RealNews

A New Way to Catch a Hacker

For a computer security professional, Lance Spitzner has an unusual goal: He wants ill-intentioned hackers to steal more Social Security numbers and medical records. Mr. Spitzner, a former Army officer, spends his days working at Sun Microsystems and his evenings running the volunteer Honeynet Project, a group of security professionals working to track hackers. Until recently, the four-year-old nonprofit effort focused on building and monitoring honeypots — computer systems designed to be easily penetrated so that Honeynet volunteers can covertly scrutinize hackers’ tricks when they break into the systems. Now Mr. Spitzner, 32, is focusing his efforts on a different type of defense based on the insertion of “honeytokens” into real databases and systems. Honeytokens are pieces of seemingly enticing information that have no useful value. Embedded in ways so that no innocent person should accidentally stumble upon them, honeytokens trigger alarms when viewed, grabbed or downloaded. For example, a bank could insert a fake credit card number into its files and then set up a program called a “sniffer” on the network that would send out an alarm if anyone touched that particular number. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.