DOCSLIB.ORG

Honeypots in the Age of Universal Attacks and the Internet of Things

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Honeypots in the Age of Universal Attacks and the Internet of Things UCAM-CL-TR-944 Technical Report ISSN 1476-2986 Number 944 Computer Laboratory Honeypots in the age of universal attacks and the Internet of Things Alexander Vetterl February 2020 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 https://www.cl.cam.ac.uk/ c 2020 Alexander Vetterl This technical report is based on a dissertation submitted November 2019 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Churchill College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: https://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Honeypots in the age of universal attacks and the Internet of Things Alexander Vetterl Summary Today's Internet connects billions of physical devices. These devices are often immature and insecure, and share common vulnerabilities. The predominant form of attacks relies on recent advances in Internet-wide scanning and device discovery. The speed at which (vulnerable) devices can be discovered, and the device monoculture, mean that a single exploit, potentially trivial, can affect millions of devices across brands and continents. In an attempt to detect and profile the growing threat of autonomous and Internet-scale attacks against the Internet of Things, we revisit honeypots, resources that appear to be legitimate systems. We show that this endeavour was previously limited by a fundamentally flawed generation of honeypots and associated misconceptions. We show with two one-year-long studies that the display of warning messages has no deterrent effect in an attacked computer system. Previous research assumed that they would measure individual behaviour, but we find that the number of human attackers is orders of magnitude lower than previously assumed. Turning to the current generation of low- and medium-interaction honeypots, we demonstrate that their architecture is fatally flawed. The use of off-the-shelf libraries to provide the transport layer means that the protocols are implemented subtly differently from the systems being impersonated. We developed a generic technique which can find any such honeypot at Internet scale with just one packet for an established TCP connection. We then applied our technique and conducted several Internet-wide scans over a one- year period. By logging in to two SSH honeypots and sending specific commands, we not only revealed their configuration and patch status, but also found that many of them were not up to date. As we were the first to knowingly authenticate to honeypots, we provide a detailed legal analysis and an extended ethical justification for our research to show why we did not infringe computer-misuse laws. Lastly, we present honware, a honeypot framework for rapid implementation and deployment of high-interaction honeypots. Honware automatically processes a standard firmware image and can emulate a wide range of devices without any access to the manu- facturers' hardware. We believe that honware is a major contribution towards re-balancing the economics of attackers and defenders by reducing the period in which attackers can exploit vulnerabilities at Internet scale in a world of ubiquitous networked `things'. Acknowledgements First, and foremost, I am deeply grateful to Richard Clayton for his tireless enthusiasm and encouragement. No matter what else was happening, he always had time and provided me with ample support. Without his guidance and mentorship I would never have been able to complete this thesis. I am also immensely grateful to Ross Anderson for all the freedom he gave me in pursuing my research interests and for his continuous support. Under his supervision, I was able to grow as a researcher and person through discussions and conversations, which have also helped me to see the bigger picture. I am indebted to Alastair Beresford for his invaluable advice at crucial times and his sincere interest in my work. I thank Christian