DARPA-funded fake docs to Trap the Next WikiLeaker: Decoy Documents
WikiLeakers may have to think twice before clicking on that “classified” document. It could be the digital smoking gun that points back at them.
Darpa-funded researchers are building a program for “generating and distributing believable misinformation.” The ultimate goal is to plant auto-generated, bogus documents in classified networks and program them to track down intruders’ movements, a military research abstract reveals.
“We want to flood adversaries with information that’s bogus, but looks real,” says Salvatore Stolfo, the Columbia University computer science professor leading the project. “This will confound and misdirect them.” (You can make your own fake doc on the research lab’s website, too.)
The program aims to scare off uninvited riff-raff as well as minimize insider threats, one of the greatest vulnerabilities in military networks. Fake “classified” documents, when touched, will take a snapshot of the IP address of the intruder and the time it was opened, alerting a systems administrator of the breach.
With that trail of digital breadcrumbs, agencies can track down prying eyes more easily. It’s not only a way to stop the new “systemic threat” demonstrated by “the recent disclosure of sensitive and classified government documents through WikiLeaks,” as a summary of the project notes. The deeper goal is to make hackers and whistleblowers jittery about whether the data they’ve stumbled on is actually real.
With Congress demanding the Defense Department work on eliminating insider threats, feds have been in overdrive trying to prevent another document-dump at the scale of WikiLeaks, even going to the extremes of threatening to prosecute airmen who let their families read the site.
This decoy-detecting project is funded as part of Anomaly Detection at Multiple Scales, a program to design ways of sniffing out “malicious” insider threat behavior. It’s not the only Pentagon program aimed at weeding out disloyal troops. Led by Peiter “Mudge” Zatko, former hacker-rockstar of the freewheeling Boston’s L0pht collective, Darpa is dreaming ways to detect signs of subversion or infiltration as part of a program called Cyber Insider Threat.
Under this plan, the decoy docs would undermine hackers’ trust in the integrity of data, make them question whether releasing it in the public domain would be worth it, and force WikiLeakers to do more work verifying their authenticity. (Take the document we made above, for example.)
“If we implant lots of decoys in a system, the adversary has to expend own resources to determine what’s real and what’s not,” Stolfo tells Danger Room.
If a bogus document is actually released online, it would shatter the credibility of the whistleblowing website that published it, said Stolfo. So even after an attacker has hacked through firewalls, tricked intrusion detection technology and gained unfettered access into a system, he’ll hesitate before making away with the goods.
Columbia University has a pending patent application on the decoy-creating technology. Stolfo co-founded Allure Security Technology in 2009 to make products based on that technology.
“I don’t know who has the patent for the concept of deception, though,” he joked. “It possibly dates back to the time of Adam and Eve. Now we’re trying to automate the process.”