To Thwart Hackers, New Security Software Makes Hacking Tedious

By Veronique Greenwood | January 25, 2012 1:06 pm

mykonosMykonos’s motto is two-fold.

When you think of protecting a website from hackers, the first thing that comes to mind is probably blocking them out. But what if you just let them on a wild-goose chase, feeding them nuggets of false information and leading them down dead-ends until they get fed up and go do something else?

That’s the strategy behind Mykonos Software‘s security program, which takes a “step right in, let me fetch you a cup of tea and bore you to tears” approach to protection. The tool identifies individuals who are running common searches for security weaknesses on a site, logs their information, and continues to play them for suckers by dribbling out a breadcrumb trail that appears to yield passwords and other tasty vulnerabilities, but ultimately leads nowhere. CEO David Koretz explained to Tom Simonite at Tech Review the various ways in which the software plays with attackers:

A scan that might usually take five hours could take 30, Koretz says. Other tactics include offering up dummy password files, which can help track an attacker when he or she tries to use them. “We’ll let them break the encryption and present a false login page. We have the ability to hack the hacker,” says Koretz.

Koretz talks about changing the economics of hacking, making it basically too tedious and boring for hackers to gain access to a site, rather than too technically challenging. It’s basically behavioral economics meets security. But another expert, Sven Deitrich, also interviewed by Tech Review, points out that hell hath no fury like a hacker duped. Companies may need to watch out for retribution from hackers who realize they’ve been using Mykonos’s software.

Maybe we spend too much time thinking about duck genitalia, but it’s hard not to see the parallels with the evolutionary arms race between male ducks, with their crazy long and convoluted penises, and female ducks, with their twisting, dead-end-riddled vaginas. Hackers are the male ducks, and people at the cutting edge of web security are the sneaky lady ducks. Looks all inviting and everything, but actually? Full of tricks.

Of course, hackers might well come up with a new dodge that evades Mykonos’s software. Ducks, after all, still somehow manage to make ducklings.

CATEGORIZED UNDER: Technology Attacks!
  • David Koretz

    It’s hard to argue that is not the most brilliant analogy ever. Thank you for making my day on the Duck Penis argument.

    …and for what it’s worth, we are a team of hackers who LOVE hacking. The goal is not to stop hacking, the goal is to change the economics.

    David Koretz

    • H Davis79

      Mykonos will now be including pictures of duck genitalia when the hackers need to be scared away.

  • Tony Mach

    … and then someone finds vulnerabilities in the Mykonos software …

  • Bossy Girls Femdom

    my website has thousands of hackers. none successful. Contact me and I will give you good fake passwords to feed password sharing sites. Hackers will feel like if they landed in subscriber area


Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!


Quirky, funny, and surprising science news from the edge of the known universe.

See More

Collapse bottom bar