chloeveltman.com > features

TruSecure: Honeypots catch cybercrime in sunshine state
17 March 2004

Late last summer, a small Florida electricity company was about to trigger a denial of service attack of global proportions. A hacker had programmed a virus to bombard eight servers around the world with malicious code, and unbeknownst to the electricity company, one of these servers was sitting in its back room.

Thanks to the co-ordinated efforts of the Florida Department of Law Enforcement (FDLE) and TruSecure, a Vermont-based risk management company, the hacker's plans were foiled. TruSecure captured the virus early using its global network of 14 "honeypots" - computers left intentionally vulnerable and monitored for security problems - and traced one of the eight servers to Florida. Receiving an alert from TruSecure, FDLE was able to track down the electricity company and warn them of the impending security breach.

Cybercrime is rife in Florida. With a heavily small business-based economy and a growing number of elderly internet users, many companies and individuals lack security expertise. According to the Internet Fraud Complaint Center (IFCC), Florida ranks among the top four states for internet fraud in the US.

In an effort to combat cybercrime, FDLE decided to implement programmes that would not only research and investigate computer offences, but also provide education to Florida businesses and citizens about the critical need for secure IT systems. "By raising awareness, we want to give people the steps they need to protect their piece of cyberspace," says Bob Breeden, supervisory special agent with the computer crime division of FDLE.

For years, companies like TruSecure have been infiltrating hacker circles, monitoring computer systems and analysing data to help private and public sector clients protect themselves from cybercrime. The brain behind TruSecure is its subsidiary ICSA Labs, which tests and certifies security products and maintains WildList, a database that Peter Tippett, vice chairman and chief technologist of TruSecure, ambitiously describes as, "a collection of all malicious code that ever infected any machine in any company anywhere."

Rather than attempting the futile task of keeping up with computer viruses using patches and other traditional antidotes, TruSecure takes a more pre-emptive approach. "A company of any size cannot possibly stay current or maintain any sort of reliable security posture, if they attempt to reactively patch each time a new vulnerability is announced," says Dr Tippett.

"TruSecure helps to prioritise security activity, and identify simple yet effective security controls that can help to mitigate 80 per cent of the risk with 20 per cent of the effort."
Since winning a contract with FDLE in November 2002, the company has provided the agency with information security, early warning and action alerts, underground intelligence, risk management and training. When TruSecure identifies a threat or other issue, it alerts FDLE staff via e-mail and mobile phone. FDLE then forwards the alert to its own list of registered users.

The service is free, but the department also posts alerts on its website at www.secureflorida.org. "The system works well," says Mr Breeden. "We are alerted to risks weeks in advance and it gives us the ability to educate our community."

Despite the efficiency of the system, one of the major issues facing TruSecure has been reaching out to such a broad spectrum of the population. Usually geared towards techies at large corporations, at first TruSecure's alerts were often difficult for FDLE's lay audience to understand. But Mr Breeden says the messages have become more user-friendly.

Florida is way ahead of many other states in terms of its computer security awareness campaign. From this month, for instance, FDLE is running statewide seminars to educate people about viruses, firewalls and other related issues. But Florida's businesses and citizens won't become security-savvy overnight. "It's a long term solution," says Mr Breeden. "Our goal is to turn things around over time."