The U.S. Federal Bureau of Investigation (FBI) is working on a program to stop hackers from stealing large amounts of data through ransomware attacks, identity theft, financial fraud and more.
The FBI program called IDLE (Illicit Data Loss Exploitation) aims to confuse fraudsters and corporate spies by focusing on using ‘decoy data’ to make it difficult for malicious hackers from stealing the company’s valuable information, according to a report from Ars Technica.
“We have agents in every field office spending a large amount of time going out to companies in their area of responsibility establishing relationships,” Long T. Chu, acting assistant section chief for the FBI’s Cyber Engagement and Intelligence Section, told Ars Technica.
“And this is really key right now—before there’s a problem, providing information to help these companies prepare their defenses. And we try to provide as specific information as we can.”
The FBI is taking a more “holistic” approach to deal with the issue of growing cyberattacks these days instead of acting on particular events. “We’re looking at cybercrime from a key services aspect”—aka, what are the things that cybercriminals target?—”and how that affects the entire cybercriminal ecosystem. What are the centers of gravity, what are the key services that play into that?”, Chu told Ars.
The FBI is now not only warning big companies when they’re being targeted but also reacting to security breaches as they happen. It is also helping companies take proactive steps to stop these data theft attempts by masking the data.
IDLE is not a trap or classic “honeypot”, an official told Ars. Although the FBI has not provided exact information about how the IDLE works, it mixes fake data with existing real data to make it appear authentic.
This makes it very difficult for hackers to distinguish fake data from real data. For instance, when the fake data is downloaded, it activates IT that something could be wrong.
The idea of the program is not to invite attackers by posting enticing (but fake) information but to help protect the data that hackers are already seeking.
While there is no guarantee that the program will be effective, Chu said that if the agency has existing relationships in place with businesses, information flows quicker in both ways.
Chu said when there’s a “preexisting relationship with our partners, so we know exactly who we need to call and vice versa.”
He added, “Just as we’re trying hard to get the private industry information as fast as possible, it’d be a lot more effective if we’re getting information from the private industry as well.”
Exchanging information about IP addresses, indicators of compromise, and other threat data allows the FBI to aggregate the data, “run that against our databases and all our resources, and come up with a much stronger case, so to speak, against our adversaries,” Chu noted, “along with trying to attribute or identify who did it will prevent further attacks from happening.”