Honeypot Fake Infrastructure Catches Insider Fraud

A new briefing from Hardenstance claims several telcos have invested in “fake or decoy IT infrastructure” with the intention of improving security and identifying fraud and other abuses perpetrated by staff. The report cites the example of an unnamed North American telco which gathered…

…enough compelling information on unauthorized and malicious behaviour of some employees to justify summarily firing them (which it did).

The decoy infrastructure can be used to lure criminals and gather data about them, just like the concept of a honeypot. Unlike conventional honeypots, these decoys are designed to tempt wrongdoers within the telco, so their existence must be kept secret from all but a few senior managers, and it must be impossible to spot any differences between the decoys and real network assets.

Part of the philosophy for deploying fake infrastructure is that it serves no legitimate business purpose, so no member of staff can have a good reason to play with it. This makes it unlikely that the decoys will generate false positives associated with honest but accidental attempts to access these assets.

The Hardenstance briefing is heavily influenced by one vendor of deception technology, Attivo Networks, and thus it is difficult to calibrate how much value this method would deliver for the average operator. Nevertheless, telcos should be open to using a broader range of techniques for identifying and preventing insider crime.

You will find the full text of the Hardenstance briefing by looking here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.