This series is designed to help people to understand modern technology, and become more confident in using computing devices. It is not designed to educate experts.
The author is involved in tutoring older students at SeniorNet, a New Zealand wide organisation. SeniorNet hopes that students will feel more confident in using their computing devices as a result of the learning opportunities offered. This series of articles shares that hope.
In the old days, coal miners used caged canaries to determine if there were dangerous gasses present in the mine. Canaries quickly became a metaphor for warning signs – when the canary stops singing, it’s time to evacuate the mine before you die.
You can do the same with your computer system. Set up an alarm so you are notified if someone breaches your system. It’s easy and free. Just follow some easy steps.
This uses a system called canary tokens, and you generate these and leave them scattered about your computer, phone or tablet. A canary token is a file, URL, API key, or other resource that is monitored for access. Once the resource has been accessed, an alert is triggered notifying the object owner of said access. Some tokens use a specific programme to trigger, such as Microsoft Word. So a system without the programme won’t trigger. Therefore the correct selection of tokens is important.
It’s simple.
- Go to Canary Tokens (http://canarytokens.com/generate#)
- Choose your token
- Provide an email to receive the alert if activated
- Drop the token. Done.
It will take a couple of minutes, and you will have set a trap.
I have noted some things you should consider.
1. The Microsoft Word document and Excel spreadsheet will only be triggered if opened with Microsoft programmes. They won’t trigger if the baddy opens them with LibreOffice or other non-Microsoft programmes. This may happen if the attacker takes the files back to their lair and examines them on a Linux computer.
2. You can edit these documents to make them more attractive. Add dummy content, for example. The token is hidden in the footer area and will survive editing.
3. The pdf token will likewise only be triggered if viewed in Adobe reader. My Linux system doesn’t trigger it.
4. The QR code triggers as soon as I scan it with my phone. Other phones require the link to be clicked. A QR code on a label stuck behind your phone could show if your phone is examined!
5. You can rename these to something that will attract an attacker, such as Password list, Password Hints, Important, Personal documents. Just let your imagination run wild.
I suggest you use the fast redirect with a link to a juicy named file. I have my link renamed to Bank Log In. Irresistible for an attacker looking for value targets on my computer or phone.
If you are dropping tokens on a Microsoft computer to check if your kids are accessing it, use appropriately named Word or pdf files.
More information can be viewed in these videos.
It’s a set-and-forget system, so make sure your note will be adequate if this goes off in a couple of years’ time.