1
Reasons The intent of the break-in is still not clear and the FBI is investigating the incident. Cal-ISO systems are also tightly inte- grated with the major power distribution network that also serves the entire western US’s grids. Response Cal-ISO officials said the grid was not threatened and that they had remedied the situation. Although Cal-ISO officials said they managed to trace the attack to a sys- tem in China, security experts said the technology couldn't identify whether the hacking was accomplished by govern- ments, terrorists or kids. “they managed to trace the attack to a system in China” One California state lawmaker asked the Cal-ISO to deliver to him a report detailing how and why the recent intru- sion took place and what the ISO is doing to prevent future attacks. “I think it is a matter of intense concern that we have an ISO that allowed a breach of security through what appeared to be sheer incompetence,” California Senator Tom McClintock said. “an ISO allowed a breach through what appeared to be sheer incompetence” According to McClintock, Cal-ISO spokesman Gregg Fishman reassured him that the incident was a relatively minor attack on a computer set up for testing software and connected to the Internet. The Cal-ISO officials also confirmed that its system had been pen- etrated but said no critical operations were at risk. Although the attack appeared to come from somewhere in China, Cal-ISO staff said they were not sure the hack originated there because it was so easy for the hacker to hide tracks online. McClintock had warned that hacker attacks on the California grid have the potential to paralyze the state. “The prin- cipal concern, obviously, is national secu- rity issues,” he said. The threat to power networks also occurred a few years ago when hackers hired by the US National Security Agency in 1997 to test electronic infrastructure defences staged mock attacks which would have shut down parts of the national power grid and Washington DC's emer- gency phone system had they been for real. The Honeynet Project includes volun- teers from Sun Microsystems, Cisco Systems, Stanford University, Guardent and Foundstone, and countries such as Australia, Canada, Holland and Israel. The goal is to watch the hackers and gather information on the security breaches, which companies and govern- ments that have been attacked by hack- ers are often unwilling to make known. At a recent security conference Lance Spitzner, a senior security architect for Sun Microsystems and one of the volun- teers running the project, said the pro- ject, which has been running on a limited basis for about a year, will be expanded to run on a large number of systems around the world including a US Navy network. “The more we deploy, the faster we will find the attackers,” Spitzner said. “The more we deploy, the faster we will find the attackers” The group gathers information through the use of a Honeynet, a computer net- work on the Internet that is made up of various hardware and software systems complete with sensors as well as a tempt- ing name and content. An intrusion- detection system triggers a virtual alarm whenever an attacker breaches security on one of the networked computers. Once the information is captured, it is analyzed to learn the tools, tactics and motives of the blackhat community. According to the volunteers, Honeynet, using statistical analysis, can predict when an attack is likely to happen. “We can pre- dict up to three days when you're going to be attacked and how you are going to be attacked,” Spitzner said. The Honeynet Project differs from a honeypot, which is a system designed to be attacked, usually for the purpose of decep- tion or alerting of hacker attacks. Generally, honeypots are systems that emulate known vulnerabilities or emulate other systems. The Honeynet can utilize multiple systems at the same time, such as Solaris, Linux and Windows NT. Based on the research of the Honeynet Project, the life expectancy of a default install- ation of Red Hat 6.2 server is less than 72 hours. Volunteers from the Honeynet Project do not prosecute the people that com- promise systems. However, at times they forward data they have captured to Computer Emergency Response Team (CERT) and to other security pro- grammes. The project volunteers recently applied for a grant from the National Institute of Standards and Technology. reports 6 Watching Hackers in the Honeynet Gerald Johns A group of 30 computer security, information intelligence and psychology researchers has set up a computer network on the Web which is intended to allow hackers to break into a false network.

Watching Hackers in the Honeynet

Embed Size (px)

Citation preview

Page 1: Watching Hackers in the Honeynet

ReasonsThe intent of the break-in is still not clearand the FBI is investigating the incident.

Cal-ISO systems are also tightly inte-grated with the major power distributionnetwork that also serves the entire westernUS’s grids.

ResponseCal-ISO officials said the grid was notthreatened and that they had remedied thesituation. Although Cal-ISO officials saidthey managed to trace the attack to a sys-tem in China, security experts said thetechnology couldn't identify whether thehacking was accomplished by govern-ments, terrorists or kids.

“they managed to trace theattack to a system in

China”

One California state lawmaker askedthe Cal-ISO to deliver to him a reportdetailing how and why the recent intru-sion took place and what the ISO isdoing to prevent future attacks.

“I think it is a matter of intense concern that we have an ISO that alloweda breach of security through whatappeared to be sheer incompetence,”California Senator Tom McClintock said.

