Signup for news and special offers!
You have successfully joined our subscriber list.
Image by digital designer from Pixabay
A Canary token is a file, URL, API key, or other resource that is monitored for access. Once the resource has been accessed, an alert is triggered notifying the object owner of said access.
In other words, it’s a trap for the bad guys. If a bad guy opens the file, you will get an email notification about it.
It’s pretty simple. You place your canary token (a file you generate) on your computer, server, NAS, or cloud storage. You put the file in a location that no one should be accessing and if someone opens it, you will get an email about it. It’s a cool way of detecting unauthorized access.
There are many types of tokens you can create. Below are the currently available types:
Canary tokens were developed by Thinkst, a cyber security company. From base architectural choices to individual feature implementations, defensive thinking has been baked into Canary at multiple layers.
They’ve also had a crystal-box assessment performed of both the Canaries and the Console by one of the leading app-sec teams in the business. A copy of their report is available on request, but their pertinent, summarising snippet is:
The device platform and its software stack (outside of the base OS) has been designed and implemented by a team at Thinkst with a history in code product assessments and penetration testing (a worthy opponent one might argue), and this shows in the positive results from our evaluation.Overall, Thinkst have done a good job and shown they are invested in producing not only a security product but also a secure product.
The canary token project is open source. Canarytokens is available for free at http://canarytokens.org, or you can download and run your own installation (source and Docker images are available.)
For a cost, you can also purchase a subscription where Thinkst Canary will host a management console, canary server, and provide updates, support, and maintenance.
Data breaches, hacks, and cyberattacks are on the rise. Most breaches happen weeks or months before we realize something bad has happened. Having a tool like this is a great threat detection tool.
Canary tokens are a free, quick, painless way to help defenders discover they’ve been breached (by having attackers announce themselves.)