Blog: Honeypots

Honey traps, a lesson in espionage, and managing your ego

consultant-placeholder10 Ken Munro 25 Mar 2014

We love network honeypots, an awesomely cheap binary IDS. Someone on your network either IS trying to exploit your fake domain controller, or they aren’t.

We were running a security awareness training session a while back, and were a little surprised that one of the audience was offended by the term ‘honeypot’. I was thinking of honey in a jar + wasps, but turns out it has a much older, rather vulgar, slang connotation. No prizes for guessing what…

Anyway, way before the dawn of computing, honeypots / honey traps were in widespread use. Usually by the security services of the day. The start of social engineering, before we even called it that.

An attractive man or woman hits on a traveller in a bar. Stuff happens, after which their wallet / laptop / sensitive information or maybe their kidneys have been parted with.

Or maybe it’s a bit more involved; perhaps a long term relationship with a government minister leading to information being passed to a foreign power.

Nice to see MI5 reminding us all that it still happens, particularly in light of events in Crimea:

We would be well to remember that if something seems too good to be true, then it probably is. If you’re a greying 40-something infosec consultant (like me) then that attractive, 25-ish tech-savvy lady with an eastern European accent might be after more than just your “suave”, beer-fuelled conversation:

State secrets / intellectual property / credit cards / internal organs. You choose.