Is this a better mousetrap?
By automatically generating and distributing believable misinformation, DARPA’s new program aims not only to protect sensitive and classified documents from uninvited hackers, it will also help identify “malicious insiders.”
“We want to flood adversaries with information that’s bogus, but looks real,” Salvatore Stolfo, the Columbia University computer science professor leading the project, told Wired.com. “This will confound and misdirect them.”
Each decoy document will double as a digital homing device. When opened, the fake document will take a snapshot of the intruder’s IP address, automatically alerting administrators of a security breach and providing them with valuable information such as the time, location, and perhaps even the specific computer of infiltration.
One of the biggest impacts will be purely psychological, Stolfo muses. With a sea of fakes floating around, potential leakers will have to stay on their toes, second guessing the veracity of their spoils. It should also increase costs -- a facet cash-strapped WikiLeaks will surely be wary of.
“If we implant lots of decoys in a system, the adversary has to expend own resources to determine what’s real and what’s not,” Stolfo told Wired.com.
Users can test out the program on the project website where they can create their own fake documents. Once a document is set up, registered users will receive email alerts whenever their decoy is opened.