you seen?

We can't actually talk about who our clients are, nor can we talk about what we've seen. But in the last three months we've been on an accelerator with GCHQ, which is fascinating. Obviously, the people we are working with there, their daily job is dealing with the defence of a nation, a lot of very high-level attacks.

Aside from companies, who else could use CounterCraft's tools?

We've got a great European project called Titanium... working on Bitcoin with Europol, Interpol, and University College London, trying to mathematically pinpoint and identify bad Bitcoin transactions. They want to investigate how we can use our system to work out who's behind those bad transactions. We're very excited to start that project; it will be a new and interesting proactive way to be using our tool outside of its typical corporate environment.

This article first appeared in PC Pro

Main image credit: Bigstock

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

The benefits of workload optimisation

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021