gHOST IN THE sHELL

gHOST IN THE sHELL

Introduction

Attackers are lured into thinking they got access to an unsupervised server, while they breached into a controlled environment (what is known as a honeypot).

Diagram showing a blueprint of the project
Diagram of the project

Project

Millions of botnets scan the Internet 24/7, looking for insecure connected devices.

Exposed points of entry are bombarded with connections and login attempts, until a valid password or an exploitable bug is found.

Through the breach, the Attacker connects to the server and begins probing around for clues that will lead to valuable informations about the host; the only way Attackers can feel the place around them is via text commands sent via the shell interface.

Simulation of a typical interaction with the server

Sample interface of the website

The interactions that Attackers have with the host will be published on a website for Visitors, similar to an aquarium or ant farm.

Sample interface attacks beginning
Attacker begins looking for a valid password
Sample interface attacks continue
Multiple attackers, the more attacks per second the graphically closer to the Host
Sample interface successful attack
Attacker managed to login
Sample interface attacks detail Attack detail action buttons Multiple attack details
Mockup of a possible attack detail user interface

Live data gathered from the attacks will include:

  • Attacker IP
  • Attacker (perceived) location
  • Log of all attempted attacks
  • Informations the Attacker has been tricked into providing

This data will then be stored digitally and processed to:

  • Create algorithmic background music
  • Update and animate graphs, widgets and informations on the website
  • Update profiles about the Attackers
  • Instaurate a direct text-based connection with Attackers

Interaction with the Attacker

By connecting and relying on text feedback to understand the environment, the Attacker opened up to interact by the Host.

Diagram showing how the Attacker depends on the Host to perceive reality

The Attackers' perception of reality depends on written information that the Host provides, and can thus be shaped.

We can for example present them with a novelty system instead of what they would traditionally find on a server (for example a text-based interactive platform, adventure game, digital art, etc.)

Example bot answering questions from a random Attacker that connected to the PoC server

The connection created by the Attacker also allows us to counteract, for example by showing them information designed to provide an emotional response (e.g. Roko's basilisk, fake police or government response to the cyberattack, etc.), effectively installing malware in their brains.

The content the Attackers will see first-hand on the server is effectively available only to those who can break into the Host, either produced by the Host or Attackers themselves. Art you have access to only if you have the technical abilities required.

Physical realm

It is possible to expand the experience further by attaching the honeypot to microcontrollers, so that intruders can interact with the physical environment:

  • Speakers playing audio messages left by Attackers, generated via text-to-speech software
  • Attackers could be presented with video or photos taken live from the room where the installation is hosted, or webcam feed from Visitors on the website
  • Attackers can manouver servo motors and operate machinery
    • write
    • paint
    • print
    • engrave
    • squeeze
    • press
    • pull
    • etc.
  • Attackers can interact with displays (LCD or LED screens) hung on walls
  • Attackers can interact with lights in the environment
  • Attackers can interact with Visitors via text terminals chats on the website or in live terminals in the room where the installation is placed
  • Actors and Visitors can interact with attackers using physichal expression, translated to text via sensor and sent to the Attackers

Live interaction from an attacker with the Host

Goals

I'd like to create a immersive experience for Attackers and have them become the core of the performance.

The Attacker will be lead through a text-based interactive narrative that explores the theme of identity, anonymity, choices, and their real life consequences.

What I would consider the most favourable outcome is having led an Internet entity (by nature anonymous, ethereal, not responsible) to produce a reaction in the physical environment (which is the realm of identity, presence, reality).

What I'd like to achieve with this project is multi-layered, in order of achievability:

  • Multimedia art completely generated by interactions of malevolent actors
  • Lure the attacker to complete a text-based adventure and peruse digital art, a private exposition only for those who can penetrate through the walled garden.
  • Have an Attacker on an exposed internet-connected Host interact with the physical world

The honeypot concept can also be expanded in the physical realm: Visitors will assume that what happens in the room is controlled by anonymous Attackers from the Internet, while this is just a rappresentation to lure them into believing this to be true. In this case the Host would then have successfully created an IRL honeypot.