Go To Home

Why Deception Matters in Cybersecurity

by Smokescreen Team

Deception matters

A History of Deception

Deception has a centuries-old successful history in military warfare. Military doctrine from Sun Tzu, Genghis Khan, Clausewitz, Machiavelli and Chanakya, all the way through the Second World War has stressed the importance of deceiving the enemy to know their plans and thwart their objectives. Clearly, deception matters.

Military history is rife with examples of crucial victories, won through subterfuge:

  • The Trojan Horse of Troy
    Perhaps the most well-known example. The Greeks hid a force of men in a giant wooden horse and feigned retreat. The Trojans pulled the ‘victory trophy’ inside the city gates. That night, the hidden Greek troops crept out of the horse and opened the gates for the rest of their army.
  • The Mangudai of the Mongol Army
    Genghis Khan’s army relied heavily on light cavalry that would harass the front-lines of the enemy force. They would charge, feign retreat, and draw the enemy towards favourable ground.
  • The Ninja’s of feudal Japan
    The ninjas represent the ultimate adoption of deception in conflict. Practically every tactic revolved around deceiving the enemy, to the point that ninjas would spread rumours of their supernatural powers. They were masters of disguise and used distraction devices such as smoke grenades to infiltrate heavily fortified installations and sieze victory.
  • Operation Mincemeat
    During the Second World War, the Allies planted a corpse off the coast of Spain with a briefcase containing detailed plans to invade Europe through Greece. The Germans recovered the body and believed the ‘secret’ documents;
    making preparations to reinforce Greece. It was considered one of the most successful deception operations in the war.

Information today is the coin of the realm, and as such, using deception and misinformation have never been more topical to modern conflict.

Old Strategies, New Battles

Early in computer security, many attacks were famously thwarted through ingenious deception by the defenders. The most famous examples are Clifford Stoll’s tracking a Russian hacker in the 80’s. The story is told best in his book, The Cuckoo’s Egg

However, as computing evolved and became more complex, this form of active defence was superceded by protective measures — firewalls and antivirus.

Unfortunately, today’s attacks on computer security have shown that protection is both overrated, and impossible to achieve. The largest organisations, from Target Corp. to J.P. Morgan and Sony have been victims of massive hacks, despite
having every conceivable protection mechanism.

Hackers themselves rely heavily on deception. Social-engineering, or hacking the human, is the number one mechanism used to gain a foothold in the organisation.

Why then don’t defenders deploy deception? Up until now it was too hard. Too complex to maintain. That has changed now. Active defence is the future of cyber-security, and organisations that forget the foundational principles of warfare will be on the back-foot in dealing with the most modern form of war.

#deception#history#philosophy#strategy

Continue Reading

Have you tried out IllusionBLACK yet?
  • Detect zero-days, APTs, and insider threats
  • 10x the detection capabilities with 1/2 the team
  • Get started in minutes, fully functional in hours
Schedule a demo
Go to home

Simple solutions for detecting and containing threats. Working with us does not break the bank or your spirit. We’re the company of choice for offensive security teams with a Net Promoter Score of 70+.

© 2015-2021 Smokescreen. All rights reserved.

Solutions For
Web Application AttacksLateral MovementRansomware AttacksTargeted ThreatsSocial EngineeringMalware-less Attacks