September 29, 2022
The age-old honey trap has been the undoing of many great diplomats, spies and workers from the government’s highest offices.
In the digital age, it has been increasingly used to target workers of the same groups on dating platforms Tinder, Bumble and Hinge, in a format that many say involves little honey and lots of trap.
Many were given a rude shock earlier this year when Liberal senator James Paterson warned on national radio that ASIO was monitoring traps on dating platforms: “If you’re a six and they’re a 10 – it might not be your looks that they’ve been charmed by.”
In the tech industry, a slightly less sexy version of the honey trap is being used to lure global hackers into giving away their secrets, from slippery password stealing methods to the software they use and their location.
Over the past week, as almost 10 million Optus customers learned their personal information had been obtained in what has been described as a “non-sophisticated hack”, the term has come up several times, igniting the importance of using traps to bait and lure hackers.
Honeypots are being increasingly deployed by companies including Nozomi Networks. Last month the company released research from a series of honeypots it set in the first half of this year.
In March, the San Francisco based software company, which has a local arm, recorded 12,000 malicious attempts from Internet of Things Bot Nets – a group of devices connected to the internet commonly used to deploy spam.
Those attempts came from 5000 IP addresses – the Internet Protocol address identifying a device that can connect to the internet – associated with the US and China.
Ameen Al-Majzoub, Nozomi Networks’ West Australian based regional manager, said the funny thing about those IP addresses was that, while the hacker may not be based in those countries, the infrastructure and devices were.
And it was likely that foreign hackers set up hacking networks in other countries and relied upon locals to deploy hacking attempts. Optus has said the hackers that stole its customer data were using IP addressed detected in various locations across Europe.
David Callan, a former ASIO intelligence officer and one half of the I Spied podcast, said honeypots bore some similarity to honey traps that played a major role in the intelligence world.
“Until recently, cybersecurity has really been like the Wild West, a bit of a cowboys game,” he said.
“Now that they’re beginning to build in these honeypots, which are basically setting a target out there that is appears so lucrative that you can just grab a hold of it, you can start identifying who the player is in the cyberwar that you’re waging.”
Asked if ASIO deployed honey traps, Mr Callan said he didn’t believe so and that any organisation that did would never admit to it.
“ASIO is more about protection, so it is something that ASIO would be working to counter as opposed to working to set.”
