Fraud and deceit – deception techniques used in nature are copied in cyberspace

Entrapment, fraud and deceit happen everywhere – plants and animals have the required abilities. Lying and deceit are everyday events and occur in an infinite number of forms. The techniques used by various species can be used to deceive attackers in cyberspace.

Defensive mimicry [Huheey] occurs among plants and insects in particular. A familiar example from the natural world would be hoverflies, whose colouring mimics bees, wasps or hornets. In the natural sciences, this is known as Bates’ mimicry, which involves a mimic and a mimicry model. Through evolution, a harmless and defenceless species develops warning signals resembling those of another species, and are aimed at the enemies of both the mimic and model. Alternatively, similarity can attract pollinators that normally pollinate other species with a certain appearance. In the case of Müller’s mimicry, dangerous species such as wasps and hornets appear to mimic each other. Other, similar examples can be found. Around 300 spider species have been identified around the world which, to predators, resemble bad-tasting ants found in the same environment. In addition, some cricket species, such as Macroxiphus, resemble ants.

Camouflaging is another form of deception found in nature. This involves a species evolving over time to resemble its normal environment, or evolution enabling a species to change its appearance to blend in with its surroundings. Good examples of the first group are the mossy leaf-tailed gecko (Uroplatus sikorae) which resembles a tree trunk and Ctenomorphodes chronus which looks like a eucalyptus twig. The chameleon is an example of the second group. Some species, such as the Burmeister’s leaf frog (Phyllomedusa burmeisteri), can play dead when threatened while others, like the viviparous lizard (Zootoca vivipara), can break off a piece of their tail.

Over millions of years, many organisms have evolved to mimic the appearance, sound, or other features of other species, or are able to fool predators in other ways, such as by playing dead. However, they do not practice deception voluntarily: their fraud and deception are the results of evolution. This is because looking for example more dangerous than they really are has helped their ancestors to survive and therefore reproduce.

Some animals also deceive and mislead others voluntarily. Cats arch their backs to look bigger when they feel threatened and fork-tailed drongos (Dicrurus adsimilis) can make a range of noises . This species can mimic the warning sounds of over 45 other species in order to drive them away from their food, before taking the food themselves. Gorillas can use unfair tactics to fool others in children’s games. Tufted capuchins (Cebus apella) have a strict hierarchy, based on which those with the highest status eat first. These intelligent monkeys use calls to warn fellow tufted capuchins that danger is approaching.

Forms of deception are unlimited

How do these issues relate to computers and the digital world? In his dissertation, James Yuill [Yuill] has defined cyber deception as follows: planned actions taken to mislead attackers and to thereby cause them to take (or not take) specific actions that aid computer-security defences. You can hear and see more about these topics in our webinar (on VTT’s website) and in our following blog posts on the subject.

Lying and cheating are commonplace among people. This takes an unlimited number of forms. On first dates, people often try to create the best possible impression, by omitting certain matters or telling small, white lies. When travelling, we may use fake wallets in case of pickpockets . Advertising and marketing are continuously used to deceive people. Think about how great products look on television, magazines, or online. Your image of the product may change completely when you buy it and start actually using it. In practice, deception have always been a part of war, even if the forms this takes and techniques used have changed somewhat over time. Everyone is sure to remember the Trojan horse, but what about the inflatable tanks used to deceive the enemy in the Ghost Army during the Second World War ? Armies continue to use inflatable vehicles for the same purpose.

In cyberspace, the same techniques from the animal world or other walks of life can be used to deceive opponents or, more accurately, attackers. We can manipulate the system we are defending to look other than it is, draw attackers into various traps, make our system appear vulnerable or broken, or even try to scare attackers off in various ways.

 

Teemu Väisänen VTT
Teemu Väisänen

Research Scientist, Cyber Security VTT
teemu.vaisanen(a)vtt.fi
http://.vtt.fi/cybersecurity

 

[Huheey] James E. Huheey, “Studies in Warning Coloration and Mimicry. VII. Evolutionary Consequences of a Batesian-Müllerian Spectrum: A Model for Müllerian Mimicry”, Evolution, Vol. 30, No. 1 (Mat., 1976), sivut 86-93.
[Kettunen] Niko Kettunen, ” Sieppodrongon kielitaito ei rajoitu pakkomangustiin”, HS Tiede, https://www.hs.fi/tiede/art-2000005010185.html
[Väisänen] Teemu Väisänen, ”Kyberansojen ja -harhautuksien 101 (lyhyt versio)”, VTT blog, https://vttblog.com/2017/11/16/kyberansojen-ja-harhautuksien-101-lyhyt-versio/
[Suikkanen] Päivi Suikkanen, ”Historia: Haamuarmeija”, 25.09.2014, https://yle.fi/aihe/artikkeli/2014/09/25/historia-haamuarmeija  
[Yuill] James Joseph Yuill, ” Defensive Computer-Security Deception Operations: Processes, Principles and Techniques”, PhD väitöskirja, Pohjois-Karoliinan yliopisto, https://repository.lib.ncsu.edu/bitstream/handle/1840.16/5648/etd.pdf  

Leave a Reply