Well not quite hacking as most people think of it, but technically it is, and it’s great.
There is a common theme when you have cleared up some malware for someone, likely they have spent a while confused by what’s going on, and again by the cleanup, maybe hit in the pocket and if it’s the first time, they can take it personally, if their confidentiality was breached it will be very personal.
Often when i get into conversation with victims, they will say “can’t we hack them back?”, when a mail server was recently hacked and hurt a client’s reputation by sending out millions of spam, the question was “can’t we bounce the spam back at them?”, in nearly all cases even if we could, we wouldn’t know who “them” was.
What I might do if they now have a firewall in place is get them to enjoy looking at their audit reports, at the wasted effort hackers are going to as the firewall deflects all the bad actors, such as this:
While that can give some satisfaction, tying up the resources of the criminal hackers bots, it really is nothing compared to what Illusive Networks have developed, while honeypots are not a new idea, often designed to monitor the behaviour of automated attacks, Illusive have developed a system that will trick human hackers into believing they have stuck gold, giving them access not to just a fake network and server, but to the data as well, drawing them in deeper, taking advantage of a addictive behaviour problem seen in criminal hackers.
Why I call this hacking, well it is, this is social engineering, human hacking, ironically it’s well known that humans are easier to hack than machines, so Illusive really have turned the tables.
Current offerings are not for small businesses, but I do hope someone does develop something similar for the majority. Apart from what I expect is a very effective proactive method of defense, there will be a certain satisfaction for intended victim when looking at those audits.
You can read more about Illusive Networks here at TechCrunch.