Straight out of DARPA comes technology that enables users to generate trackable, fake documents that include a beacon that report back to the user when they are opened. The app also allows users to upload docs and embed them with beacons.
So what's the big idea behind the technology? In the wake of the Wikileaks scandal earlier in 2011, the Department of Defense wanted a way to track where documents are going and identify who's opening them. (Note: Nothing in this post -- except the marked URL below -- contains such tracking code.)
According to a post on The Verge:
The DARPA-funded technology comes out of Columbia University generating fake PDFs and Word documents for your home computer that'll ping you if they're opened. Taking it for a spin pretty quickly shows some of the problems of the system.
It's recommended you open the document yourself first to give it the permissions to contact the server so it doesn't alert potential data thieves in the future — wouldn't that alert still pop up if they pulled up on a different computer? The documents also don't call home from Mac OS, which is fine if you're running a large network of PCs, but not so useful for everyone's home machine.
You can sign-up and try the app here, but beware it's a little clunky (for example, the demo wasn't working when I signed up) and it doesn't create Word documents. The image above shows how documents can be created.
According to the developer:
Once a user registers with the system by providing a real email address and user chosen passcode, the user is ready to get started. FOG provides a number of tabs to select different actions. The create decoy tab is first used to request the generation of Adobe PDF or MS Word Doc files, each with an enabled "beacon" that executes whenever the document is opened. Once the user has generated a document, they may download it to their machine.
The first time the document is downloaded, we suggest opening the document for review. The user will likely see a security pop-up message warning the user that the document is attempting to make a network connection with a server at the IDS lab at Columbia. The user should click on the box to REMEMBER THIS ACTION, and then click on ALLOW so that subsequently opening the document will not generate a pop-up message (which can be used by an inside attacker to detect the decoy).
The document should then be stored in a conspicuous location such as the Desktop, or the MY-Documents folder (on Windows machines). In the future, any time the decoy is opened, an email will be sent to the registered email address warning the legitimate user that someone has opened a decoy document in their machine.
The link below -- which doesn't look even a little stealthy -- has tracking code and will report back to me that it has been clicked. Or it's supposed to. I'll report back.
I am not sure this is something readers would want to use in their organizations, but it is an interesting way to see the ways in which the U.S. government is responding to Wikileaks and other releases of sensitive information.