July 13, 2001 11:20 AM PDT
Honeynet Project sweetens hacker bait
The Honeynet Project--a group of experts in computer security, information intelligence and psychology--unveiled Thursday its plans for improving "honeynets," collections of computers designed to let hackers break into a false network while allowing investigators to watch their every move.
The new software and hardware that project leaders proposed at the Black Hat Briefings security conference will make honeynets easier to set up and cloak, turning computer cracking into a complex game of online Russian roulette for would-be intruders.
"Right now, the attackers are not worried because there is only one honeynet," said Lance Spitzner, a senior engineer with Sun Microsystems and leader for The Honeynet Project. "The more we deploy, however, the faster we will find (the attackers). We'll be watching."
Expanding on the concept of the "honeypot," a software application that pretends to be a hapless server on the Internet, the honeynet is a network of standard computers that is watched closely by a combination of surveillance technologies.
An intrusion-detection system triggers a virtual alarm whenever an attacker breaches security on one of the networked computers. A stealthy keystroke logger watches everything the intruder types, from commands to e-mails to chat sessions. A separate firewall cuts off the machines from the Internet anytime an intruder tries to attack another system from the honeynet.
While the spoofed network could give investigators the time to track any intruders into the network, Spitzner said that's not the point.
"Our goal has never been nor never will be to catch hackers," he said. "We are deploying the systems to gather data on the enemy."
David Dittrich, the computer forensics expert on the Honeynet team and a security engineer at the University of Washington in Seattle, agreed. He said that government and law enforcement may set out honeynet traps for catching Internet intruders, but that approach doesn't make much sense for companies.
"If it's just part of a honeynet, a computer will be just sitting there," he said. "That's a huge cost without any immediate benefit."
Still, the project has attracted tremendous support from both industry and government.
Currently in the process of transforming their project into a nonprofit organization, the 20-plus members of The Honeynet Project have applied for a grant from the National Institute of Standards and Technology.
In addition, the Defense Advanced Research Projects Agency--the private-sector research funding arm of the Department of Defense--has approached the project with the possibility of a grant "in the seven-figure range," Spitzner said.
Eventually, the honeynet could become an important part of network security.
"Essentially, honeynets are a canary in a coal mine," Dittrich said. "It can tip you off that something bad is happening."