Last month Heckman, a researcher for the non-profit IT research corporation MITRE, gave a talk with fellow MITRE researcher Frank Stech at Purdue’s Center for Education and Research in Information Assurance and Security and described a cyber war game scenario MITRE played out internally in which she and Stech tried an unorthodox defensive strategy: Instead of trying to purge a Red Team of hackers from a Blue Team’s network they were defending, Heckman and Stech let the attackers linger inside, watched them, and fed them confusing misinformation. The result: despite the Blue Team’s network being deeply compromised by the Red Team’s hackers, Blue managed to trick Red into making the wrong moves and losing the game.
That's something I've been preaching for a while.
It's hard to prevent a focused attacker from breaching your network. Instead, sprinkle the system with enough fake good stuff that the attackers will have no choice but to go get that because it's the shit. If you search this blog you'll see several posts about this.
Regardless, the whole article is really a good read. This below is good way to get yourself detected.
But Blue found that it had one advantage: Every Blue user had the same browser and operating system, and Red had made the mistake of using different software. So Blue was able to detect which accounts Red was accessing, and start manually feeding specific misinformation to those compromised accounts.