Bears like honey, but what do hackers like? There are digital treats for them on the Internet: deliberately placed fake computer systems. Lured by their vulnerabilities, the hunter becomes the hunted. Or rather: the observed. As in bear hunting, such traps are called honey pots or honeypots.
Isn't it called “learning from the best”? It's about always seeing the latest tricks and gimmicks that could be used to attack a company network or production plant. Even the so-called token, which in principle works like the colored wristband on a club vacation, can be simulated as a decoy trap. Only those with the wristband can get a drink at the pool bar - and that's what the attacker wants. He wants to be seen as a legitimate part of a computer system. To achieve this, they disguise themselves, use digital tools or reveal previously unknown backdoors. And in doing so, they also unconsciously ensure that such systems become more secure. Because their work is analyzed and documented. Sometimes even by the increasingly intelligent, learning decoy traps themselves.
These so-called “honeypots” are deliberately set up so that they are clearly visible from the internet and easy to reach. The intruders fall in because the honeypots simulate easy prey, i.e. systems with vulnerabilities. These vulnerabilities can be insecure passwords, outdated software or open interfaces for remote access, for example. Companies such as Deutsche Telekom analyze the knowledge and data gained from the attacks in order to make their own systems and those of their customers more secure.
The longer code crackers stay in the honeypot, the more valuable information they provide. It is therefore important to “entertain” them and create a particularly exciting environment for them.
How does this work in practice? The honeypot was simply placed on a covered pit for the bears. In the hope that the bear will reach for it, fall into the pit and be trapped. IT intruders of all kinds are dealt with in a less martial manner. You could think of it like a house:
A honeypot is like a building that is specially built to look like an exciting target for burglars.
- Tempting doors and windows: Some windows and doors look slightly open or unlocked.
This is like a simple password or old software that is easy to crack. The intruder thinks he has an easy game. - Multiple rooms: The house has many different rooms for the burglar to rummage through. Each one has a new secret or a new challenge. For example, various security gaps or weak points in a supposed company network that the hacker can attack one after the other. Or mysterious “treasure chests” in each room with supposedly exclusive information or data.
- Hidden clues that the burglar can follow: These lead him to other interesting corners of the house. In the case of honeypots, these could be logins or access data that the hacker is trying to crack.
Such tricks attract cyber attackers and constantly challenge them. They stay in the “house” for longer and leave more traces. And the more of them there are, the easier it is to analyze their actions. Deutsche Telekom's security experts register an average of 30,000 to 40,000 attacks on the more than 6,000 honeypot traps every minute. Artificial intelligence helps them to recognize patterns, interpret them and expand protection mechanisms.
In short, a honeypot is a security factor. It is used to lure cyber attackers and monitor their activities without them being able to access real data or systems. There are different types of honeypots, each with different objectives and aimed at different attackers. Find out more here.