Rossow for generously agreeing to examine my dissertation and providing meticulous feedback. I would like to thank the members of the Cybercrime Centre, past and present, for their support including Alice Hutchings, Daniel Thomas, Sergio Pastrana, Ben Collier, Yi Ting Chua, Maria Bada and Ildik´oPete. I would like to express my gratitude to the German Academic Exchange Service (DAAD) and the Computer Laboratory for generously providing funding for my PhD. I would also like to thank my friends for making my time here in Cambridge enjoyable as well as intellectually stimulating, especially Kaspars Karlsons, Diana Popescu, Tiago Azevedo, Marco Caballero, Marija Pajevic, Khaled Baqer, Christian O'Connell, Florian Str¨ohl,Ilia Shumailov, Mansoor Ahmed-Rengers and Michael Dodson. Last but not least, I would like to thank my wife, Ann-Kathrin, for the joy she has brought into my life and for believing in me at every step of the way. This dissertation is dedicated to her. Contents 1 Introduction 11 1.1 Chapter outline . 13 1.2 Publications and contributions . 14 1.3 Statement on research ethics . 15 2 Background 17 2.1 CPE and IoT devices . 17 2.1.1 Common characteristics . 18 2.1.2 Protocols and services . 19 2.1.3 Common vulnerabilities . 20 2.2 Universal attacks . 22 2.2.1 Device discovery and Internet-wide scanning . 22 2.2.2 Denial of service attacks . 23 2.2.3 Proxying malicious traffic . 24 2.3 Honeypots . 24 2.3.1 Types of honeypots . 25 2.3.2 Evolution of honeypots . 26 2.3.3 Fingerprinting honeypots . 28 2.4 Summary . 30 3 Revisiting the effect of warning messages on attackers' behaviour 31 3.1 Introduction . 31 3.2 Maimon et al.'s original study . 33 3.3 Experiment 1: The deterrent effects of warning banners . 34 3.3.1 Design . 35 3.3.2 Procedures . 35 3.3.3 Outcome measures . 38 3.3.4 Results . 38 3.3.4.1 First trespassing incidents . 38 3.3.4.2 All trespassing incidents recorded . 39 3.3.4.3 Session types recorded and commands issued . 39 3.4 Experiment 2: Surveying system trespassers . 43 3.4.1 Recruitment . 44 3.4.2 Survey design . 44 3.4.3 Results . 45 3.5 Discussion . 45 3.6 Conclusion . 48 4 Fingerprinting honeypots at Internet scale 49 4.1 Introduction . 49 4.2 Background . 50 4.3 Systematically fingerprinting honeypots . 51 4.3.1 Efficient detection of deviations . 52 4.3.2 Protocol 1: SSH . 52 4.3.3 Protocol 2: Telnet . 54 4.3.4 Protocol 3: HTTP/Web . 55 4.4 Internet-wide scanning . 56 4.4.1 Results . 56 4.4.2 Validation . 58 4.4.3 Accuracy . 59 4.4.4 Honeypot deployment . 59 4.5 SSH: Implementation flaws . 60 4.5.1 SSH Binary Packet Protocol . 60 4.5.2 Disconnection messages . 61 4.6 Discussion . 62 4.6.1 Practical impact . 63 4.6.2 Countermeasures . 63 4.7 Ethical considerations . 64 4.8 Related work . 65 4.9 Conclusion . 66 5 Counting outdated honeypots: legal and useful 67 5.1 Introduction . 67 5.2 Unauthorised access to computers . 68 5.2.1 Statutory text . 68 5.2.2 Implicit authorisation . 70 5.3 Ethical analysis . 71 5.4 Fingerprinting SSH honeypots . 72 5.4.1 Identifying SSH honeypot patch levels . 72 5.4.2 Measurement setup . 73 5.5 Results . 73 5.5.1 Authentication configuration . 73 5.5.2 Set-up options of SSH honeypots . 74 5.6 Discussion . 75 5.7 Conclusion . 75 6 Honware: A virtual honeypot framework for capturing CPE and IoT zero days 77 6.1 Introduction . 77 6.2 Virtual honeypot framework . 79 6.2.1 Automated firmware extraction . 80 6.2.2 Customised pre-built kernel . 81 6.2.2.1 Honeypot logging and module loading . 81 6.2.2.2 Signal interception . 81 6.2.2.3 Module loading . 82 6.2.2.4 NVRAM . 82 6.2.2.5 Network configuration . 82 6.2.3 Filesystem modifications . 83 6.2.4 Emulation . 83 6.3 Evaluation . 84 6.3.1 Extraction, network reachability and services . 84 6.3.1.1 Extraction . 84 6.3.1.2 Network reachability . 86 6.3.1.3 Services . 86 6.3.2 Honeypot deployments in the wild . 86 6.3.2.1 Broadcom UPnPHunter . 86 6.3.2.2 DNS hijack . 88 6.3.2.3 UPnPProxy . 89 6.3.2.4 Mirai variants . 89 6.3.3 Timing attacks to fingerprint honware . 90 6.4 Ethical considerations . 92 6.5 Discussion . ..
