Using Fake Documents to Fool Cyber Attackers

Malicious hacks are significant problems for the public and companies alike. They damage corporate reputations and expose the sensitive data of millions of people. A recent project associated with Dartmouth College aims to limit the damage hackers cause by tricking them with fake documents.

It’s based on the canary trap concept used in espionage and World War II. The idea involves spreading several fake documents. Once unauthorized parties find them, it becomes easier to detect information leaks or distract people with bogus information.

The Canary Trap Gets an Artificial Intelligence Upgrade

Dartmouth College researchers came up with the WE-FORGE data protection system and based it on the canary trap approach. However, it’s more advanced than older methods. WE-FORGE depends on artificial intelligence (AI) to create false documents, protecting intellectual property in the process.

The resulting content looks realistic enough to trick people, but it lacks any information they’d find truly useful. The AI algorithm works by finding similarities between a document’s concepts and then analyzing the relevance of each word to the overall content. Next, the AI organizes the concepts into groups and figures out the best replacement material for each one.

A document’s original author can also chime in by suggesting fake material for the AI to use. That combination of human-computer input can make the results even more frustrating for hackers.

The AI can also generate several misleading copies of a document with only minor differences between them. Then, a cybercriminal wastes even more time trying to determine which one holds the information they need — despite all the documents containing false content.

Researchers tested the algorithm by falsifying chemistry and computer science patents, then asking the participants to pick out the real documents from the fake ones. The outcomes confirmed the algorithm could consistently fabricate documents that even knowledge experts thought were real.

A Worthwhile Tactic to Improve Cybersecurity

An effective cybersecurity strategy requires various approaches to keep hackers at bay. It’s also vital that at-risk entities explore how to minimize the damage hackers could cause. That’s because the financial impacts of attacks can be substantial.

Consider the case of a ransomware attack against CompuCom, a managed service provider. In that instance, the anticipated losses surpassed $20 million and caused operational disruptions. It’s also valuable to consider the sheer amount of compromised data a cybersecurity breach could cause.

For example, data from a recent report showed that just two data breaches during 2020 resulted in more than 18 billion compromised records. That research also cautioned that the number of breaches had decreased, but the number of stolen items rose dramatically. That suggests hackers are going after bigger targets that have more to lose.

Deceiving cybercriminals with document fakery is not an all-encompassing way to keep materials safe. However, it could supplement existing practices, limiting the havoc hackers can wreak.

Many cybersecurity experts are already trying to reduce the weak points that online criminals use to gain access. For example, smarter authentication measures are a 2021 trend, and some companies have moved away from traditional passwords. Utilizing false data could further challenge attackers by making their efforts less fruitful.

Foiling Hackers’ Attempts to Wreck a Presidential Campaign

Trying to fool hackers with false documents is not a new concept in cybersecurity. However, applying AI to speed the process is a more novel idea. Thanks to the work at Dartmouth University and similar efforts elsewhere, this use of AI could help companies keep their sensitive material more safeguarded.

It could also be a valuable strategy when parties suspect cybercriminals will target them. Mounir Mahjoub​i​ was a digital campaigner who worked on Emmanuel Macron’s successful French presidential campaign. He also played an instrumental role in thwarting hackers that threatened to derail the effort in its latter stages.

Hackers seized tens of thousands of documents and released them online. However, before that attack happened, Mahjoub​i​ and his team created fake email accounts, complete with messages containing nothing but useless material.

Mahjoub​i​ knew hackers had their sights set on Macron’s campaign. Cybercriminals even impersonated Mahjoub​i​ himself and sent staff members supposed security instructions for safeguarding their accounts.

Mahjoub​i​ confirmed that the so-called “cyberblurring” efforts of creating the false information drastically limited the valuable information that hackers could take. That result kept the campaign on track rather than ruining it.

Staying Ahead of the Hackers

Hackers typically try to stay several steps ahead of the professionals who try to stop them. However, planting fake documents for cybercriminals to find could be an excellent way to confuse them.

It’s likely too labor-intensive to do that with every piece of content a company has — even with AI. However, using this option to protect the most valuable assets could be a smart move.


No posts to display