Security Firm's April Fool's Advice: Deter Hackers With Romance
Who says security vendors don't have a sense of humor? Sophos Inc. today urged companies to consider hiding sensitive data in snippets of romantic literature or other diversionary text to protect the data from hackers.
In an April Fool's Day press release, the company said its research shows that hackers can be sidetracked from their mission to steal corporate data when enterprise networks are flooded with romantic fiction. (See also "Top 10 April Fools' Day Fake News Items for 2010.")
Not only will stories of love and lust make it more difficult for hackers to uncover confidential information, "they can also be distracted for over 1.4 hours" by the content, Sophos said, giving security teams time to stop a data breach.
Sophos claimed that its research resulted in a new technology called "Protection through Distraction," which it is incorporating into future versions of its software. Sophos also plans to roll out the technology to select customers as soon as possible, the release noted. Going forward, the company's security researchers have been told to write romantic fiction along with their regular duties of writing antispam software.
"SophosLabs tests have revealed that specific content can distract hackers from highly sensitive corporate information, the most successful at sidetracking hackers is romantic fiction," the company said.
While the finding might appear surprising on the surface, it really isn't, said Sophos senior analyst Carole Theriault in the release. "[Hackers] are human, just like the rest of us. And if you give them something titillating to peruse, they can't restrain themselves."
In a a YouTube video that accompanies the press release, Sophos engineers talk with tongue in cheek about the technology and the effectiveness of using distraction as a way to thwart hackers from getting at corporate data. One researcher, without missing a beat, mentions that Sophos' research shows that hackers have a preference not only for romantic literature, but also for erotica.
In an industry where security vendors often like to spew FUD (fear, uncertainty and doubt), it's unclear whether anyone is taking the release seriously. Some Twitter messages early today suggest that a handful may have fallen for the joke., but the vast majority of readers are having fun with it.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Knowledge Center.