BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Tuesday, 31 July, 2001, 14:33 GMT 15:33 UK
Hackers to the honey
Bees around the honey pot BBC
Hackers surround the Honeynet like bees around a honey pot
By BBC News Online technology correspondent Mark Ward

A decoy computer network set up to record every attempt to crack it open and subvert it has revealed just how active and determined malicious hackers have become.

If your organisation has any value, or is advertised in any way, you are most likely exposed to even greater threat

Honeynet Project report
Statistics gathered by the network show that computers connected to the web are scanned for weaknesses up to 14 times per day and that, on average, an attempt will be made to break into a net-connected computer every three days.

The good news is that this project has highlighted the attack patterns used by hackers, which could help people predict when they are about to face an assault.

The decoy network, made up from six machines, is operated out of the back bedroom of Lance Spitzner, a computer consultant and security expert.

Recorded attacks

His network is similar to thousands of others operated by small businesses and technology enthusiasts that make up the network of networks we know as the internet, with one significant exception.

The network set up and overseen by Mr Spitzner was specifically set up to tempt malicious or "black hat" hackers into fiddling with it. When they do, it records every action they take and every keystroke they make.

Mr Spitzner set up the network as part of the Honeynet Project, which aims to gather information about the working methods of black hat hackers to aid organisations that want to avoid their attentions.

Too often, said Mr Spitzner, information was gathered in the wake of an attack rather than before it occurred. The Honeynet should help redress the balance.

Over the 11-month period from April 2000 to February 2001, the decoy network has been gathering statistics on every attack on the network, every successful takeover and all attempts to make it launch attacks on someone else's behalf.

Predictable patterns

Although no attempt was made to advertise the existence of the network, it was regularly discovered and attacked. "Theoretically this site should see very little activity, as we do not advertise any services nor the systems," said Mr Spitzner's report on the project. "However, attack they do, and frequently.

"If your organisation has any value, or is advertised in any way, you are most likely exposed to even greater threat," the report warns.

At busy times, the network was being scanned up to 14 times per day by black hat hackers, using automated tools that probe the net's networks looking for specific vulnerabilities.

The six computers making up the network were also regularly attacked by crackers looking to see if they had well-known vulnerabilities patched up.

The report said that, on average, any computer newly connected to the web would only have to wait three days before hackers came calling. In one instance, someone tried to crack open one of the Honeynet computers a mere 15 minutes after it went online.

More honey

But the news is not all bad. The report reveals that because malicious hackers are using automated tools to find and fiddle with networks, they follow predictable attack patterns.

The report found a strong link between the type of scanning or probing a network would suffer and the subsequent attacks that would be launched upon it. Using these data, companies might be able to work out the vulnerabilities of their networks and take action before the hackers come to visit.

Mr Spitnzer, a former tank commander and founding member of the Honeynet Project, has been joined by a rough coalition of 30 others, including security experts, psychologists, technologists and forensic scientists.

The report was released in advance of a book produced by Honeynet members entitled Know Your Enemy, which is due to go on sale later this year. Proceeds from the sale of the book will be used to establish other, larger Honeynets, helping to gather more accurate statistics about how malicious hackers ply their trade.

See also:

31 Jan 01 | Sci/Tech
Major net security holes identified
24 May 01 | Sci/Tech
Web warning centre in net attack
30 Jul 01 | Sci/Tech
Internet's 'very real' virus threat
20 Jul 01 | Sci/Tech
White House dodges web virus
10 May 01 | Sci/Tech
Porn virus fizzles out
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories