Mykonos’s motto is two-fold.
When you think of protecting a website from hackers, the first thing that comes to mind is probably blocking them out. But what if you just let them on a wild-goose chase, feeding them nuggets of false information and leading them down dead-ends until they get fed up and go do something else?
That’s the strategy behind Mykonos Software‘s security program, which takes a “step right in, let me fetch you a cup of tea and bore you to tears” approach to protection. The tool identifies individuals who are running common searches for security weaknesses on a site, logs their information, and continues to play them for suckers by dribbling out a breadcrumb trail that appears to yield passwords and other tasty vulnerabilities, but ultimately leads nowhere. CEO David Koretz explained to Tom Simonite at Tech Review the various ways in which the software plays with attackers:
A scan that might usually take five hours could take 30, Koretz says. Other tactics include offering up dummy password files, which can help track an attacker when he or she tries to use them. “We’ll let them break the encryption and present a false login page. We have the ability to hack the hacker,” says Koretz.