“an ISO allowed a breachthrough what appeared to

be sheer incompetence”

According to McClintock, Cal-ISOspokesman Gregg Fishman reassuredhim that the incident was a relativelyminor attack on a computer set up fortesting software and connected to theInternet. The Cal-ISO officials also

confirmed that its system had been pen-etrated but said no critical operationswere at risk.

Although the attack appeared to comefrom somewhere in China, Cal-ISO staffsaid they were not sure the hack originatedthere because it was so easy for the hackerto hide tracks online.

McClintock had warned that hackerattacks on the California grid have thepotential to paralyze the state. “The prin-cipal concern, obviously, is national secu-rity issues,” he said.

The threat to power networks alsooccurred a few years ago when hackershired by the US National Security Agencyin 1997 to test electronic infrastructuredefences staged mock attacks which wouldhave shut down parts of the nationalpower grid and Washington DC's emer-gency phone system had they been for real.

The Honeynet Project includes volun-teers from Sun Microsystems, CiscoSystems, Stanford University, Guardentand Foundstone, and countries such asAustralia, Canada, Holland and Israel.The goal is to watch the hackers andgather information on the securitybreaches, which companies and govern-ments that have been attacked by hack-ers are often unwilling to make known.

At a recent security conference LanceSpitzner, a senior security architect forSun Microsystems and one of the volun-teers running the project, said the pro-ject, which has been running on alimited basis for about a year, will beexpanded to run on a large number ofsystems around the world including aUS Navy network.

“The more we deploy, the faster we willfind the attackers,” Spitzner said.

“The more we deploy, thefaster we will find the

attackers”

The group gathers information throughthe use of a Honeynet, a computer net-work on the Internet that is made up ofvarious hardware and software systemscomplete with sensors as well as a tempt-ing name and content. An intrusion-detection system triggers a virtual alarmwhenever an attacker breaches security onone of the networked computers.

Once the information is captured, it isanalyzed to learn the tools, tactics andmotives of the blackhat community.

According to the volunteers, Honeynet,using statistical analysis, can predict whenan attack is likely to happen. “We can pre-dict up to three days when you're going tobe attacked and how you are going to beattacked,” Spitzner said.

The Honeynet Project differs from ahoneypot, which is a system designed to beattacked, usually for the purpose of decep-tion or alerting of hacker attacks.Generally, honeypots are systems thatemulate known vulnerabilities or emulateother systems.

The Honeynet can utilize multiple systems at the same time, such as Solaris, Linux and Windows NT. Based on the research of the Honeynet Project,the life expectancy of a default install-ation of Red Hat 6.2 server is less than 72hours.

Volunteers from the Honeynet Projectdo not prosecute the people that com-promise systems. However, at times theyforward data they have captured toComputer Emergency Response Team(CERT) and to other security pro-grammes.

The project volunteers recently appliedfor a grant from the National Institute ofStandards and Technology.

reports

6

Watching Hackers in theHoneynet Gerald Johns

A group of 30 computer security, information intelligence and psychologyresearchers has set up a computer network on the Web which is intended to allowhackers to break into a false network.

issue.qxd 8/16/01 11:52 AM Page 6

DEAC-Hackers Almanach 2017, 2018nbatfai/DEAC-Hackers/DEAC-Hackers-Almanac-hu.pdfDRAFT DEAC-Hackers Almanach 2017, 2018 MUNKAVERZIÓ i DEAC-Hackers Almanach 2017, 2018 A Debreceni Egyetem

DEAC-Hackers Almanach 2017, 2018nbatfai/DEAC-Hackers/DEAC-Hackers-Almanac-hu.pdfDRAFT DEAC-Hackers Almanach 2017, 2018 MUNKAVERZIÓ i DEAC-Hackers Almanach 2017, 2018 A Debreceni Egyetem

Documents
Reevaluating Attorney-Client Privilege in the Age of Hackers · Reevaluating Attorney-Client Privilege in the Age of Hackers “Dance like no one is watching; email like it may one

Reevaluating Attorney-Client Privilege in the Age of Hackers · Reevaluating Attorney-Client Privilege in the Age of Hackers “Dance like no one is watching; email like it may one

Documents
About Honeynets and The Honeynet Project

About Honeynets and The Honeynet Project

Documents
Honeynet Weekly Report Canadian Institute for

Honeynet Weekly Report Canadian Institute for

Documents
The Honeynet Project & Forensic Challenges 2010

The Honeynet Project & Forensic Challenges 2010

Documents
The Honeynet Project and Global Distributed Honeynets

The Honeynet Project and Global Distributed Honeynets

Documents
The Italian Honeynet Chapter

The Italian Honeynet Chapter

Documents
Definitions, Intrusion Detection Systems€¦ · How honeypots work HoneyD Honeynet, HoneyWall MWCollect: Nepenthes, HoneyTrap and HoneyBow Limitations and future Limitations Honeynet

