Subterfuge as a Data Security Tactic


I published an article under the SANS Institute examining the role that deception can play in information security. In the article I discuss the application of deception and trickery by IT security professionals. But just as human professonals can employ deception, so can robot or automated security systems.

The use of subterguge as a security tactic raises ethical issues. I suspect that if properly controlled, the tactic is ethical in many circumstances.


 1. DarkMarket, a famous shopping mecca for identity thieves and cybercriminals, is now said to have been a sting operation run by the FBI.

2. As corporate computer networks become a larger target for cyber-industrial espionage, crafty businesses can gain an upper hand by feeding the crooks false trade secrets and product plans. Imagine the impact of bogus "intelligence" in the hands of a gullible competitor. The time and effort the competitor wastes could be devastating.

3.  John Strand has published a book titled Offensive Countermeasures.  Among other things, it suggest playing pranks on hackers to annoy them.

--Benjamin Wright

No comments:

Post a Comment