◆ SpookStack

mm has used honeytokens to detect when employees ‘ilicitly download forbidden material. For example, he has entered corporate memos with particular typos into private databases and then monitored company networks to see where those typos show up. Tracing these honeytokens, he says, often leads to caches of illegal materials stored on the network. No one believes that honeytokens can stop all cybercrime. But they could offer an upgrade in protection. Honeytokens offer another advantage: They help reduce the number of false positives in other cyberdefense systems. Like car alarms, intrusion detection systems can go off so frequently because of accidental trespassing that many security administrators ignore the warnings. Honeytokens, if designed correctly, should trigger alarms only if there is a malicious attack. Hackers, however, are not impressed. Adrian Lamo, who gained notoriety last year when he claimed to have broken into the systems of a number of companies, including Yahoo, says he is not worried. "It's a form of old-school security," he says. "It will work on the people who have been to the old schools." Mr. Lamo says that he only goes after information that he knows other people frequently seek access to and that he runs credit checks fo ensure that information he uncovers, like Social Security numbers, are real. Mr. Spitzner contends that it should not matter whether a hacker bothers to run a credit check because the alarm should ring any time the decoy record is accessed. Hackers can also evade honeytokens by compressing and password-protecting the information they steal, thereby changing or hiding the data, like fake Social Security numbers or typos, in memos that the sniffers are searching for. And "phone home" honeytokens designed to trace users could be thwarted if opened only on computers disconnected from the Internet. Some experts are also worried about the possibility that using honeytokens could violate the federal Wiretap Act, which places limits on intercepting and monitoring electronic communications. Richard Salgado, senior counsel for the Justice Department's computer crime and intellectual property unit, has said that very little law governs this new area and that security technicians should consult first their lawyers. Vage 5 014 bé -1 b7c -1 5/7/2003 FBI(19-cv-1495)-1781