DARPA will use decoy documents to catch leaks

By on November 8, 2011, 3:30 PM

The U.S. Department of Defense plans to discourage would-be document leakers by planting false documents, but there is a twist.

These decoy documents, as they are described, sound sophisticated. The files employ a security feature which embeds the equivalent of a homing device inside the document. When one of these files are opened, it automatically alerts a DARPA system administrator, enumerates details about the computer and sends that information out. Reportedly, these documents can send your IP address, time, location and host name but additional information may also be possible.

DARPA describes one goal of the program as, :generating and distributing believable misinformation." As part of the project, these automatically-generated decoy documents will be purposely conspicuous, increasing the likelihood with which would-be document leakers will access them. The files are also intended to be believable, so as to appear authentic to those who would leak them. 

The quote below is from a Department of Defense projects abstract:

The recent disclosure of sensitive and classified government documents through WikiLeaks demonstrates a new systemic threat, exfiltration and broad global broadcast of government confidential data and information. We propose to develop techniques and mechanisms for identifying likely malicious insiders within an organization by leveraging automatically generated misinformation and modern system and network monitoring technologies such as Data Leakage Prevention (DLP). The proposed scheme focuses on and exploits what malicious insiders seek (illicitly acquired information), as opposed to incidental signs of misbehavior, providing a robust alternative and a good complement to such mechanisms. We propose to develop a baseline system that will demonstrate the feasibility of identifying specific types of insiders by developing a prototype for automatically generating and distributing believable misinformation based on administrator-defined templates, and then tracking access and attempted misuse of it. The technology to be commercialized has been licensed and transferred from Columbia University. The proposed prototype will integrate the deception technology and host sensors with open source Data Leak Prevention technology to demonstrate the essential functions and core features of a product suitable for government customers to mitigate the insider threat and thwart the exfiltration of sensitive government information.

Our more tech-savvy readers may realize some of the glaring technical limitations surrounding such decoy documents. For example, potential leakers could easily use firewall software to block outgoing network communications or simply disconnect from the Internet while viewing the documents. There may also be ways to detect these false documents in the future, as well. 

Despite those obvious limitations, the project still achieves its goal. Document leakers may become more sophisticated to avoid detection, but ultimately it requires more time and extra scrutiny. DARPA is hoping that extra effort make large leaks like this one unmanageable for organizations like Wikileaks. 

If these "misinformative" decoys cannot be easily distinguished from authentic documents, then the leaked information itself may lose public credibility. It also stands to reason that if the risk of getting caught is higher, more casual leakers will be discouraged from publishing confidential information.

If you would like to sample the technology, you can generate your own decoy documents here. Try it out and see what you think.




User Comments: 14

Got something to say? Post a comment
Win7Dev said:

Acrobat X asks if you want to allow the document to connect to the site when opening the sample documents, its not very hard to fool the demo. Anyone doing document leaking won't be fooled by that. Also, if hackers haven't figured out how to execute code using pdfs, images, and text files by now, Darpa won't either, not to mention the legal consequences even if they did figure it out.

Burty117 Burty117, TechSpot Chancellor, said:

So wait, document gets sent to me, I unplug my desktop from the internet, read the contents and move it to a USB stick. Plug internet back in? I can't see how this is effective. Also since there is live running unknown code in the files surely anti-virus programs would pickup on this and block the files as an unknown virus?

Cota Cota said:

The best part of this article, is that this level of professionalism is the standard on most companies.

Guest said:

What happens when a fake document is confused for the real thing internally?

Guest said:

It is best to never bring Big Brother into the spotlight and you sure as heck better not hold him accountable; because big brother has the right to take away all your rights which includes whistle blowing.

We are in the best possible situation where we don't need, want, nor protect any of our constitutional rights (including civil rights) because big brother knows better and always act in our best interests; and those committing such Heinous acts should be met by eliminating of the said rights. It is heart warming to see such great progress in this regard.

Guest said:

Seem to have a lot to hide.

Staff
Rick Rick, TechSpot Staff, said:

Guest said:

What happens when a fake document is confused for the real thing internally?

That's a good question and I'm wondering that too. This is actually outlined as one of the goals, but no details are provided.

If users can identify which documents are decoys internally, then that means there is a way to beat the system externally.

Guest said:

Bah this is just a decoy in it's self. The plan is to have this news out and then in case any actual sensitive information gets out they can just say " oh that was a decoy document don't believe what it says" and deny the whole thing. They couldn't do that before even though they wanted to. But now they have that option eh. good move DARPA. Confusion is power for sure.

Guest said:

Is this not the kind of thing that countries with dictators do?

Also, what have they got to hide, I hear more and more Americans use the phrase "If you have nothing to hide, you have nothing to fear" (makes me cringe), I wonder what they have to say about this?

hitech0101 said:

so the fake documents get leaked & people beleive that leading to more trouble?

Guest said:

For security reasons nobody should know about internal security rules in the serious organization. Then they need that we know it and want to manipulate ours mind.

"But now they have that option. They can just say " oh that was a decoy document don't believe what it says" and deny"

Absolutely right.

NTAPRO NTAPRO said:

The solution to one problems creates many more. That's my opinion.

MilwaukeeMike said:

Guest said:

Is this not the kind of thing that countries with dictators do?

Also, what have they got to hide, I hear more and more Americans use the phrase "If you have nothing to hide, you have nothing to fear" (makes me cringe), I wonder what they have to say about this?

What?! having nothing to hide doesn't mean you're ok with people stealing your stuff. DARPA does a LOT of high tech research and I'm sure they'd like to hold on to their work.

MilwaukeeMike said:

Guest said:

Is this not the kind of thing that countries with dictators do?

Also, what have they got to hide, I hear more and more Americans use the phrase "If you have nothing to hide, you have nothing to fear" (makes me cringe), I wonder what they have to say about this?

What?! having nothing to hide doesn't mean you're ok with people stealing your stuff. DARPA does a LOT of high tech research and I'm sure they'd like to hold on to their work.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.