According to an Ars Technica story, the FBI is using one of the oldest tricks in the book to help companies protect data: deception.
Under a program called IDLE (Illicit Data Loss Exploitation), the FBI is working to proactively protect companies, rather than waiting for an incident to occur. According to Ars, IDLE is “a form of defensive deception—or as officials would prefer to refer to it, obfuscation—that the FBI hopes will derail all types of attackers, particularly advanced threats from outside and inside the network.”
The goal is to lure hackers into going for fake data, servers or infrastructure, leading them down dead-ends. The longer hackers are engaged with these fake systems, the more time security experts have to track them down.
The program represents a fundamental shift in the FBI’s approach, where there is a greater emphasis placed on cooperation between the FBI and other government agencies, as well as with the private sector. In the ongoing arms race between cyber criminals and cyber security experts, the FBI’s approach is an innovative—albeit old—tactic that should help companies better protect themselves.