Hi, everybody. Ed Amoroso here and I want to talk to you in this video about something called deception in the context of cyber security, deception meaning fake lures, honeypots, lying, trickery to try and catch bad guys. One of my favorite stories here about a cable company, kind of in the New York City area that I had some involvement with some number of years ago, I'd been speaking with them, wasn't a place where I was working but I would watch what they were doing, thought it was clever. The idea was, that in those days, maybe 20 years ago, you could take the set top box off a cable company-provided end-user appliance to get analog broadcast, and you could find the CPU of the set top box and read the number, pop it out, go on the internet, and buy the same number, but they always gave you the option of buying the same number with a T after, the test version, it'll be mailed to you, put the test version in, put the top back on, and it decrypted, descrambled everything. You got all the pay per view channels, all the sports events, everything for free. So the question that this company was thinking through, and I get to remember sort of being involved in looking at this and thinking, how would you solve something like this? What they came up with was an idea. It was very clever. During a heavyweight boxing event, they came up with the idea to put a banner message across the event but to scramble it. So that if you were buying the event, you'd see a scrambled message. It's no damage. You're watching the event and you see scrambled gobbledygook, you just shrug. No big deal. But if you had the chip, it decrypted everything and you'd read the message. And what the message said was, "Hey, welcome to this big prize fight. Thanks for buying it. Hey, we're giving out free T-shirts. If you give us your name, phone number, address, blah blah blah, we'll mail you a T-shirt." And they got something like 8,000 people mailed in for the T-shirt and they caught them. Isn't that cool? They're using deception, they're using trickery. They're using this idea that, operationally, it's not just a matter of putting cryptography in place, but if you're dealing with an active attacker, why not be an active defender? So the architecture in support of these things, for the most part, is that you have authorized and unauthorized users, hackers, going through your normal security stuff attack detection prevention. And if there's a suspicion that there may be something funny going on, possibility might be that you would take that hacker if you're accurate and divert them to fake content we often refer to as honeypot content. It's a duplicate of your system but it's not real and it's there to kind of trick them into sticking around and trying to hack and you're watching, you sound alarm bells. You'd like to think of it as sort of a jail. This is a really powerful concept and virtualization really helps with this. For example, a hacker running a scanner, if you detect the scan and you say this is not reasonable, you could use a virtual network to open up a fake network into which the scanner emerges and never returns. You just keep building more and more and more and more and more fake network, and the scanner just keeps chasing it. We call that a Tarpit. Because in some sense, you've caught the scanner and something that he'll never get out from. These are fun, interesting techniques. I think this is a really wonderful vibrant area of cyber security. It's something that if you're watching and you're considering a masters program or a PhD or you're doing research, we don't have anywhere near enough work in this area and this is how you catch bad guys. Like the way we catch people on the internet doing inappropriate things with young people, for example, this, on the other end, they think they're talking to a youngster, it's actually some FBI agents faking to be that youngster and they usually trick and nab the perpetrator. It's a very effective means for catching bad people. I think it's way too under attended in cyber security. So I hope that as you consider architectures and designs and implementations and anything you're doing in and around cyber security, I hope you'll try and factor in some level of deception, deceptive use, attack kind of detection via lures and honeypots as a component of your strategy in reducing risk in whatever it is that you're trying to protect. And certainly, if you're doing critical infrastructure protection, this is a useful measure. I hope this has been a good introduction for you and I'll see you in the next video.
