Cybersecurity and the Art of Misdirection

Cybersecurity and the Art of Misdirection

Remember the old joke about the fellow carrying bags of sand across the US/Mexican border on his bike? The guards couldn’t find any contraband in the sand. He returned week after week, same thing: bags of sand, no contraband. Finally, one of the guards runs into him at a bar and asks what he was smuggling. The answer? Bicycles.

Funny, yes, and for the same reason a good magician is entertaining: misdirection. You’re expecting one thing to happen but in reality something entirely different is happening.

Misdirection has been a tactic in battle for centuries as well. From a simple diversion to sophisticated misinformation campaigns, misdirection is a tried and true approach for fooling, and hence besting your opponent.

Misdirection plays an important role in computer hacking as well. Sometimes the hackers’ motives are clear, while in other cases hackers are obscuring their motivations or targets. In other situations the bad guys are using misdirection to control the psychology of their marks.

A simple example: ever wonder why the Nigerian pre-pay scam emails that we receive today are so, well, obvious? Even years after the scam first hit our public consciousness, the emails still begin with “dearly beloved in god” or some such, they still expressly come from small, poor African countries, and sometimes they even mention the “small fee” you will need to pay to release the immense funds coming your way. Ever wonder why the scammers haven’t improved their pitch?

The answer: they are trying to reduce false positives. For every million scam emails they send, they may receive hundreds of replies, but most of those are snarky people who want to fool or con the conmen. Only one in a million might be a truly gullible person who will actually send money. The scammers have learned that more obvious emails will reduce the number of responses that won’t lead to money.

Another example: hackers frequently target bank passwords or other information that will enable them to conduct fraudulent transactions. Obviously, if a hacker can steal money from your bank account, then they will take steps to do so. But whenever something about hackers is “obvious,” watch out. What if a hacker had a different target? It could be anything, from secrets for blackmail purposes to compromise of a piece of infrastructure like a power plant. The attack may look like a straightforward to attempt to steal money, but that doesn’t mean it actually is.

In the world of Cybersecurity, never take anything at face value.

Share the Post:
Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of