Mykonos’s motto is two-fold.
When you think of protecting a website from hackers, the first thing that comes to mind is probably blocking them out. But what if you just let them on a wild-goose chase, feeding them nuggets of false information and leading them down dead-ends until they get fed up and go do something else?
That’s the strategy behind Mykonos Software‘s security program, which takes a “step right in, let me fetch you a cup of tea and bore you to tears” approach to protection. The tool identifies individuals who are running common searches for security weaknesses on a site, logs their information, and continues to play them for suckers by dribbling out a breadcrumb trail that appears to yield passwords and other tasty vulnerabilities, but ultimately leads nowhere. CEO David Koretz explained to Tom Simonite at Tech Review the various ways in which the software plays with attackers:
A scan that might usually take five hours could take 30, Koretz says. Other tactics include offering up dummy password files, which can help track an attacker when he or she tries to use them. “We’ll let them break the encryption and present a false login page. We have the ability to hack the hacker,” says Koretz.
Koretz talks about changing the economics of hacking, making it basically too tedious and boring for hackers to gain access to a site, rather than too technically challenging. It’s basically behavioral economics meets security. But another expert, Sven Deitrich, also interviewed by Tech Review, points out that hell hath no fury like a hacker duped. Companies may need to watch out for retribution from hackers who realize they’ve been using Mykonos’s software.
Maybe we spend too much time thinking about duck genitalia, but it’s hard not to see the parallels with the evolutionary arms race between male ducks, with their crazy long and convoluted penises, and female ducks, with their twisting, dead-end-riddled vaginas. Hackers are the male ducks, and people at the cutting edge of web security are the sneaky lady ducks. Looks all inviting and everything, but actually? Full of tricks.
Of course, hackers might well come up with a new dodge that evades Mykonos’s software. Ducks, after all, still somehow manage to make ducklings.