Websites to set traps for hackers

A security company is attempting to catch hackers by luring them into traps within ecommerce websites.

Firewall specialist Objectronix has launched a service accompanying its firewall product that uses dummy tools and data, such as false credit card details, to entice hackers into a trap.

Once the hacker has been lured into the trap - a controlled area of the firewall - a trace is automatically sent to Ojectronix's 24x7 attack response team. The team monitors the hacker's activity while in the trap and examines evidence once the hacker has moved on.

Chris Royle, a director at Objectronix, said: "It's like putting a sign up in a bank saying 'vault this way' when the vault is in the other direction, but perhaps not quite so blatant."

The team will assess how the attack was conducted, its source, and any other information to help identify the hacker. They then contact the police.

"The Honey Pot itself doesn't prevent hackers and in some ways it even encourages them, but it can help trace where the attacks are coming from and lead to the perpetrators being caught," said Royle.

Royle said that any potentially malicious traffic is directed to the Honey Pot which is specially designed not to be too difficult for the hacker to break into.

"Once he's in, there is a database of fake card details and user names to keep him occupied while the alarm bells have been set off. With a normal firewall you repel all these attacks, but you don't know who they are or where they are coming from. Once a hacker's in the Honey Pot, we can start to trace him."

Royle said hackers can only be traced while they remain in the Honey Pot. "But they will leave evidence behind when they exit, which can be used to trace them." he added.

The service is available now and includes web server software with dummy pages, a public domain database containing fake user details, and mail servers. No outbound connections are permitted from the Honey Pot, which resides on an isolated network on its firewall interface.

On a fully rented, managed basis, the service costs £4,000 per year plus a response fee for each incident.