Skip to main content
HashnodeExegy Today PublicationExegy Today Publication

Command Palette

Search for a command to run...

Making a Tickerplant a Honey Pot to gain insight on bad actors

Updated
3 min read
Making a Tickerplant a Honey Pot to gain insight on bad actors
J
Justin Walters

Feel free to email me at editor@exegy.today.

Part of seriesSecurity

From my time working with Exegy Inc and learning all about how Tickerplants are designed with flowing the information from the markets to the clients at financial institutions, It has me really thinking about how interesting it would be for a security research company to use one of these company for creating a honey pot type project for gaining insight on what a bad actor would do if they gained access to one of these appliances.

It would be really easy to do and only require the following

  • Creating an isolated network with the Tickerplant appliances on it

  • Having external clients connecting to it that look like real and legitimate clients from a financial institutions

  • Have it receive stock data from some source..

Though the interesting question would be, do you allow it access for sending the join request to the live market or some feeder that pushes down old data.

I am sure an intelligent bad actor would at least check if the data matches up to what is going to the live market to compare if they are on something legit and not data that has been changed.

The easiest part would be finding the bad actors interested in playing with this system and this is where owning a legitimate subdomain or a domain that looks legitimate to a company that deal with these type of appliances comes in handy.

A security research company could easily do the following

  • Sell credentials to a VPN to gain access to this internal private network on the dark web

  • They could also sell an unknown exploit that has been written in to a server side application to allow them to gain access to it

It makes me wonder what it would take for a security research company to work with some company that designs these Tickerplants to attempt such a study for the insight it would bring.

The information gathered from this study would be interesting, because you could easily toy with the bad actor and see what kinds of things they would do or come up with.

If there are any security research companies out there interested in creating such a honey pot, it wouldn't be much work and I might be interested in loaning out my domains for such a study & project, unless you want to purchase them.

Just think of the value of this type of study, it could easily show the CISA, financial institutions, stock exchanges or anything other type of company dealing with market data the type of things that could happen or take place.

This way we get better auditing of companies dealing with the market and push strong security policies on to them. Trust me i would know, I have worked with a company that not even security conscious and they deal with the live market data around the world for most of the major financial institutions.

You never know what a bad actor would do when you can make them believe they have found gold, when in reality it was just pyrite and they were the gold.

#honey-pot#hacking-study#bad-actor#stock-market-security#tickerplant#exegy#feeder#stockmarket#security#research#cisa#financial-institutions#honeypot

Comments

Join the discussion

No comments yet. Be the first to comment.

Security

Part 1 of 2

Articles about Security

Up next

Why Companies Buy Top Level Domains (TLD)

There are tons of reasons why companies buy other domain TLDs, one of the biggest factors is security and not just about brand ownership. Some of the largest companies out there like Apple, Google & Microsoft buy and own hundreds of thousands of doma...

More from this blog

E

Exegy Today Publication

63 posts

A journalist and publication blog about security related issues and my experience with Exegy Inc (www.exegy.com).