Hackers make a beeline

Hackers make a beeline

LAS VEGAS'When the Naval Postgraduate School in Monterey, Calif., designed a so-called honeynet to trap hackers, it worked even better than expected.
Before researchers had finished setting up the network, it had been hacked and put to use to scan other systems on the Internet.
At the Black Hat Briefings here this month, Honeynet project members shared observations of hackers at work. They depicted an aggressive black-hat group continually searching for vulnerable computers.

'The fastest that one of our systems has been attacked has been within 15 minutes,' said Lance Spitzner, a Honeynet founder and security architect for Sun Microsystems Inc.

The shortest average life span for a system under attack was 72 hours for a server running Red Hat Linux 6.2 from Red Hat Inc. of Durham, N.C. On average, hackers compromised three systems each month on an eight-IP-address network that did not advertise itself.

But that's OK. A team of 30 security professionals from Canada, Holland, Israel and the United States designed its 2-year-old honeynet to be compromised.

'Nothing is emulated,' Spitzner said. Once inside a honeynet, a hacker can be monitored keystroke by keystroke.

The researchers have written a series of 'Know Your Enemy' papers, and a book of the same name will be published next month.

The original honeynet, a collection of spare servers running a variety of operating systems over an Integrated Services Digital Network line in Spitzner's home, has been taken down.

The project has spawned cooperative honeynets at the Navy school and at the University of Pennsylvania. Now, project members are seeking funds for a more elaborate network to attract the most sophisticated attacks.

'William Jackson

inside gcn

  • Pushing cybersecurity for counties

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group