Definitions, Intrusion Detection Systems€¦ · How honeypots work HoneyD Honeynet, HoneyWall MWCollect: Nepenthes, HoneyTrap and HoneyBow Limitations and future Limitations Honeynet

Documents
Know Your Tools - Blogs | The Honeynet Project

Know Your Tools - Blogs | The Honeynet Project

Documents
IDS : HoneyNet und HoneyPoteris.prakinf.tu-ilmenau.de/edu/HS/0203/triebel03honeynetTalk.pdf · 18.03.2003 2 IDS – HoneyNet und HoneyPot Jens Triebel Motivation In warfare, information

IDS : HoneyNet und HoneyPoteris.prakinf.tu-ilmenau.de/edu/HS/0203/triebel03honeynetTalk.pdf · 18.03.2003 2 IDS – HoneyNet und HoneyPot Jens Triebel Motivation In warfare, information

Documents
NACS - March 2012 THP: Tunisian Honeynet Project « Saher-Honeynet » Speaker: Hafidh EL FALEH hafidh.faleh@gmail.com

NACS - March 2012 THP: Tunisian Honeynet Project « Saher-Honeynet » Speaker: Hafidh EL FALEH [email protected]

Documents
1 The Honeynet Project: Trapping the Hackers Lance Spitzner, Sun Microsystems Presented by Vikrant Karan

1 The Honeynet Project: Trapping the Hackers Lance Spitzner, Sun Microsystems Presented by Vikrant Karan

Documents
Honeypots. Your Speaker Lance Spitzner –Senior Security Architect, Sun Microsystems –Founder of the Honeynet Project –Author of Honeypots: Tracking Hackers

Honeypots. Your Speaker Lance Spitzner –Senior Security Architect, Sun Microsystems –Founder of the Honeynet Project –Author of Honeypots: Tracking Hackers

Documents
The Honeynet Project & Forensic Challenges 20102010.rmll.info/IMG/pdf/03_guenichot.pdf · • Honeynet Project CTO • Intrusion Detection specialist & big volumes logs analyst •

The Honeynet Project & Forensic Challenges 20102010.rmll.info/IMG/pdf/03_guenichot.pdf · • Honeynet Project CTO • Intrusion Detection specialist & big volumes logs analyst •

Documents
Paper Proyecto Honeynet

Paper Proyecto Honeynet

Documents
Honeypots & Honeynet€¦ · APNIC Community Honeynet Project •Context •Part of network security training –using honeypots for visualizing network security attacks / threats

Honeypots & Honeynet€¦ · APNIC Community Honeynet Project •Context •Part of network security training –using honeypots for visualizing network security attacks / threats

Documents
Honeynet Introduction Tang Chin Hooi APAN Secretariat

Honeynet Introduction Tang Chin Hooi APAN Secretariat

Documents
Honeynet Challenge 7

Honeynet Challenge 7

Documents
THP:  Tunisian Honeynet Project « Saher -Honeynet » Speaker: Hafidh EL FALEH

THP:  Tunisian Honeynet Project « Saher -Honeynet » Speaker: Hafidh EL FALEH

Documents
Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector Background

Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector Background

Documents
2015 05-19-honeynet-stavanger-til-publisering

2015 05-19-honeynet-stavanger-til-publisering

Government & Nonprofit
Honeynets and The Honeynet Project

Honeynets and The Honeynet Project

Documents
Honeynet Threat Sharing Platform · LINUX SERVER. Indonesia Honeynet Project (IHP) Threat Map 10. Early Warning System (Honeynet Portal at BSSN) 11. Threat Sharing Platform Architecture

Honeynet Threat Sharing Platform · LINUX SERVER. Indonesia Honeynet Project (IHP) Threat Map 10. Early Warning System (Honeynet Portal at BSSN) 11. Threat Sharing Platform Architecture

Documents
Honeynet architecture

Honeynet architecture

Internet
Know Your Enemy - The Honeynet Project

Know Your Enemy - The Honeynet Project

Documents
The Honeynet Project

The Honeynet Project

Documents
Pengamanan Jaringan dengan Honeynet-Charles Lim

Pengamanan Jaringan dengan Honeynet-Charles Lim

Government & Nonprofit
Hackers to Hackers Conference 4th. Ed. - Events

Hackers to Hackers Conference 4th. Ed. - Events

Documents
The Honeynet Project Setting Up A Honeynet Examples Of Blackhat Activity Test Results, by Kirk Hausman

The Honeynet Project Setting Up A Honeynet Examples Of Blackhat Activity Test Results, by Kirk Hausman

Documents
Know Your Enemy: Sebek - The Honeynet Project

Know Your Enemy: Sebek - The Honeynet Project

Documents