URL Canary
Log in

What secrets might I want to monitor with URL Canary?

Email inboxes, other private messages

Put an email in an important person's inbox with an enticing subject and URL (e.g. "Banking login" at "https://private.yourcompany.com/banking-login-2018.txt"). If the inbox gets compromised and the attacker tries to visit the URL, your security team will receive an alert containing the IP address and User-Agent of the attacker, and you can investigate the breach. Similar tactics work on any communications platform where the compromise of historical messages might be damaging (Slack, Skype, Hipchat, WhatsApp, Facebook Messenger, ...).

Executive laptops

Put a shortcut on the desktop with an enticing name and icon, that is a hyperlink to a convincing URL. If the computer is either stolen unenecrypted, or remotely-compromised, and the attacker tries to follow the shortcut, your security team receive an alert and you can investigate.

Internal wiki, bug tracker

Hide a compelling paragraph or two, containing likely search terms (password, backup, keys, etc.) in obscure places in your wiki, bug tracker, or other source of information, along with a URL Canary. If authorised users stumble across the information, you'll be able to see that the access came from an authorised computer. If an attacker finds it while searching for information, and visits the URL, your security team receive an alert and you can investigate.

Source code repositories, database backups

Put a file with an irresistible name in your code repositories and database backups, with believable contents and a URL Canary. If an attacker gains access to the data, and visits the URL, your security team receive an alert and you can investigate.

Password managers

Create a 1Password vault purporting to show a URL that contains additional authentication information. If an attacker gains access to the vault and follows the URL, your security team receive an alert and you can investigate.

Physical safes, safe deposit boxes, private drawers

It's not limited to digital information: physically writing a URL Canary down on a sheet of paper is likely to attract the interest of anybody (from casual theft to corporate espionage) who gains unauthorised access to the location. If the thief visits the URL, your security team receive an alert and you can investigate.

Any other private information, physical or digital

You can put a URL Canary anywhere that has enough storage space to store a URL. If the URL is ever accessed, you will know that somebody has gained access to that storage space. Be it a database backup, a locked box, a personal diary, or anything else. It is of course possible that an attacker would be wary that the URL is a canary and opt not to visit it. In such case, you're no worse off than you would have been if the URL Canary wasn't there at all.