20.5k unique visitors in the last 3 days

Honeypot Fake Infrastructure Catches Insider Fraud

If we use honeypots to lure and identify criminals working outside of telcos, why not use the same method to catch insiders?

A new briefing from Hardenstance claims several telcos have invested in “fake or decoy IT infrastructure” with the intention of improving security and identifying fraud and other abuses perpetrated by staff. The report cites the example of an unnamed North American telco which gathered…

…enough compelling information on unauthorized and malicious behaviour of some employees to justify summarily firing them (which it did).

The decoy infrastructure can be used to lure criminals and gather data about them, just like the concept of a honeypot. Unlike conventional honeypots, these decoys are designed to tempt wrongdoers within the telco, so their existence must be kept secret from all but a few senior managers, and it must be impossible to spot any differences between the decoys and real network assets.

Part of the philosophy for deploying fake infrastructure is that it serves no legitimate business purpose, so no member of staff can have a good reason to play with it. This makes it unlikely that the decoys will generate false positives associated with honest but accidental attempts to access these assets.

The Hardenstance briefing is heavily influenced by one vendor of deception technology, Attivo Networks, and thus it is difficult to calibrate how much value this method would deliver for the average operator. Nevertheless, telcos should be open to using a broader range of techniques for identifying and preventing insider crime.

You will find the full text of the Hardenstance briefing by looking here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email