HoneyNet Looks to Stick Hackers

Online vandals and stalkers beware. A group of security professionals called The HoneyNet Project, has just made it easier for law enforcement to stealthily track the behavior of online evil-doers.

On Monday, the volunteer group, which consists of two dozen computer security, information intelligence, and psychology professionals, released the second version of its “how-to-build-a-honeynet” software, a tool used by law enforcement and others interested in security issues to track the behavior of hackers.

For those folks not down with security lingo, a “honeynet” expands on the concept of a “honeypot,” a software application that pretends to be a server on the Internet and lures unsuspecting hackers to it. A “honeynet” is a collection of these “honeypots” networked together. When hackers (or “blackhats,” as they’re known in security circles) enter the honeynet, they are watched closely by a combination of surveillance technologies.

“You’re really playing with fire in this type of environment,” says Lance Spitzner, a security architect at Sun Microsystems Inc. (Nasdaq: SUNW) and founder of the four-year old HoneyNet Project. “The whole point is to observe the bad guys as they go about their work in a controlled setting without them knowing it.”

The way it works is an intrusion-detection system triggers a virtual alarm whenever an attacker breaches security on one of the networked computers. Meanwhile, an administrator watches everything the intruder types, from commands to emails to chat sessions. A separate firewall is set up to cut the hacker off from the Internet anytime he tries to attack another system from the honeynet.

Proponents say the latest HoneyNet release includes the following improvements over previous versions:

  • The software is prepackaged for easy setup and comes for installation on a single server.

  • A new utility called Honey Inspector, which will be released soon, will allow honeypots within the honeynet to be managed and analyzed through a graphical user interface. Eventually, the HoneyNet Project expects to release a bootable CD-ROM that will make installing its version of a honeynet even easier.

  • Software includes improvements for breaking encryption codes that hackers often use to communicate with each other.

  • The designers claim to have made it harder for hackers to detect that they’ve been lured into a honeynet. In the previous version of software, all the surveillance was done at Layer 3. Hackers had to pass through a Layer 3 gateway when entering the honeynet, which often tipped them off to what was happening. But now HoneyNet uses a Layer 2 bridging gateway, making any surveillance invisible to the hacker.

  • The upgrade includes an enhanced firewall that blocks harmful attacks, while still allowing hackers to communicate with their associates outside the honeynet. “The longer we can keep them in the honeynet without them realizing what is going on, the more information we can gather,” says Spitzner. “We want them talking to their buddies on the Internet, but we don’t want them causing anymore harm.”

    So are the Honeynet Project volunteers some sort of cyber police force? Not at all. The not-for-profit group’s only purpose is to observe and learn about hacker behavior and share that information with the public. That’s not to say that the information and tools gathered can’t be used to catch bad guys. Government agencies like the United States Department of Homeland Security and the Federal Bureau of Investigation (FBI) already use HoneyNet Project information and techniques in their work.

    The HoneyNet Project is not designed for commercial use, according to Spitzner. He says it wouldn’t make much sense for an enterprise to spend the resources to build such a network. But network security might use the tools to learn more about hackers and recommend strategies to clients.

    All software on the HoneyNet Project Website is free to download by anyone. For more information, go to The HoneyNet Project.

    — Marguerite Reardon, Senior Editor, Light Reading

  • RJC 12/5/2012 | 12:12:27 AM
    re: HoneyNet Looks to Stick Hackers http://www.securityfocus.com/n...
    MI no longer things this is valid research, the state considers it a crime, with up to 4 years of jail time.
    Colorado is considering something similar, House Bill 03-1303 also makes it illegal for a system to pretend to be what it's not. This just passed a unanimous committee vote today (Apr 18)

    alister667 12/5/2012 | 12:12:26 AM
    re: HoneyNet Looks to Stick Hackers A couple more links for anyone interested in the fact that the state governments are outlawing research into network security.
    Frankly, I'm astonished there is not more outrage at this. From where I'm sitting it looks at best like a very badly framed law, and at worst, another step towards '1984'.
    Sign In