◆ SpookStack

[ fexo PM 4/28/2003, Internet Policy News Page 2 of 8 would send out an alarm if anyone touched that particular number. The term “honeytokens" was coined on Feb. 21 by a programmer named Augusto Paes de Barros who used it in an e-mail message to a list of security professionals. Bui the idea is not new. It dates back in computing at least to 1986, when Clifford Stoll, a programmer at Lawrence Berkeley National Laboratory in California, buried fake records for an organization called the Strategic Defense Initiative Network deep in his server. When intruders started downloading the records, and then someone seni a letter to Mr. Stoll about the phony organization, he and federal investigators traced the intruders to East German and Soviet intelligence agencies. Today, the use of honeytokens is not uncommon. For example, ForeScout Technologies, based in San Mateo, Calif., has built a commercial software program that tracks incidents of surreptitious reconnaissance, like port scans — the computer equivalent of someone turning your doorknob to see if it is unlocked. The program will announce a false message of vulnerability to the scanner in the form of a honeytoken, It then breaks the connection if the hacker follows up with an attack. Honeytokens, like their cousins the honeypots, are based on the notion that if you build it, they will come. Mr. Spitzner became intrigued by the idea of honeypots after putting a new computer online at home and watching it get attacked within 15 minutes by an automatic program scanning the Internet for vulnerable prey. Many computer criminals break into systems simply for the fun and challenge. Others are looking to take over vulnerable systems in order to use them as safe houses for setting off further, more serious, attacks. Others want to mine credit card addresses or steal corporate secrets. According to a 2002 report by the Computer Security Institute, 90 percent of the 500 corporations, government agencies, financial institutions, medical institutions and universities surveyed detected security breaches during the previous year. Honeytokens could also be useful for national security purposes, Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth University, said that the Defense Department could use them to b6é -5 bic -5 FBI(19-cv-1495)-2162 be -5 b7c -5