Load more

Recommended publications
  • A Honeypot for Arbitrary Malware on USB Storage Devices
    A Honeypot for Arbitrary Malware on USB Storage Devices Sebastian Poeplau Jan Gassen University of Bonn Elmar Gerhards-Padilla Institute of Computer Science 4 Fraunhofer FKIE Friedrich-Ebert-Allee 144 Cyber Defense research group 53113 Bonn Friedrich-Ebert-Allee 144 53113 Bonn Abstract—Malware is a serious threat for modern information be infected usually by pretending to be vulnerable computers technology. It is therefore vital to be able to detect and analyze or services. Most commonly, honeypots are run on dedicated such malicious software in order to develop contermeasures. systems, i. e. machines that are maintained exclusively for the Honeypots are a tool supporting that task—they collect malware samples for analysis. Unfortunately, existing honeypots concen- purpose of capturing malware. Honeypots enable researchers trate on malware that spreads over networks, thus missing any and anti-virus companies to analyze new types of malware and malware that does not use a network for propagation. to develop countermeasures, and they are vital in generating A popular network-independent technique for malware to signatures of previously unknown malware. Even though there spread is copying itself to USB flash drives. In this article we are various different honeypot concepts, they all face one basic present Ghost, a new kind of honeypot for such USB malware. problem: How to trick malware into infecting a honeypot It detects malware by simulating a removable device in software, thereby tricking malware into copying itself to the virtual device. machine? We explain the concept in detail and evaluate it using samples Many of the employed concepts make use of the fact that of wide-spread malware.
    [Show full text]
  • Penalty Interest Rates, Universal Default, and the Common Pool Problem of Credit Card Debt Lawrence M
    Penalty Interest Rates, Universal Default, and the Common Pool Problem of Credit Card Debt Lawrence M. Ausubel, Oleg V. Baranov and Amanda E. Dawsey* June 2010 Preliminary and Incomplete 1 Introduction It is now reasonably well understood that unsecured credit such as credit card debt poses a common-pool problem. Since it is not secured by any collateral and since recoveries will be allocated pro rata under bankruptcy, each credit card issuer is motivated to try to collect from the “common pool” — and the attempt to collect by one issuer may pose a negative externality to other issuers. When a consumer becomes financially distressed, each credit card lender has an incentive to try to become the first to collect. For example, a lender may engage in aggressive collection efforts even if they may result in the consumer seeking protection under bankruptcy law: the benefits of collection accrue to this lender alone, while the consequences of a bankruptcy filing are distributed over all credit card lenders and other creditors. This paper attempts to explore the recent proliferation of penalty interest rates and universal default clauses in credit card contracts. By a penalty interest rate, we mean the following: The fairly standard credit card offering in 2008 includes an introductory interest rate on new purchases of 0% for the first several billing periods, followed by a post-introductory interest rate on new purchases of 9.99% to 15.99%. However, if payment is received late once during the introductory period, the interest rate reverts to the post-introductory APR; and if payment is received late twice within any 12 billing periods, the interest rate reverts to a “default APR” of typically 23.9% to 29.99%.
