A "honeypot" trap consisting of a Wi-Fi-equipped laptop is the latest weapon against drive-by hackers. Set up at the London headquarters of consultants KPMG, the laptop looks to the outside world like a simple wireless access point, but contains monitoring software designed to determine the level of illicit activity.
"We are trying to measure the number of wardrivers, and the level of attack they are attempting," said Michael van Strien of KPMG, revealing the device at the RSA security conference in Paris. He plans to publish some results in the next month or two, which will give an idea of the level of the much discussed threat of "wardriving", where hackers outside an office gain access to unsecured wireless access points. "We're looking at the number of hits and how many try to get network addresses," said van Strien.
The honeypot will be a laptop with a Prism wireless LAN card, which can act as a Wi-Fi access point. The laptop will have no other network connection, but will appear to the hacker as a possible entry point to the corporate network.
Van Strien plans to run several honeypots in different offices across London, and move them about within the buildings, so that if wardrivers become aware of their existence they will not know for sure which are real access points and which are honeypots. If successful, he plans to package the honeypot up as a security tool for corporate Wi-Fi users. "It needs a beautiful user interface," he said.
One conference delegate noted that if the idea takes off, it is easy to imagine that the hacker community will respond with a new warchalking symbol. Perhaps, he remarked, this would be a "Pooh" style honeypot marked on the pavement where a honeypot is suspected.
KPMG also launched a managed security service at the RSA conference. "This goes beyond monitoring services such as those offered by Counterpane or Unisys," said KPMG partner Malcolm Marshall. "People were wary of handing security over to a third party, but those people have done a great job of raising awareness." The service already has six customers but, as with most such services, they are not keen for their names to be made public.
Peter Judge reported from the RSA Conference in Paris.