German army researchers use network honeypots to lure hackers

Researchers working on behalf of Germany’s federal armed forces have created a series of honeypots in their network to lure and learn from the behaviour of hackers.

Dr Gabi Dreo Rodosek, director of newly created cyber defence research centre CODE and chair of Communication Systems and Network Security at Universität der Bundeswehr München (the University of Federal Armed Forces Munich), has confirmed that the organisation uses numerous honeypots disguised as appealing attack targets to attack the attention of would-be hackers.

“Here in part of the University network there are some honeypots staying around,” said Dreo Rodosek. “They are put as a trap for the hacker.”

The honeypots are designed to appear to hackers as part of key infrastructure such as power grids, or “very important servers with important information on them”.

However, while such tools are often used to catch such hackers, the goal here is to learn from their behaviour in an environment where the nature of digital attacks changes on an extremely regular basis.

“We can of course get the attention of hackers, to learn from them [about] how the attack patterns are developing,” explained said Dreo Rodosek.

For the research centre, which is tasked with developing future cybersecurity measures for Germany, the honeypots turn hacker behaviour into a valuable source of research data.

Thankfully – in a sense – Dreo Rodosek and her colleagues have no shortage of information on this front, as the university, and in particular CODE, is subject to regular attacks, with the professor saying that “we already are” a major attack target.

While, as a university for the federal armed forces, Universität der Bundeswehr München has always been a favoured target for hackers, the rate of attacks has shot up since the announcement of the new cybersecurity research centre.

CODE was formerly announced in July of 2016, and within a month saw attacks increase by 600%, despite the fact that the research centre will not be fully completed until 2021.

Some of the honeypots are designed to resemble important servers containing valuable data

However, while the numbers may have increased both at the university and on critical infrastructure across the country, Dreo Rodosek is more focused on how many of the attacks are successfully prevented.

“How often I was attacked – this is an irrelevant number for me. What is relevant for me is how many of these attacks have been successful, have really overcome my own technologies that I have in place to stop it?” she said.

“Say we have a hundred thousand attacks per hour on our infrastructure – what does this mean? The point is really how many attacks have been successful, and that’s the real number.”

Select technologies have had a powerful impact on life in many African nations, and as a result the continent has taken on a distinctly cyberpunk feel. But while having tech transported into Africa is often pointed to as the cause, we look at how the continent has it own innovators to be thankful for

Nokia has played a key role in African innovation. When the company’s 1100 became available in Africa, the continent’s people the tech to do-it-yourself use, creating innovations that have continued to blossom: mobile banking companies, solar-powered phone charging co-ops, pay-per-view educational tablets and drones that answer cargo and medical delivery issues.

Frequently, these innovations have risen out of necessity, so mobile phones have stood in for physical banking systems, portable solar panels took the place of unreliable power grids, apps filled in for precarious or non-existent state education and drones traverse roads where other means of travel is impossible.

“According to GSMA, there will be 700 million smart phone connections in Africa by 2020,” says Sylvia Mukasa, Women in Tech Africa’s Chapter Lead for Kenya. “Who would have thought this a decade ago?”

Leapfrogging in reality

The 1100, which retailed for less than $30, was proof of two things: African ingenuity and leapfrogging’s potential. These are premises that trend-spotters and start-ups in the West have buzzed over for some time now. But not everyone is convinced. “Africa is often thought of as a monolith; worse still as a single country,” says global business investment strategist Harry G Broadman, CEO and managing partner of Proa Global Partners LLC. In reality, the continent is comprised of 54 distinct and heterogeneous countries that differ in terms of needs, development and resources. Framing Africa as a unit of analysis in leapfrogging terms is just not constructive.

Feature image courtesy of courtesy of Institute for Money, Technology and Financial Inclusion. Image courtesy of Gearbox

Plus, says Broadman, the focus on adopting foreign tech does the continent’s home-grown inventors a disservice. South Africa, which benefits from reliable roads, steady power and an abundance of graduates, might be the continent’s sole mature tech scene, “but it’s the eastern Horn of Africa, with the recent emergence of numerous incubators that’s becoming home to some of the most cutting edge innovations on the continent.”

The PICS bag (a triple-layered crop and seed storage bag that is air and water-tight, providing protection from moisture, pests and high temperatures, allowing farmers to time their sowing around favourable weather conditions and market prices)  developed by West and Central African farmers together with agricultural researchers from Purdue University, is a prime example of the kind of innovations Africa develops for itself.