    [Show full text]
  • An API Honeypot for Ddos and XSS Analysis
    An API Honeypot for DDoS and XSS Analysis G Leaden, Marcus Zimmermann, Casimer DeCusatis, Fellow, IEEE, and Alan G. Labouseur Marist College School of Computer Science and Mathematics Poughkeepsie, NY 12601 fG.Leaden1, Marcus.Zimmermann1, Casimer.DeCusatis, [email protected] Abstract—Honeypots are servers or systems built to mimic II. BACKGROUND critical parts of a network, distracting attackers while logging their information to develop attack profiles. This paper discusses Not long after making G-Star Studio available online, we the design and implementation of a honeypot disguised as a REp- observed a number of unauthorized connection attempts to resentational State Transfer (REST) Application Programming its Application Programming Interface (API). These attacks Interface (API). We discuss the motivation for this work, design specifically targeted G-star Studio’s REpresentational State features of the honeypot, and experimental performance results Transfer (REST) API. under various traffic conditions. We also present analyses of both a distributed denial of service (DDoS) attack and a cross-site A REST API is among the most commonly used API scripting (XSS) malware insertion attempt against this honeypot. architectures today [6]. There are many examples of recent attacks against REST APIs, including well-publicized attacks on the Nissan Leaf smart car [7] and the U.S. Internal Revenue Service database. Existing APIs do not always follow security I. INTRODUCTION best practices, and developers might be lulled into a false sense of security by believing that their API will not be an attack The number and severity of cyber attacks has grown signif- target. In an effort to improve the security of our SecureCloud icantly in recent years [1], [2].
    [Show full text]
  • Consumer Experiences with Credit Cards
    December 2013 Vol. 99, No. 5 Consumer Experiences with Credit Cards Glenn B. Canner and Gregory Elliehausen, of the Division of Research and Statistics, prepared this article. Shira E. Stolarsky and Madura Watanagase provided research assistance. By offering consumers both a means to pay for goods and services and a source of credit to finance such purchases, credit cards have become the most widely used credit instrument in the United States. As a payment device, credit cards are a ready substitute for checks, cash, and debit cards for most types of purchases. Credit cards facilitate transactions that would otherwise be difficult or costly, such as purchases over the Internet, by telephone, or out- side the country. As a source of unsecured credit, credit cards provide consumers the option to finance at their discretion the purchase of an item over time without having to provide the creditor some form of collateral such as real estate or a vehicle. Moreover, the small required minimum payments on credit card balances allow consumers to determine themselves how quickly they want to repay the borrowed funds. Credit cards have other benefits as well, such as security protections on card transactions and rewards for use. All of these features have been valuable to consumers and have helped promote the widespread holding and use of credit cards. Recent fluctuations in economic activity and changes in the regulation of credit cards have greatly affected the credit card market. As a consequence of the Great Recession and the slow economic recovery that has ensued, many consumers have experienced difficult financial cir- cumstances.1 During much of this period large numbers of consumers fell behind on their credit card payments, causing delinquency and charge-off rates to rise sharply.
    [Show full text]
  • Bureau of Consumer Financial Protection
    Vol. 81 Tuesday, No. 100 May 24, 2016 Part II Bureau of Consumer Financial Protection 12 CFR Part 1040 Arbitration Agreements; Proposed Rule VerDate Sep<11>2014 18:00 May 23, 2016 Jkt 238001 PO 00000 Frm 00001 Fmt 4717 Sfmt 4717 E:\FR\FM\24MYP2.SGM 24MYP2 mstockstill on DSK3G9T082PROD with PROPOSALS2 32830 Federal Register / Vol. 81, No. 100 / Tuesday, May 24, 2016 / Proposed Rules BUREAU OF CONSUMER FINANCIAL Number (RIN) for this rulemaking. authorized the Bureau, after completing PROTECTION Because paper mail in the Washington, the Study (hereinafter Study), to issue DC area and at the Bureau is subject to regulations restricting or prohibiting the 12 CFR Part 1040 delay, commenters are encouraged to use of arbitration agreements if the [Docket No. CFPB–2016–0020] submit comments electronically. In Bureau found that such rules would be general, all comments received will be in the public interest and for the RIN 3170–AA51 posted without change to http:// protection of consumers.3 Congress also www.regulations.gov. In addition, required that the findings in any such Arbitration Agreements comments will be available for public rule be consistent with the Bureau’s AGENCY: Bureau of Consumer Financial inspection and copying at 1275 First Study.4 Protection. Street NE., Washington, DC 20002, on In accordance with this authority, the official business days between the hours ACTION: Proposed rule with request for Bureau is now issuing this proposal and public comment. of 10 a.m. and 5 p.m. eastern time. You request for public comment. The can make an appointment to inspect the proposed rule would impose two sets of SUMMARY: Pursuant to section 1028(b) of documents by telephoning (202) 435– limitations on the use of pre-dispute the Dodd-Frank Wall Street Reform and 7275.
