I was just reading an article about a cyber security company that advocates hacker containment. The basic premise of the article is that hackers are going to get into your system and you can’t block them. At some point they give specific advice that once a hacker is beyond your firewall, you should lead them around a bit and limit the damage. But, to be completely honest, I did not read the article far enough to learn exactly what they were proposing as a solution. Perhaps they are right, or perhaps they have a few screws loose? The point is, their article sparked a novel idea. Why not sting the hackers? I suspect US counter intelligence is doing this already, but there is no reason why it can’t be done at a corporate level.
Let’s assume they are correct and you can’t block hackers from getting in. Instead of playing defense, why not play a little offense? Give the hackers a money pack with an exploding ink bomb.
What would this ink stained cash look like in cyber space?
How about a data base of fake financial records, that you carefully protect, but leave a few security holes. Then when you see anybody accessing these accounts, you go after them and prosecute the perpetrators when they try to use the accounts. Suck them into a face-to-face meeting to pick up gold bullion and arrest them, just like with any police sting. This might not stop the hacker, but it would have the effect of making their wares useless on the open market. Think about the drug dealer who rips off his customers, eventually somebody rats them out? Or kills them?
The idea would be instead of spending billions of dollars on security, spend a billion or two on laying traps for hackers that will help expose them and their customers. If you hide enough ink bombs in your records, it might turn the tables a bit!