As The Economist points out, leapfrogging may not be the cure-all solution Africa needs or wants. “Drones can transport blood, but they can’t transport doctors, who need roads. Solar panels will help people light their homes without burning kerosene, but they will not replace the functioning grid that manufacturers need. Nor will clever technology firms do away with the need for well-drafted regulation and the rule of law.” Leapfrogging may even worsen development, points out Broadman – especially in communities where unemployment is rife. “Introducing labor-saving processes could well exacerbate rather than strengthen social stability and economic development.”

Community-based projects

Happily, that’s not been the case with M-KOPA, the pay-as-you solar energy service that started life in Kenya, says Mukasa. “As of September 2014, M-KOPA was providing affordable power to over 100,000 households and business, adding 2500 more every week according to the company website. The company sells through more than 1000 retail agents and shops and has over 400 staff, meaning it’s created employment opportunities too.”

Denise McKenzie, head of outreach for Open Geospatial Consortium is cautiously sceptical. “I’m not yet convinced leapfrogging is a wide-spread phenomenon. But I do believe the potential is there. There are some amazing examples where the tech adoption around drones, for example, is unlike anything we have seen in the rest of the world. A great example of this is the Ramani Huria project in Dar e Salaam.”

There are some amazing examples where the tech adoption around drones, for example, is unlike anything we have seen in the rest of the world

This community-based mapping project in Tanzania trains teams of local university students and community members to create sophisticated maps of Dar, including the city’s most flood-prone ward. These areas, the majority of which are made up of unplanned and informal settlements, become incredibly vulnerable during the annual rain seasons when floods destroy roads, homes and lives. Effective mapping, which takes in residential areas, roads, streams, floodplains and other relevant features, can help with both disaster prevention and relief, routing help to areas that had previously been off the map.

These maps – which are available online, for download and also delivered in printed form to the local governing bodies of each ward – are combined with other data in InaSAFE, a free software that allows users to run realistic natural disaster scenarios for better planning and response.  As the Ramani Huria website points out: “The project will bring awareness of the need for flood prevention and risk reduction to the local level, while teaching participants valuable computer and mapping skills that they can put to use elsewhere.”

It’s a World Bank-supported project now, but it was the city’s slum communities that pioneered the Ramani Huria project, using drone data to build maps of the city in OpenStreetMap. McKenzie says their resourcefulness “will challenge the traditional way national mapping agencies have made digital maps for the past 30 years”.

Innovation from within

Ghana’s vice president Dr Mahamadu Bawumia is certainly taking African innovation seriously. Bawumia used his platform at a recent convention to rally African leaders around this area, calling on government and big business to nurture Africa’s would-be tech pioneers.

“Africa is a huge continent with huge resources. What we have not done over the years is to leverage all these resources to develop the continent. But increasingly, you’re seeing some transformation taking place in many countries.

“What we’re realising, and what many countries are understanding, is that if you’re going to leapfrog, you really have to lead that charge yourself. Nobody else is going to come and say: ‘Hey, you have to leapfrog’ because you’re competing with everybody else. You’re in a globally competitive environment. You have to do it yourself.”

But despite the desire for self-sufficiency, foreign investors stand to make healthy profits when they step in to finance or collaborate with African nations. M-Pesa, the branchless mobile phone-based bank that launched in 2007, is proof of that points out Makusa. “Both Safaricom in Kenya and its parent company Vodafone in UK have reaped financial gains,” says Makusa.

Africana doesn’t need to rely on partnerships. Richard Turere, the feted young Maasai boy who invented lion lights in 2011, is a brilliant example of native, shoestring ingenuity. Using a car battery, a motorcycle indicator box, a switch and a flashlight, this Turere rigged up what became a cheap, efficient and humane solution to keeping his family’s livestock safe from roaming predators. “Kenya’s lion population has dropped from 15,000 a decade ago to under 2000,” says Makusa. “Human-wildlife conflict in Kenya is a big deal and conservationists say that most of the top-down initiatives fail to gain traction from the communities, so locally-made inventions that are affordable, effective and easy to use can make a big difference.”

‘African solutions for African problems’ is a popular adage among the continent’s development champions. That’s because “Africans understand their own issues and obstacles better than foreigners do,” says Makusa. “They also understand local dynamics, allowing them to know better how to navigate around systems to make things work in their own back yard. I believe that there is need for government, techies and other stakeholders to work alongside local communities to come up with local solutions since these communities need funds, knowledge, skills and expert advice.”