Elinor Abreu
LAS VEGAS: A group of security experts speaking at a conference here
disclosed plans this week for a an expanded network of computer systems known as
a "honey pot" to track malicious hacker activities around the world. A
honey pot, a computer designed to deceive computer intruders, collects
information and monitors activity when it is breached but does not allow an
intruder to get to any sensitive data or do any damage.
The goal of the volunteer-run Honeynet Project is to gather information on
security breaches, which corporations and governments that have been attacked by
hackers are often reluctant to disclose.
The project that has been running on a limited basis will be expanded to run
on a large number of computer systems around the world. These would include the
US Navy network, said Lance Spitzner, a senior security architect for Sun
Microsystems Inc. one of about 30 volunteers running the project.
"Gathering intelligence on the enemy is critical," Spitzner said.
"We want to learn the tools, tactics and motives" of malicious
hackers. The Honeynet Project, which includes volunteers from Israel, Canada,
Holland and Australia, also monitors Internet relay chat sessions for malicious
hackers that may brag about their exploits. The group forwards to federal
agencies for investigation when it is warranted, Spitzner said.
Using statistical analysis, Honeynet can even predict when an attack is
likely to happen, according to the volunteers of the group. "We can predict
up to three days when you're going to be attacked and how you're going to be
attacked," Spitzner said. "One of our computers got hacked in 15
minutes. If they're attacking a system in 15 minutes that has no value, what are
they doing to a system that has value?"
Las Vegas hosted two major computer security conferences this week: Black
Hat, which is geared more toward security professionals, and DefCon tends to
attract a younger audience and features sessions on how to find and take
advantage of security breaches. Black Hat is a term for malicious hackers as
opposed to white hat hackers, a term for hackers who work to protect networks.
(C) Reuters Limited 2001.