It took just 18 hours after the expert in information security Kyle Wilhoit (Kyle Wilhoit) connected to the Internet with two fake and one real SCADA-system – and they have already started to attack someone. The widespread popularity among script kiddies search engines such as Shodan, as well as basic tools for hacking turns every industrial system an easy target to break even clumsy novice hackers.
Experiment by Wilhoit in December 2012 was aimed at the creation of two traps (Honeypot), with which you can divert attention from script kiddies for this purpose. It is assumed that the traps are all conditions for fishing hackers: they provide the files with the allegedly secret information, passwords and other secrets that they will use with pleasure in their asset. However, as soon as you attempt to access the current system with a fake password of Honeypot system immediately raises the alarm and notifies system administrators and security professionals. This means that the trap was sprung.
Experiment which Wilhoit conducted in the spirit of the standard practice of creating fake accounts on the Web site for the sole purpose – to notify the administrator that someone is trying to login. These accounts are created to alert the authorities about the site is that some or all user passwords leaked in open access, that is, their system was hacked. It will not always able to respond quickly to understand the administration is out of logs of your servers, but if the signal was received from the account-traps – from this it is a sure sign of forced login.
Cryptographers at RSA Labs offer further improved trap for hackers. They put forward the idea that the security password hash should be up to 20 passwords, of which only one is present, and the others are used as the hacker alarm base. That is, if a foreign hacker will try to enter the wrong account, it immediately raised the alarm, the server is blocked and all passwords are changed.