    [Show full text]
  • Malware to Crimeware
    I have surveyed over a decade of advances in delivery of malware. Over this daVid dittRich period, attackers have shifted to using complex, multi-phase attacks based on malware to crimeware: subtle social engineering tactics, advanced how far have they cryptographic techniques to defeat takeover gone, and how do and analysis, and highly targeted attacks we catch up? that are intended to fly below the radar of current technical defenses. I will show how Dave Dittrich is an affiliate information malicious technology combined with social security researcher in the University of manipulation is used against us and con- Washington’s Applied Physics Laboratory. He focuses on advanced malware threats and clude that this understanding might even the ethical and legal framework for respond- ing to computer network attacks. help us design our own combination of [email protected] technical and social mechanisms to better protect us. And ye shall know the truth, and the truth shall make you free. The late 1990s saw the advent of distributed and John 8:32 coordinated computer network attack tools, which were primarily used for the electronic equivalent of fist fighting in the streets. It only took a few years for criminal activity—extortion, click fraud, denial of service for competitive advantage—to appear, followed by mass theft of personal and financial data through quieter, yet still widespread and auto- mated, keystroke logging. Despite what law-abid- ing citizens would desire, crime does pay, and pay well. Today, the financial gain from criminal enter- prise allows investment of large sums of money in developing tools and operational capabilities that are increasingly sophisticated and highly targeted.
    [Show full text]
  • 2005 Credit Card Survey
    Non-Profit Org. U.S. Postage PAID CONSUMER San Francisco, CA Permit # 10402 ACTION NEWS Change Service Requested Summer 2005 • www.consumer-action.org A publication of San Francisco Consumer Action 2005 Credit Card Survey credit card bill late—even once. Late payments are not the only reason issuers Card companies use common ‘risk factors’ impose higher penalty interest rates. Going over your credit limit or bounc- ing a payment check can trigger a rate to impose unfair rate hikes, finds CA increase, too, in addition to hefty fees. The average penalty rate this year is redit card penalty interest rates the way customers handle other credit credit, the rate might be adjusted 24.23%, up from the 2004 average of and universal default rate hikes, accounts. This year, 44.68% of banks downward—although not always to the 21.91%. This increase is probably at- Coften cited as a way for card said they have universal default poli- original rate. tributable to the fact that most penalty companies to manage risk, top the list cies—a slight increase from last year’s Advance notice of default or penalty rates vary with the Prime Rate, and from of unfair credit card practices. In its survey. According to customer service rate increases is not required by law. last year’s survey to this year’s the Prime new credit card study, Consumer Action representatives, the following circum- In many cases, the first time consum- Rate increased two percentage points (CA) uncovered the top reasons that stances, in descending order of impor- ers learn of a rate increase is when they (from 4% to 6%).
