How to hoax a hacker?

0
113

• The ‘honeypot passwords’ that could keep your online account safe

Researchers say it is the first of a new breed of encyrption tools designed to trick hackers.

‘Decoys and deception are really underexploited tools in fundamental computer security,’ Ari Juels, an independent researcher who was previously chief scientist at computer security company RSA, told MIT Technology Review.

Together with Thomas Ristenpart of the University of Wisconsin, he has developed a new encryption system with a trick up its sleeve.
It gives encrypted data an additional layer of protection by serving up fake data in response to every incorrect guess of the password or encryption key.

If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data, the researchers say.

“Honeywords are a defense against stolen password files,’ they wrote.

‘Specifically, they are bogus passwords placed in the password file of an authentication server to deceive attackers.

‘Honeywords resemble ordinary, user-selected passwords. It’s hard therefore for an attacker that steals a honeyword-laced password file to distinguish between honeywords and true user passwords.
The new approach could be valuable given how frequently large encrypted password files appear to fall into the hands of criminals.

Almost 150 million usernames and passwords were taken from Adobe servers in October 2013, for example, and Target was among those worst hit by a more recent breach.

Currently hackers use software to guess thousands of passwords.
Current systems just produce junk code when an attempt is in correct.

The new system however, simply generates a piece of fake data resembling the true data.

If an attacker used software to make 10,000 attempts to decrypt a credit card number, for example, they would get back 10,000 different fake credit card numbers, the team says.