A Different Approach To Foiling Hackers? Let Them In, Then Lie To Them
(Forbes) Last month Heckman, a researcher for the non-profit IT research corporation MITRE, gave a talk with fellow MITRE researcher Frank Stech at Purdue’s Center for Education and Research in Information Assurance and Security and described a cyber war game scenario MITRE played out internally in which she and Stech tried an unorthodox defensive strategy: Instead of trying to purge a Red Team of hackers from a Blue Team’s network they were defending, Heckman and Stech let the attackers linger inside, watched them, and fed them confusing misinformation. The result: despite the Blue Team’s network being deeply compromised by the Red Team’s hackers, Blue managed to trick Red into making the wrong moves and losing the game.
Related: CERIAS Information Security Seminar Mar 20, 2013