A History of Deception
Deception has a centuries-old successful history in military warfare. Military doctrine from Sun Tzu, Genghis Khan, Clausewitz, Machiavelli and Chanakya, all the way through the Second World War has stressed the importance of deceiving the enemy to know their plans and thwart their objectives. Clearly, deception matters.
Military history is rife with examples of crucial victories, won through subterfuge:
- The Trojan Horse of Troy
Perhaps the most well-known example. The Greeks hid a force of men in a giant wooden horse and feigned retreat. The Trojans pulled the ‘victory trophy’ inside the city gates. That night, the hidden Greek troops crept out of the horse and opened the gates for the rest of their army.
- The Mangudai of the Mongol Army
Genghis Khan’s army relied heavily on light cavalry that would harass the front-lines of the enemy force. They would charge, feign retreat, and draw the enemy towards favourable ground.
- The Ninja’s of feudal Japan
The ninjas represent the ultimate adoption of deception in conflict. Practically every tactic revolved around deceiving the enemy, to the point that ninjas would spread rumours of their supernatural powers. They were masters of disguise and used distraction devices such as smoke grenades to infiltrate heavily fortified installations and sieze victory.
- Operation Mincemeat
During the Second World War, the Allies planted a corpse off the coast of Spain with a briefcase containing detailed plans to invade Europe through Greece. The Germans recovered the body and believed the ‘secret’ documents;
making preparations to reinforce Greece. It was considered one of the most successful deception operations in the war.
Information today is the coin of the realm, and as such, using deception and misinformation have never been more topical to modern conflict.
Old Strategies, New Battles
Early in computer security, many attacks were famously thwarted through ingenious deception by the defenders. The most famous examples are Clifford Stoll’s tracking a Russian hacker in the 80’s. The story is told best in his book, The Cuckoo’s Egg
However, as computing evolved and became more complex, this form of active defence was superceded by protective measures — firewalls and antivirus.
Unfortunately, today’s attacks on computer security have shown that protection is both overrated, and impossible to achieve. The largest organisations, from Target Corp. to J.P. Morgan and Sony have been victims of massive hacks, despite
having every conceivable protection mechanism.
Hackers themselves rely heavily on deception. Social-engineering, or hacking the human, is the number one mechanism used to gain a foothold in the organisation.
Why then don’t defenders deploy deception? Up until now it was too hard. Too complex to maintain. That has changed now. Active defence is the future of cyber-security, and organisations that forget the foundational principles of warfare will be on the back-foot in dealing with the most modern form of war.
The pragmatic security leader’s guide to deception technologyWhen evaluating deception technology, look at three key components of the solution to ascertain how effective it will be in your environment – visibility, realism, and fingerprintability.By Sudarshan Pisupati
Using deception to shield the insurance sectorInsurance companies are under siege from cyberattacks. We take a look at some of the key pieces of an insurer’s infrastructure the adversaries target and how you can use deception to build active defenses.By Sudarshan Pisupati
Finding active defense opportunities in a pentest reportPentest reports tell a story. By asking why a pentester made certain choices, you can find opportunities to influence attacker behavior and actively defend your network.By Sudarshan Pisupati
- Detect zero-days, APTs, and insider threats
- 10x the detection capabilities with 1/2 the team
- Get started in minutes, fully functional in hours