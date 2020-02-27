Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

University Fools Hackers into Sharing Tactics

Researchers at the University of Texas have found a way to bamboozle malicious hackers into giving away their secrets.

The DEEP-Dig (DEcEPtion DIGging) method tricks hackers onto a decoy site set up to record whatever sneaky tactics are thrown at it. This information is then fed into a computer, where it is analyzed to produce clues on how to identify and fend off future hacking attacks.

University of Texas at Dallas computer scientists presented papers on their wily new work at the annual Computer Security Applications Conference in December in Puerto Rico and at the Hawaii International Conference of System Sciences.

Furtively obtaining information from hackers that can later be used against them is a rapidly growing cybersecurity field known as deception technology. This cunning approach encourages those working in cybersecurity to view cyber-attacks in a whole new light.

“There are criminals trying to attack our networks all the time, and normally we view that as a negative thing,” said Dr Kevin Hamlen, Eugene McDermott Professor of Computer Science. 

“Instead of blocking them, maybe what we could be doing is viewing these attackers as a source of free labor. They’re providing us data about what malicious attacks look like. It’s a free source of highly prized data.”

Privacy restrictions can make it difficult for researchers to obtain sufficient data on attackers' tactics to create effective defense strategies. DEEP-Dig functions like a spy in the attacking camp, gathering up valuable real-time information on how hackers strike.

Dr. Gbadebo Ayoade, who presented the scientists' findings in Puerto Rico and Hawaii, said that having more data will make it easier to detect when an attack is under way.

“We’re using the data from hackers to train the machine to identify an attack,” said Ayoade. “We’re using deception to get better data.” 

Dr Latifur Khan, professor of computer science at UT Dallas, said "attackers will feel they're successful" when they encounter the decoy site stocked with disinformation. 

Mirroring the cyber-criminal’s domain-spoofing technique and using it against them to gain a window into their activity might appear like poetic justice; to Khan, it's simply another roll of the dice.

Describing the ongoing online battle between the lawless and the law-abiding, Khan said: "It's an endless game."

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Sports Giant Decathlon Leaks 123 Million Records

2
News

Ransomware Attack at US Power Station

3
News

Google Pulls 600 Apps from Play Store

4
News

US Defense Agency Notifies Users of Serious Breach

5
News

Indian Arrested Over Sale of Illegal Drugs Disguised as Sex Aids on Dark Web

6
Magazine Feature

The Top Ten Worst Vulnerabilities

1
News

Desjardins Group Breach Cost $38m Higher Than Expected

2
News

University Fools Hackers into Sharing Tactics

3
News

#RSAC: Latin America's Financial Crime World Sees Huge Expansion

4
News

Cyber-Criminal Impersonates Bernie Sanders Staffer

5
Blog

Women in Cybersecurity Keynote: Bobbie Stempfley Shares Invaluable Career Advice

6
News

Microsoft Engineer Pleads Guilty to $10m Fraud Scheme

1
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

2
Webinar

AI in Security: Keeping Up with the Trend

3
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

4
Webinar

New Year, New Decade, New Threats and Challenges

5
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

6
Webinar

Gain Control and Security of Your File Collaboration

1
Interview

Interview: Gavin Henderson, Vice-President, Regional Security, Mastercard

2
Blog

PCI Compliance: Not a Password Security Guarantee

3
Opinion

Is Anyone Paying Attention to Healthcare Security?

4
Opinion

#HowTo Do DevOps Effectively

5
Opinion

Why Leaky Clouds Lead to Data Breaches

6
Slackspace

Man Charged After Sharing Cryptocurrency Knowhow