IoT hackers will be welcomed with a warm deception: It’s crazy simple!
At the time of writing, Iran threatens to be thoroughly hacked off with us. Are we really on the brink of World War Three, asks freelance technology writer, Nick Booth? Remember the new combat will feature cyber conflict – it’ll be WW IoT.
We will fight them on the beaches. Well, we would if we’d changed the default passwords on the security cameras!
Are you ready for electronic engagement with the enemy? All our vital industries seem to be hostage to an unsecured IoT. Apparently, you can’t have a digital transformation without a legion of dumb devices on default passwords. Our battalions of netbots could easily turn against us, with just a few commands from a fanatical enemy’s keyboard. Now that’s global disruption.
At a time of conflict we suddenly turn to all those military experts whose unfashionable opinions we can’t normally tolerate.
Nothing left to chance
William (Tony) Cole CTO of Attivo Networks, is one such character. As a veteran of the US Army he will have been drilled to think the opposite of civilian networkers. Unlike us, he will leave nothing to chance. In the US Eighth Army – his formative employer – they say assumption is the mother of all cock-ups. Later, his time engaged in Land Information Warfare Activity ingrained the thinking that ‘assume’ makes an ‘ass’ of ‘u’ and ‘me’. I didn’t ask about the work he did in the Pentagon or he might have shot me.
On leaving the military, Cole’s tactical cunning needed to find the right outlet. It’s always hard to adjust to civilian culture and Cole had a struggle to find the right berth for his trap-setting skills. Ironically, nobody is better at neutralising enemies, but the potential clients are oblivious to Cole’s techniques since they were learned in relative secrecy while he served in the military. Symantec saw no value in the Honeypot expertise that Cole showcased – he was too far ahead of his time. McAfee didn’t bring out the best in him either. When Cole mentioned ‘FireEye burn out’ I didn’t want to press him too hard on what was clearly a painful memory.
However, two years ago he and Attivo Networks found each other in the same trench. They saw the incoming hordes through the same binoculars. Cole was enthused at the deception weaponry that Attivo had designed for the Internet of Things (IoT).
Use your opponents’ momentum
Cole’s years in the Pentagon and the army told him that sometimes in combat, it is better to use the opponents’ momentum and steer them into a bad place. Like a Navy Seal grabbing an incoming assassin, then somersaulting them towards the ground by means of a subtle twist of the wrist, Attivo’s deception software can break its opponent by using its momentum against itself.
If, for example, an enemy launches an attack on a health service network, it is probably impossible to stop them getting in. There are too many ‘traitors’ such as unsecured thermometers, blood pressure takers and oxygenation readers. Once ‘turned’ they offer the enemy the option to do anything – from stealing the entire patient database to fatally shutting down a VIP’s infusion pump.
Attivo builds an entire decoy environment that convinces the invaders that they have achieved their objective. Did Attivo nick this idea from Britain’s counter intelligence allies in World War II? During the last century the British built a fake double agent spy network that deceived the enemy in a similar way. Operation Bodyguard falsely mapped out what proved to be a picture of fatally misleading intelligence that the Germans acted upon. Typical Americans, commercialising our ideas!
The challenge for the IoT is that Deception Management needs to drastically arrest the movement of the invading hackers. These days the process of detecting, deceiving and deactivating them has to be sped up by about 98%, according to Cole.
“Deception is crazy simple,” says Cole. The hard bit is convincing the IoT’s own logistics corp. As with their army counterparts, they can be slow to move sometimes.
The author is freelance technology writer, Nick Booth.