The Federal Bureau of Investigation is working firsthand with companies to outsmart cybercriminals by deploying decoy data, Ars Technica reported on Friday (Dec. 20).
The FBI program IDLE (Illicit Data Loss Exploitation) has companies plant decoy data as a way to confuse thieves looking to hack valuable information. The fake data is mixed with real information to make it appear authentic. When the fake data is downloaded, it triggers IT that something could be amiss.
“We have agents in every field office spending a large amount of time going out to companies in their area of responsibility establishing relationships,” Long T. Chu, acting assistant section chief for the FBI’s Cyber Engagement and Intelligence Section, told Ars. “And this is really key right now — before there’s a problem, providing information to help these companies prepare their defenses. And we try to provide as specific information as we can.”
The FBI is “taking more of a holistic approach” instead of acting on particular events, Chu told Ars adding, “we’re looking at cybercrime from a key services aspect” by examing the relationship between what data cybercriminals target and the “the entire cybercriminal ecosystem.”
When the bureau has existing relationships in place with businesses, information flows quicker and IP addresses and other markers can be “run that against our databases and all our resources,” Chu added.
Some teamwork takes place with Information Sharing and Analysis Centers (ISACs), Flash alerts and Private Industry Notice (PIN) alerts about particulars concerns. The FBI also has a CISO Academy that teaches chief information security officers about what kind of details help propel investigations.
In March, the FBI announced a directive shift away from counterterrorism and toward fighting the increasing threats from cyberattacks. The move came amid an ecosystem of attacks from foreign countries, like Russia and its election meddling and China’s cyberattacks against U.S. businesses. The Navy also reported that it was under siege by Chinese cyberattacks.