During a cyber exercise in Estonia on November 16-20, NATO experts experimented with deceptive techniques – they practiced in catching Russian government-funded hackers using specially placed traps.
The exercise, coordinated by the Cyber Security Training Centre of the Estonian Ministry of Defence, was attended by 1,000 people. Whereas previous exercises were aimed at imitating hybrid warfare methods, this year the participants practiced using traps for hackers – honeypots and honeynets.
However, in reality, the information stolen by the attacker is of no value and was deliberately provided for theft. But after the hacker has been on the “network”, researchers can study his tools and tactics. At the same time, the attacker does not know that he has fallen for the bait and, in fact, is an object for study by NATO specialists.
According to Alberto Domingo, CTO for Cyberspace at NATO’s High Command for Transformation, this way experts can gather as much information about the enemy as possible.
In particular, they can establish who the enemy is, what he is, what goals he is pursuing and what he intends to do next.
If the use of honeypots by private security researchers is nothing new, the governments have begun to use them relatively recently. Whether NATO is using honeypots only in exercises or in real-life scenarios is also unknown.
Recently Microsoft accused Russia and North Korea of attacks on pharmaceutical companies, and let me remind you that Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company.