    [Show full text]
  • A Review on Honeypot-Based Botnet Detection Models for Smart Factory
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 11, No. 6, 2020 A Review on Honeypot-based Botnet Detection Models for Smart Factory Lee Seungjin1, Azween Abdullah2, NZ Jhanjhi3 School of Computer Science and Engineering (SCE) Taylor‟s University Subang Jaya, Selangor, Malaysia Abstract—Since the Swiss Davos Forum in January 2017, the production line and is expected to change from mass most searched keywords related to the Fourth Revolutionary customization to flexible production systems through Industry are AI technology, big data, and IoT. In particular, the modularization. It is possible to save energy by changing from manufacturing industry seeks to advance information and a person-centered working environment to an ICT-oriented communication technology (ICT) to build a smart factory that one, and it is expected that the productivity of the integrates the management of production processes, safety, manufacturing industry will increase [2], Various possibilities procurement, and logistics services. Such smart factories can for the transition to smart factories are recognized. It is effectively solve the problem of frequent occurrences of accidents predicted that it will be able to monitor and control and high fault rates. An increasing number of cases happening in manufacturing sites via virtual space, making it easier to smart factories due to botnet DDoS attacks have been reported in manage factories. It will enhance competitiveness in quality recent times. Hence, the Internet of Thing security is of paramount importance in this emerging field of network security and cost [3]. Smart factories are closely linked to data by improvement. In response to the cyberattacks, smart factory application of the latest ICT technologies such as AI, security needs to gain its defending ability against botnet.
    [Show full text]
  • Technology As the Driver of Payment System Rules: Will Consumers Be Provided Seatbelts and Air Bags?
    Chicago-Kent Law Review Volume 83 Issue 2 Symposium: Rethinking Payments in Article 16 Law April 2008 Commentary: Technology as the Driver of Payment System Rules: Will Consumers Be Provided Seatbelts and Air Bags? Mark E. Budnitz Follow this and additional works at: https://scholarship.kentlaw.iit.edu/cklawreview Part of the Law Commons Recommended Citation Mark E. Budnitz, Commentary: Technology as the Driver of Payment System Rules: Will Consumers Be Provided Seatbelts and Air Bags?, 83 Chi.-Kent L. Rev. 909 (2008). Available at: https://scholarship.kentlaw.iit.edu/cklawreview/vol83/iss2/16 This Article is brought to you for free and open access by Scholarly Commons @ IIT Chicago-Kent College of Law. It has been accepted for inclusion in Chicago-Kent Law Review by an authorized editor of Scholarly Commons @ IIT Chicago-Kent College of Law. For more information, please contact [email protected], [email protected]. COMMENTARY: TECHNOLOGY AS THE DRIVER OF PAYMENT SYSTEM RULES: WILL CONSUMERS BE PROVIDED SEATBELTS AND AIR BAGS? MARK E. BUDNITZ* INTRODUCTION Taken together, the articles in this Symposium issue present a fasci- nating and disturbing picture of the world of consumer payment systems. The articles document the death of the world as payment lawyers have known it. Some of the deaths have already occurred. The concept of "agreement" used to be an essential element of the contractual relationship between the parties to a contract. That concept is dead; modem consumers are contractually bound to onerous terms under circumstances where there is no meaningful agreement.' Often, consumers are notified of major changes in terms through stuffers in their monthly statements.
    [Show full text]
  • Towards a Competitive Card Payments Marketplace
    TOWARDS A COMPETITIVE CARD PAYMENTS MARKETPLACE Alan S. Frankel† Table of Contents 1 Introduction 2 Structural Impediments to Effective Competition 2.1 The Flow of Funds and Payment of Fees in Card Transactions 2.2 Single-homing, Multi-homing and Dysfunctional Competition 2.3 Restrictions on Merchant Steering 3 Do Interchange Fees Generate Benefi ts? 3.1 Do Interchange Fees Solve a Market Failure Resulting from Network Externalities? 3.2 Do Interchange Fees Solve or Exploit a Usage Externality? 3.3 Imperfect Issuer Competition and High Interchange Fees 4 Designing Competitive Payment Markets 4.1 Merchants can Decide Whether to Pay Interchange Fees 4.2 Mandatory Interchange Fees can be Eliminated 4.3 Competitive Restrictions can be Eliminated 4.3.1 Networks can Compete for Merchant Transactions 4.3.2 Surcharges and Steering can be Permitted 4.3.3 Honour All Cards Rules can be Abolished 4.4 Mandatory Bilateral Interchange Fees and Other Alternatives 4.5 Three-party Card Networks 4.6 More Comprehensive Structural Changes 4.7 Importance of Both Structural Change and Reduced Interchange Fees 5 Effects of the Australian Retail Payment Reforms 5.1 Average Merchant Fee Rates Fell Dramatically 5.2 Three-party Networks did not Displace MasterCard and Visa † Senior Vice President, Lexecon. This paper is based on a report which I submitted on behalf of the Australian Merchant Payments Forum (AMPF) to the Reserve Bank of Australia, which is available at http://www.rba.gov.au/PaymentsSystem/ Reforms/RevCardPaySys/Pdf/frankel_31082007.pdf. The opinions expressed in this paper are not necessarily shared by the AMPF or by any other merchant group, regulator or other party for which I have consulted regarding interchange fees or payment systems.
