Cyber attacks don’t just affect large companies. It’s true that they are more high-profile, but how would you feel if somebody broke into your PC and stole your personal data? They could steal your identity and pretend they are you in order to access your bank account. They could also take your photos and create a fake social media profile.
👉 Talking about social media, there is a post you should read: 5 Tips to Keep your Social Media Safe
In this post I’m going to show you how to create a very simple security measure without having to be an expert in cyber security. We’re going to set up our own Canary Token, which can be used to know when somebody is searching among our files, sends an email or clicks a link.
Get me to the point:
- What Canary Token means
- Set up your own Canary Token within a PDF
- Set up your own Canary Token within an URL
You may have heard of honeypots before. Honeypots are devices used as bait for cyber attacks in order to gain information on both the attack and the attacker. Canary tokens work in a similar way and can also give us valuable information on potential cyber threats.
What does Canary Token mean?
There’s a reason behind the name, although it has nothing to do with computers or cyber security, but rather the mining industry.
As we all know, miners face significant risks while working, particularly in the case of underground mines. One such risk is the presence of lethal gases such as methane or carbon monoxide. This is due to the fact that at certain levels the presence of these gases in the air can cause loss of consciousness or even death.
Technology advances mean that there are now improved security measures such as gas detectors and ventilation systems that did not previously exist. Back then, however, miners came up with their own way of detecting the presence of these gases before they reached deadly levels for the miners themselves; and here’s where the canary comes in.
Canaries have a much greater sensitivity to methane and carbon monoxide gas than humans. Certain levels of these gases, although harmless for humans, can cause canaries to lose consciousness. That’s why miners would take a canary with them into the mine as a sentinel to alert regarding the possible presence of these gases in the air.
How to set up your own Canary Token
The role of Canary Tokens in the field of cyber security is basically the same: we use our digital ‘canary’ to alert us of any suspicious activity. All you have to do is set it up and place it in a strategic location.
We’re going to see some examples now using the websitecanarytokens.org, which allows us to create our own Canary Token in a matter of a few clicks.
To start, go into the web on your browser 🙂
Example 1: generating a Canary Token in a PDF document
One very useful way is to create a new PDF document which we then use as bait. In this example, I’m going to show you how to create this type of Canary Token so that it sends an alert to your email if anyone opens it.
Firstly, choose the option of a PDF document:
Enter the email where you wish to receive the alert and a reminder note for when the token is triggered. In my case it looks as follows:
Once you have created this new PDF document, change the name and move it to the folder you want to monitor.
One of the files in this directory is the PDF that I just created, but at first glance it blends in with all the others (I won’t say which one it is, although it’s not difficult to guess!).
Now if anyone accesses this folder and opens the PDF it will be an empty file, but we will receive an email with the following message:
“A DNS Canarytoken has been triggered by the Source IP XXXXX. Please note that the source IP refers to a DNS server, rather than the host that triggered the token” plus some technical details.Message from canarytokens.org
Example 2: generating a Canary Token as a URL
This way of creating a canary token is equally simple. In this case, I’m going to explain how to set up a URL so that it alerts you when somebody clicks the link.
We could send an email with this link and we would receive an alert when somebody clicks it:
If the user clicks the “Open” button, we would receive an email just like in the example of the PDF document.
Little things make a big difference
Sometimes in the cyber security world it’s the little things that make a big difference:
- clicking (or not clicking) a simple link
- having a certain port open
- setting up an account with admin/admin
And while our little ‘canary’ doesn’t fully protect us against cyber attacks, it could give us a valuable warning just as they once did in the mines.
It’s also true that for every law there’s a loophole, but we’ll leave that for another post 😉