In World War II, the Allies employed all kinds of sneaky tricks to deceive their enemies into thinking they had more troops and weapons at their disposal than they actually had.
The camouflage techniques of one unit active in North Africa, which on one occasion consulted a stage magician about the way he fooled audiences, proved decisive in several key battles. And the biggest deception of all was Operation Fortitude which fooled the Nazis about where the D-Day landings would actually take place.
The same principles of deception and misdirection, albeit on a much smaller scale, are now starting to be used by some organisations to thwart malicious hackers keen to establish a bridgehead on internal networks.
“It’s a classic idea of warfare to prevent the adversary from having a real understanding of your reality,” said Ori Bach from deception technology firm Trapx. “It’s just like the Allies in WWII. They made fake tanks, fake air bases, fake everything.”
And just like those ersatz weapons of war, the fakes implanted on a network look just like the real thing.
“We create a shadow network that is mimicking the real network and is constantly changing,” he said.
The use of so-called deception technology has grown out of a realisation that no organisation can mount perfect digital defences. At some point, the attackers are going to worm their way in.