Deception Technology: Security Past, Present and Future Hacking Tools

Deception Technology is a growing cyber security field. Yet, we argue that technology has nothing to do with our innate biological need for security. 

Remember in 2000 when Ridley Scott exaggerated Emperor Commodus’s reign? It’s true that, depending on which histories you read, Commodus was kind of a whiner.

In the movie Gladiator when Maximus Decimus Meridius wins over the mob from his patricidal emperor, Commodus feels cornered. As he grasps for solutions to his Russell Crowe-flavored problem, one Roman senator, Falco, tells the emperor to employ deception technology.

We argue that people in the position of Ridley Scott’s Commodus often turn towards deception to even the playing field, and there are certainly many historical examples of that being true.

Deception technologies, per Wikipedia, specifically within the umbrella of contemporary cyber defense, are security procedures designed to deceive attackers, detect them, and then eradicate them.

Think about it like email phishing attacks but in reverse.

Think of the fish as hackers that will get your worms one way or another. You stage a worm on a hook and wait for it to fool a fish. When the fish strikes at the worm, the bobber lets you know that a fish (or attacker, in this analogy) is interested. Once the fish tries to carry the worm, hook, and line away, you engage.

This analogy isn’t perfect as fish don’t know you have worms until they’re impaled and in the water. Yet, there is an ocean of hackers out there, and they know about your worms–and they want them.

Deception is the most proactive method for catching these would-be attackers before they completely infiltrate your systems.

Hacking Tools Trumped by Military Strategy

If you’ve played Deus Ex: Mankind Divided, you may have engaged with the hacking minigame.

This time, you’ve got the hacking tools. There is one node in particular that you need to hack to attain your goal, but you must first capture a number of dummy nodes. Capturing dummy nodes comes with the risk of being detected by the onboard diagnostic–in this case, the deception technology procedure.

But before Al Gore created the Internet (jk) and computer nerds began trying to steal each others information, deception technologies were used in some of the most well-known military engagements in history.

Operations Bodyguard, Fortitude, and Overlord During World War II

As you probably know, Operation Overlord is the codename for the Normandy invasion on June 6th, 1944, which, for the western allied powers during WWII, was the beginning of the end of the Third Reich.

Before the attack was carried out, however, the allies implemented large-scale visual and electronic deception via Operations Bodyguard and Fortitude.

Operation Fortitude

Operation Fortitude was meant to deceive the German military and convince them that an imminent invasion would come at two points, Fortitude North and Fortitude South, away from Normandy where the invasion was planned to land.

In addition, Fortitude hoped to continue its deception and delay German reinforcements after the invasion landed on June 6th, 1944.

Operation Bodyguard

Was the overall deception plan and contained within its umbrella Operation Fortitude. Bodyguard’s goal was to use multiple deception points to confuse the Germans as to the exact time, place, and magnitude of the Allied invasion at Normandy.

Within the context of cyber deception technology, this analogy also isn’t perfect, as the Allies were the “attackers” and deception was one of their “hacking tools.”

Yet, this does illustrate the innate preference for deception in order to secure ourselves.

Now, startup companies are being created around this security methodology. Like with the Normandy invasion in WWII, deception is being used to protect the most integral systems and important facets of cyber infrastructure.

illusive networks and Merck KGaA

No, I didn’t forget to capitalize that header.

illusive networks, an Israeli deception technology firm developed “Deception Everywhere,” a deception security suite that helps businesses protect their systems past the first line of defense against hacking tools.

Merck KGaA, a German pharmaceutical company worth many billions of U.S. dollars, employed illusive networks to protect against high-profile attackers that get past front-line, standardized security protocols.

“The idea is that if an advanced attacker makes it past these standardized controls, there is a next level of protection that really protects our crown jewels,” said Branden Newman, Merck KGaA head of business technology security and former member of the U.S. Army Cyber Command.

illusive networks, strengthening an already impressive reputation for Israeli cyber security, has received more than $30 million USD from significant investors such as Microsoft Ventures and Cisco.

Technology is a Tool

Whenever we consider internet privacy and security, we always look for the underlying cause of distrust. We believe that is an element of humanity. Hacking tools will continue to improve and change, but hackers will always be human–until AI sentience is conceived of, perhaps.

Deception technology, though useful as a term to describe a specific cyber security methodology, is a derivative of practices humanity has engaged in since time immemorial.

We deceive in order to produce desired reactions.

Just look at the rise of Fake News during last year’s U.S. Presidential election cycle.

Whether your believe governments were using false information presented as news stories to influence elections, what is true is that Fake News was used to drive click traffic–and it certainly created a fortune for some.

After considering all of this, I suppose we should rely upon deception as a common human tactic. As Björk said, “If you ever get close to human behavior, you better be ready to get confused.”