Thoughts on the CurrentC Hack and Active Defense

According to this article, it looks like CurrentC has suffered a compromise of some sort during its testing phase.  From the article:

MCX spokeswoman Linda Walsh said the CurrentC application itself was not impacted, and many of the email addresses were for dummy accounts. An investigation is underway and merchants in the consortium with compromised email addresses have been notified.

This got me thinking about active defense techniques we can use even before an application goes to production.  If we use some honeypot-like technology or use some dummy identities while in a pilot mode, we might be able to ferret out the attack techniques that will ultimately be used against the production version of the product.  Even more interesting, perhaps we can seed the content with some beacons to show us where the bad guys are coming from.  The fine folks at Black Hills Information Security offer the Active Defense Harbinger Distribution (ADHD) with some nifty tools to do this.

As with all things related to active defense and honeypots, talk to your legal team before taking action on active defense.  However, this kind of activity in non-production environments could provide some useful intel.

Has anyone tried this or discussed doing it at their organization?  How did it go?

PS – Looks like it’s been about a year since my last post.  It’s been especially hectic for me over the past year.  I’m hoping to do more blogging but they will mostly be short quick hits like this one.  

Leave a Reply

%d bloggers like this: