An American Internet security firm recently set up three honey pot servers to measure the extent that hackers are attacking SCADA (supervisory control and data acquisition) and ISC (industrial control system) targets. The response by hackers was surprising and scary.
A honey pot is an Internet server (PC a Website is running on) that looks real but is carefully monitored to record everything an attacking hacker does. This way, computer security researchers can collect information on the Internet criminals and have a better chance of stopping them and hunting them down. It's not practical to put the monitoring software on every site. Bank and high-security government servers have substantial defenses that monitor any (well nearly any) penetration and shut down if any unauthorized entry is detected. This doesn't help to identify attacking hackers, but all these sites want to do is remain secure, not play cop.
The honey pot SCADA/ISC servers attracted 39 hacker attacks over a 28 day period. While the attacks came from 14 different countries, 35 percent were from China, 19 percent from the U.S., and 12 percent from Laos. The attacks were more aggressive and determined than anticipated and indicated that there are a lot of people out there looking for vulnerable SCADA/ISC sites and seeking to get in and, it seems, determine how to best sabotage the site.
At the heart of modern industry are the ISC and SCADA systems which control motors, sensors, alarms, pumps, valves, and other essential equipment. The successful hack of SCADA systems allows the attacker to take remote control of these systems. Options for the attacker are things like turning off safety systems in a nuclear reactor, opening or shutting a dam’s overflow sluices, opening oil pipelines to contaminate sea or land, or shutting down water supplies and sewage systems for large numbers of people.
The honey pots have proven useful in finding out what tools and techniques the bad guys have. This makes it possible to build better defenses. Honey pots also make attackers uncomfortable and less confident that any server they are hacking into is not rigged to catch them. However, the hackers know the honey pots are out there and the technological war of wits continues. The software engineers that design defenses keep making the honey pots more convincing. As a bonus, they add elements to non-honey pot servers to make a knowledgeable hacker hat think it's a honey pot. A bonus, as it were.
Computer security firms have found that developing new honey pots, that are cheaper to create and run, and more difficult for attackers to detect, are a good investment. If nothing else, it makes hacking a lot more difficult and nerve wracking.