Automated Deception

This Wired article discussing the creation of “decoy” documents raises some interesting questions.

The concept itself is relatively simple – if you’re worried about an insider threat like Bradley Manning or an outside threat like “unknown” (Read: Chinese/Russian) hackers, one way to confound them is by planting fake documents, to increase the amount of “noise” in the intelligence gathered.  There is a lengthy digression in Neil Stephenson’s book Cryptonomicon that discusses this at length.  What’s interesting is that DARPA is trying to automate the process, and introduce a “smoking gun” into it as well – the decoy documents will supposedly be “tagged” with the IP address that accessed them, so if they are leaked, you can trace them back relatively easily (not everyone will make their trail as easy to follow as Bradley Manning did).

What I am curious about is how they will prevent this system (if implemented) from creating problems for the organizations they are trying to protect.  There needs to be a way for the legitimate consumers of information to be able to tell the difference between the real and fake documents.  You can’t mark them “real” and “fake” or you defeat the purpose of the system.  Presumably you’ll have some sort of offline (or at least separate) method that tells intended consumers of the information how to tell the difference (an internal email or memo that says “The code word for today is ‘Canary'”).  That is obviously subject to a lot of human error – there could be serious real-world consequences if a “fake” document is interpreted as real.

All of that said, if effectively implemented, the counter-intelligence value could be huge.  The IP-address capture obviously makes it easier to identify insiders (or compromised machines), and the presence of fake data severely degrades the intelligence value of anything acquired by a foreign intelligence service.  I am particularly interested if there is a way to implement this at the level of military R&D – it’s now apparent that the military industrial complex has leaked information to our adversaries by the truckload, and that they have successfully reverse engineered a lot of that information into their own designs.  If every blueprint has 9  similar but subtly different clones, you force the enemy to employ a lot of brain and man power just figuring out which one is real, and possibly force them to spend a lot of time reverse engineering something that never worked in the first place.


About thinklikeafox

I'm a Naval Officer living in Southern California. I hope to be attending law school in the next year or two, and I started writing this blog out of a desire to improve my writing and critical thinking skills after a couple years outside of academia.
This entry was posted in National Security and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s