|
|
|
|
|
|
by jholman
4743 days ago
|
|
|
Ah, hmn, that's a more-clever plan than any of mine. BUT I'm still a little skeptical, though maybe the details could be worked-out. I mean, if you send the emails to fake users, then the NSA isn't likely to follow the links. And if you send emails to real users, then you have trouble proving it wasn't the real user (owner of the mailbox) who followed the link. I mean, the IP addresses do help... unless the snoopers use TOR, or equivalent. (In fact, what do you figure are the odds that the original TOR developers now report to Alexander, via USCYBERCOM, via the Tenth Fleet, via NETWARCOM? Where would you assign those guys, if they still work for the Navy?) In favour of this honeypotting idea, though, if you set up fifty honeypots, and your opponent evades forty-nine of them but falls into the fiftieth, maybe you've still got something. |
|
|
Generating messages could be done using Markov chains that learn from the content across many of their own mailboxes. Before that Markov generator is used, it could be scrubbed of any words that are particularly sensitive because they refer to classified or secret material.
That's just one idea. Now that the cat's out of the bag, I hope security researchers are already working on such honeypots. Personally, I think every major newspaper should be among the first to implement honeypots. Alternatively, people who thinks they are at risk for surveillance or suspect that they are already being surveilled should be able to submit their email to some watchdog group that can set up the honeypot on their behalf.