New research shows that asking hackers to leave your site alone can be more effective than you think.
With high-profile data security breaches at companies like Target and Snapchat being revealed on what seems like a weekly basis, public concern about hacking is as widespread as ever. While cybersecurity professionals are in a continual technological arms race with hackers, a recent study has shown that the simplest method imaginable in fighting hackers is actually effective—just asking them to stop.
In a study released late last year in the journal Criminology, researchers at the University of Maryland created two sets of computers exclusively for the purposes of attracting hackers. The first set displayed a banner warning the intruders that breaking into computer systems is a crime, while the second had no such banner.
The banner read:
The actual or attempted unauthorized access, use, or modification of this system is strictly prohibited. Unauthorized users are subject to institutional disciplinary proceedings and/or criminal and civil penalties under state, federal, or other applicable domestic and foreign laws. The use of this system is monitored and recorded for administrative and security reasons. Anyone accessing this system expressly consents to such monitoring and is advised that if monitoring reveals possible evidence of criminal activity, the Institution may provide the evidence of such activity to law enforcement officials.
The computers used 80 public IP addresses provided by a major American university over a span of two months. Often called ‟honeypots,” these sorts of computers system whose sole function is to attract hackers are a commonly used tool among cybersecurity experts.
While the researchers intentionally left the computers vulnerable to attack, they did take steps to make security on the system seem convincing. ‟To simulate a genuine environment, the target computers were modified to reject the login attempts by system trespassers on its public IP addresses until a predefined number of attempts,” the authors explained. ‟The predefined threshold was a random number between 150 and 200. When this threshold was reached, the target computer was ‛successfully’ infiltrated and allowed the intruder access to the system by creating a new user with the latest credentials attempted by the system trespasser.”
Over the duration of the experiment, the researchers recorded 971 security breaches and found that, while the banners didn’t decrease the frequency of trespassing incidents or convince many hackers to disconnect immediately (at least, not any more than did so without seeing a banner), it did significantly decrease the amount of time spent poking around inside the compromised system.
The study suggests the reason warning banners triggered so few immediate disconnections is that hackers had to expend considerable time and effort to even break into the system in the first place. ‟It could be the case that when ‛successfully’ breaking into the system, system trespassers like to harvest the fruits of their success and engage in an exploratory first trespassing incident, independent of the presence of a warning banner in the system,” the authors argue.
However, the likely effect of the banners was to instill a fear of detection in attackers. Even though that fear didn’t seem to be enough to make them abandon their intrusion entirely, it appeared to be enough to push them to limit the amount of time spent inside their target computers, thereby limiting the scope of their operations.
A warning banner is far from a magic bullet when it comes to stopping hackers; but, as study author David Maimon explained in a press release, “If you have a hacker on your system for five minutes instead of 10 minutes, the damage the hacker potentially can do is very much different. We believe that there’s a way for us to mitigate the effect of a trespassing incident and reduce the probability of serious damage on the system.”
Pure, uncut internet. Straight to your inbox.