Cyber researchers at the Sandia National Laboratories recently developed a simulation, which appears real but contains altered data, meant to trick hackers into believing they have infiltrated their target system.
When a hacker is discovered, instead of simply removing them from the data source, they would be led into the falsified system, known as a High-fidelity Adaptive Deception & Emulation System (HADES). HADES contains cloned virtual hard drives, memory and data sets, but certain altered artifacts, which nonetheless appear real.
“Deception is the future of cyber defense,” Vince Urias, a cyber researcher at Sandia and one of the creators of the HADES program, said. “Simply kicking a hacker out is next to useless. The hacker has asymmetry on his side; we have to guard a hundred possible entry points and a hacker only needs to penetrate one to get in.”
The goal, Urias said, is to introduce doubt. It will likely take some time before the hacker realizes they are not in the real system. Once they figure it out, they will still be unsure when the deception began, casting doubt on the validity of the data they’ve already gathered.
The hacker must then display his toolkit in an effort to distinguish truth from fiction, revealing their tactics.
HADES has potential uses for small organizations as well as large companies, although more complex environments would require more CPU.
R&D Magazine awarded the project a 2017 R&D100 award. The researcher’s work, which was patented in October, began five years ago with a three-year Laboratory Directed Research and Development grant.