Where art thou, Eve? Experiences laying traps for Internet eavesdroppers

Authors: 

Tavish Vaidya, Eric Burger, Micah Sherr, and Clay Shields, Georgetown University

Abstract: 

This paper describes a set of experiments we conducted to answer the question: just how prevalent is Internet interception? That is, if we sent our most sensitive information (bank information, passwords, etc.) in the clear, should we expect to regret it?

For a little over a year, we sent different types of Internet traffic over unencrypted channels between multiple clients and servers located at geographically diverse locations around the globe. Our messages contained seemingly sensitive and valuable information, including login credentials for banking sites, password reset links, etc. In total, we found no instances in which our information was acted upon by an eavesdropper.

This paper details the numerous challenges— technical, legal, and ethical—of setting up and maintaining a year-long, large-scale honeytrap. We discuss some fundamental limitations of such an experiment, and argue why our results should not be misinterpreted to suggest that message encryption is gratuitous.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {205857,
author = {Tavish Vaidya and Eric Burger and Micah Sherr and Clay Shields},
title = {Where art thou, Eve? Experiences laying traps for Internet eavesdroppers },
booktitle = {10th {USENIX} Workshop on Cyber Security Experimentation and Test ({CSET} 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/cset17/workshop-program/presentation/vaidya},
publisher = {{USENIX} Association},
}