FBI bets on decoy data in program to help companies confuse hackers

By Brittany Roston/Dec. 22, 2019 8:00 am EST

Cyberattacks that result in the loss of vast amounts of data have become increasingly common. Hackers are targeting everything from corner stores to major hospitals and social media platforms, putting people at risk of identity theft, financial fraud, and more. Here to help address that issue is the FBI's IDLE program, which focuses on using decoy data to make things harder for malicious hackers.

In a recent talk with Ars Technica, FBI Cyber Engagement and Intelligence Section acting assistant section chief Long T. Chu said the agency is taking a more 'holistic' approach to deal with the growing issue of cyberattacks. Rather than simply warning big companies when they're being targeted and reacting to security breaches after they happen, the FBI is now also helping companies take proactive steps to foil these data theft attempts by obscuring the data.

The work is being done under a program called 'IDLE,' which stands for Illicit Data Loss Exploitation. The program is described as an attempt at obfuscation via the use of decoy data. Sources speaking to Ars describe IDLE as something other than entrapment or a classic honeypot, instead being akin to mixing a bunch of fake puzzle pieces into a box full of legit puzzle pieces.

Hackers will have to work very hard to separate the fake data from the real data, making the overall idea of breaching these companies less appealing. The idea isn't to lure in attackers by dangling tantalizing (but fake) information; rather, it's to help protect the data that hackers are already seeking.

The FBI isn't talking about the intricacies of this program for obvious reasons, but it hasn't classified IDLE. The report claims on behalf of a source that the fake data created under this program is designed to match the format used by the company for its legit data. The fake data is mixed into the batch but won't negatively impact the company itself. The FBI isn't revealing how this mix takes place, however, in order to avoid providing information that may benefit attackers.