Federal study shows security banners can trick hackers into doing nothing

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.fiercegovernmentit.com/story/federal-study-shows-security-banners-can-trick-hackers-doing-nothing/2015-08-31

New research finds that there are some simple, non-invasive steps that IT
administrators can implement to discourage cyber attackers from carrying
out damaging commands.

The National Consortium for the Study of Terrorism and Responses to
Terrorism, or START, placed warning banners on compromised systems to
better understand how a hacker responds to such a message. The study found
that the banners reduced commands from hackers by 8 percent.

START, a Homeland Security Department-funded program through the University
of Maryland, examined a type of cyber defense called restrictive
deterrence. Such defenses use warnings or suggestions to compel attackers
toward a certain action.

With this study (pdf), the banners popped up when an attacker targeted in
on the relevant system, and read, "This system is under continuous
surveillance. All user activity is being monitored and recorded." A group
of almost 700 compromised systems was randomly assigned whether to display
the message or not, then the researchers let the hackers freely snoop.

The banner did not help prevent attacks in the first place, but the
researchers did find that actions taken after a breach were significantly
altered by the appearance of a warning.

"An intruder cannot damage or pilfer a system without entering computer
commands into that system," read a research brief. "While the employed
surveillance banner did not reduce the total number of trespassing
incidents, it did affect the likelihood of an intruder escalating their
offending by typing into the system on the first and second trespassing
incidents."

Though the methods were fairly rudimentary in the study, it does show the
psychology of an attacker, which could help create more complex defenses in
he future.

For government systems, a breach is never really an acceptable outcome.
However, knowing that some deterrence can have an effect on an intruder
could be helpful in mitigating attacks.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!