What is HADES? New 'alternate reality' thwarts hackers by tricking them into believing attack worked
The system has been designed to trick hackers into exposing their tools and techniques.
Cyberspace has become the new frontier for next-generation battle. As hackers launch more sophisticated attacks, security researchers are racing against time to develop effective cyber defences. Now, experts have developed a new system that could deter hackers like never before. HADES (High-fidelity Adaptive Deception & Emulation System) is the new next-gen cyber-defensive system – an "alternate reality" that has been designed to trick hackers into exposing their tools and techniques by making them believe that their attacks are progressing successfully.
HADES is the brainchild of security researchers at Sandia National Laboratories. It is essentially a system, which clones the targeted environment a hacker aims to breach. When an attack is discovered, instead of immediately cutting off a hacker's access into the system, the attacker is lured into HADES. The alternate reality provided by HADES allows the hacker is to carry out the attack, without alerting him/her about already having been detected.
HADES also provides security experts with a unique opportunity to analyse hackers' techniques and tools in real time.
"Deception is the future of cyber defense," security researcher Vince Urias, who along with his team, created HADES, said in a statement. "Simply kicking a hacker out is next-to-useless. The hacker has asymmetry on his side; we have to guard a hundred possible entry points and a hacker only needs to penetrate one to get in."
"So, a hacker may report to his handler that he or she has cracked our system and will be sending back reports on what we're doing. Let's say they spent 12 months gathering info. When they realize we've altered their reality, they have to wonder: at what point did their target start using deception, at what point should they not trust the data? They may have received a year or so of false information before realizing something is wrong," Urias explains.
By the time the attackers eventually figures out that something is wrong, they would have already exposed their methods and tools. "Then he's like a goldfish fluttering in a bowl," Urias said , "He exposes his techniques and we see everything he does."
However, HADES has one disadvantage – the more complex the deceptive environment, the more CPU power and memory resources required to deploy the system.
HADES has already allowed security experts to locate malware introduced into a system by an attacker and is capable of active attack. The US Department of Homeland Security (DHS) is working with Sandia to deploy it.
The unique system may be helpful in barricading against threats, while simultaneously gathering information on adversaries.