    [Show full text]
  • 3 of 5 Bank Credit Card Practices Prior
    Bank Credit Card Practices Prior to CARD Act Implementation Arbitrary Interest Rate Increases: For no apparent reason, even excellent credit card customers who carry a balance have been subject to costly interest rate increases on future balances. Consumer Actions’ 2009 Credit Card Survey showed some card issuers boosted purchase and cash advance rates by up to 3 percentage points between March and June of this year. • Bank of America Platinum Plus Visa Card - increase of up to 46% in the purchase rate. • Citigroup - hiked the purchase rate on three of its cards by 26% to 42%. • Capital One - increased its penalty (default) rate by 6.25%, bringing the rate to 29.4% on its Standard Platinum and No Hassle Miles cards. • Chase - penalty rate jumped almost three points to (29.99%) on it Perfect MasterCard. There has been no change in the prime rate that might have accounted for these rate increases this spring. While the new credit card law sets real limits on card issuers’ ability to charge more for items already purchased, it does not prevent card companies from hiking interest rates to unlimited levels in the future. What’s more, if a card issuer chooses to boost the rate based on the card holder’s relationship with another lender there is no way for consumers to adequately protect themselves. This is where a consumer financial watchdog - the Consumer Financial Protection Agency (CFPA) - could step in to prevent arbitrary and abusive behavior by card issuers. Fees In August, American Banker reported that Citigroup has started adding annual fees if the cardholder doesn’t spend enough.
    [Show full text]
  • Honeypot, Honeynet, Honeywall & Honeytoken
    How to Mock a Bear: Honeypot, Honeynet, Honeywall & Honeytoken: A Survey Paul Lackner Institute of IT Security Research, St. Polten¨ University of Applied Sciences, Austria Keywords: Honeypot, Honeynet, Honeywall, Honeytoken, Survey. Abstract: In a digitized world even critical infrastructure relies on computers controlled via networks. Attacking these sensitive infrastructures is highly attractive for intruders, who are frequently a step ahead of defenders. Honey systems (honeypots, honeynets, honeywalls, and honeytoken) seek to counterbalance this situation. Honey systems trap attackers by generating phoney services, nets, or data, thereby preventing them from doing dam- age to production systems and enable defenders to study attackers without letting intruders initially notice. This paper provides an overview of existing technologies, their use cases, and pitfalls to bear in mind by illustrating various examples. Furthermore, it shows the recent efforts made in the field and examines the challenges that still need to be solved. 1 INTRODUCTION This paper is structured as follows: First, section 2 explains the differences between the honey tools. The Due to continuously improving endpoint protection following sections describe the properties of the dif- and network protection, attacks against computer sys- ferent honey tools and illustrate some use cases as tems are becoming more complex. Various new attack well as implementation considerations. Furthermore, vectors are found continuously and multiple system section 5 describes monitoring, detection and hiding components, hosts, and services in combination are methods followed by a standardised threat informa- necessary to successfully attack a system (Simmons tion exchange approach. Finally, legal aspects are de- et al., 2014) (Papp et al., 2015). Automated attacks scribed and a list of some implementations and hon- based in machine learning are increasing, which re- eypot tools finalises the paper.
    [Show full text]