2018 Government Innovation Awards
Turning the tables on hackers
Sandia National Laboratories’ primary mission is securing the nation’s nuclear arsenal, which faces very real threats. The labs’ networks experience 1.5 billion cyber events a day, ranging from incorrect password entries, phishing and malware attacks, and more serious nation-state activities, said John Zepper, Sandia’s director of computer and networking services.
In response, Sandia officials developed the High-Fidelity Adaptive Deception and Emulation System (HADES) to go beyond a traditional honeypot and use cutting-edge technology to give its operators the opportunity to run sting operations on the people trying to break into their systems.
Although HADES’ deception environments are isolated from Sandia’s host systems and data, designers spent a lot of time making it look like the real thing. Vince Urias, a cybersecurity researcher at Sandia, said they make up intricate profiles “for admins and engineers and the folks who are working 9 to 5 and those who work 12-hour shifts and take lots of coffee breaks.” Those “users” all have records with recently downloaded files, browser histories, varying uptimes and other small details that mimic authentic network behavior.
Those details and imperfections give the environment a lived-in feeling that keeps attackers engaged longer and lets operators monitor their behavior, develop signatures and implement adaptive countermeasures in real time.
“Think about robbing a house: If you walked into a house and everything was perfect and clean and there was no information, what would you do?” Urias said. “When an adversary comes in, they’re there to do something — to steal information or break things. If they can tell it’s a facsimile, if there is no depth to the information, at some point the adversary doesn’t want to interact with that system.”
Furthermore, HADES is designed to pull certain information from a network in order to replicate it as quickly as possible, which means it is adaptable for use by others. Urias said Sandia has patented the system and plans to license it to other government agencies and external organizations in the future.
Connect with the GCN staff on Twitter @GCNtech.