Blueprints from History — Series#4
BLUEPRINT#4 : FEIGNED RETREAT
“All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.” — Sun Tzu, The Art of War
The Art of War is the most influential written discourse on war ever written attributed to Sun Tzu who is revered as a legendary historical military figure as well as a philosopher. The book is a compilation of strategies one ought to bear in mind to defeat the enemy, whose principles are still used to this day due to the their importance. The Art of War is not only applicable to modern warfare but also spreads and influences the mindset of people in politics and businesses. It presents a sort of philosophy, a state of mind or psychology for managing conflicts and winning battles.
The Battle of Kalka river fought in 1223 on the banks of Kalka River in present-day Ukraine was one of the most famous victories of great Mongol General Subutai, the primary military strategist of Genghis Khan. He successfully executed this tactic with a force of just 2,000 Mongol horsemen against the Rus and Kipchaks who had gathered a force of 80,000 men. The Rus army defeated the mongols rearguard first at which point Subutai and his men decided to lure the Rus into an ambush.
Seeing the Mongols running away like cowards, the Rus pursued to complete their victory. The Mongols feigned this retreat for 9 days. In this process Rus’ formation started spreading out separated from the support of the rest of the army.
Finally on the ninth day, General Subutai set up an ambush crossing the Kalka river where he concealed his forces on the opposite bank. When the Rus began crossing the river he sprung his trap to destroy them.
Apart from the ghastly component of a war where bodies clash and swords thrust into them squirting out blood there is a psychological and a philosophical part to it which is all about reading your opponent and knowing your circumstances. Applying this strategy of exploiting the psychology of the enemy and lure them into deception is being adopted as a new approach to cyber security. Deception has now become a successful tactic brought into the digital battlefield through a number of technologies and techniques that mimic the workings of the original system tricking cyber attackers into believing that they have hacked successfully.
Much like how the Mongols used a light cavalry to attract their enemies and lure them into a planned ambush, cyber security systems have Honey Pots. They are closely monitored decoys that are employed in a network designed to basically attract potential intruders and track their activities.
The primary objective of such systems is basically to collect information about intruders, deviate them from accessing the critical systems and use them to stay on top of the system for a while during which security teams take appropriate actions. They are fabricated to mimic real systems, generally based on a real server and operating system having real data. They are equipped with extensive monitoring to better understand where cyber attackers are coming from, how they operate and to determine the effectiveness of the security measures that are in place. Simply put, they are intentionally vulnerable machines put out on the internet for research purposes.
Honeypots can be positioned in different places within an enterprise network either within the DMZ but before the external firewall or after the firewall to trap the attackers in case they pass through the firewall. The honeypots can also be placed within the sub networks which would help to detect internal hacks. Honeypots are considered an effective mechanism to study the minds of hackers and to heighten the effectiveness of computer security tools.
Based on the level of interaction Honeypots are classified as :
Low Interaction Honeypots — captures connection attempts such as FTP, HTTP services. It has no operating system for attackers to interact with.
Examples — ADBHoney, Honeyd, mysql-honeypotd, HoneyPy.
High-interaction Honeypots — With the goal of capturing the maximum amount of information on the attacker’s techniques, these honeypots give a realistic experience. They are deployed in actual virtual machines presenting as a decoy to attackers, any traffic found here is malicious making it easy to identify as a threat. Examples — Pwnypot, SMB Honeypot, HIHAT.
Medium interaction Honeypots — Extend some interaction to the attackers but do not have a real operating system, they emulate a piece of a real system.
Examples — Kippo, Cowrie, sticky_elephant, hornet
A nation might have an advantage over every other form of competition with possible allies, a business might be unbeaten with no rivals but none can escape from cyber warfare in a digital world that has no borders or perimeters. All it takes to bring them down is a crooked ambition with a laptop and a desire to wreak havoc. It has become imperative for anyone who has been given the responsibility to guardrail their network to develop strategies and tactics to win this invisible battlefield.
Acquiring the secrets of the art of war, modeling ourselves after the great warriors who practiced them would greatly help us to maneuver through hackers’ minds, vanquish them and emerge as great cyber warriors.
I hope this series seeded a belief in your mind that history has patterns and so has a glass maze.
This article is part of a 4 part series — Blueprints from History
Read Series#2
Read Series#3
