1 / 27

Social Science Experiment

This study explores the effectiveness of authority figures on compliance in cyber crime contexts. Based on literature and a meta-analysis of various experiments, including the classic Milgram study, it examines the relationship between authority, peer pressure, and behavior. The findings indicate inconclusive results regarding the influence of authority on compliance, highlighting the complexity of human nature. The experimental setup involved impersonation and intervention strategies to test hypotheses on compliance with requests for sensitive information. Results reveal significant insights into employee behavior and cyber crime susceptibility.

daryl-wilcox
Télécharger la présentation

Social Science Experiment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Social Science Experiment • Jan-Willem Bullee

  2. Background • Effectiveness of authority on compliance • We can get some of the answers from • Literature (Meta-analysis) • Attacker stories/interviews • But the answers are inconclusive • Different context • Hard to measure human nature • Difficult to standardize behaviour. 2 Cyber-crime Science

  3. Principles of Persuasion • Authority • More likely to listen to an police officer • Conformity • Peer pressure • Commitment • Say yes to something small first • Reciprocity • Return the favour • Liking • People like you and me • Scarcity • Wanting the ungettable 3 Cyber-crime Science

  4. [Mil63] S. Milgram. Behavioral study of obedience. The Journal of Abnormal and Social Psychology, 67(4), 371–378. Literature on Authority • Classical Milgram Shock Experiment • 66% full compliance 5 Cyber-crime Science

  5. Introduction Key Experiment • Get something from an employee • Equal to password or PIN • Intervention • Impersonate 5 Cyber-crime Science

  6. Experimental Setup • Design • Intervention • Written memo • Key-chain • Poster 5 Cyber-crime Science

  7. Hypotheses • H0: Intervention and Control comply equally • H0: Authority and Control comply equally • H0: Effect of Authority on compliance 5 Cyber-crime Science

  8. Results • 351 rooms targeted • N=118 (33,6%) populated • Demographics Targets • Female: 24 (20%) Male: 94 (80%) • Mage = 34, range (23-63) years • Overall compliance distribution • 52.5%/47.5% 5 Cyber-crime Science

  9. Results 5 Cyber-crime Science

  10. Results • Intervention distribution • 60%/40% • H0: Intervention and Control comply equally • χ²-test • Hypothesis rejected 5 Cyber-crime Science

  11. Results • Authority distribution • ≈50/50 • H0: Authority and Control comply equally • χ²-test • Hypothesis accepted 5 Cyber-crime Science

  12. Results • Effect of authority • Logistic Regression • Employees that did not get the intervention are 2.84 times morelikely to give their key away Give Key Intervention 5 Cyber-crime Science

  13. Results • Effect of authority • Logistic Regression • Employees that did not get the intervention are 2.84 times morelikely to give their key away • Authority: No effect Give Key Intervention Authority 5 Cyber-crime Science

  14. Results • Comments: • “Great test!” “Cool Experiment” “Interesting study” • “I had doubts” “Having an keychain is important” • “Suspicious looking box” • “Guy in suit looked LESS trustworthy” • “Asked for my ID” • “Trusted me since I looked friendly” • “I feel stupid” • “I didn’t wanted to give the key, but did it anyway” 5 Cyber-crime Science

  15. Take Home Message • Children, animals, people never react the way you want. • Limited availability in July and August • You are not important for others • …unless you want to break the system • 1/3 of employees works on a Wednesday in September • 2.84 times higher odds to get key if no intervention 5 Cyber-crime Science

  16. Charging Mobile Phone 10 Cyber-crime Science

  17. Charging Mobile Phone • What are the security considerations of the users of a public mobile phone charger? • What is the use rate of the device (per number of people at that location per hour), • Why do people use (or not) the system? • How do the safety perceptions of the current users differ between the former users and the non-users. • You are the researchers! 10 Cyber-crime Science

  18. Crime Prevention [Coz05] Cozens, P. M., Saville, G., & Hillier, D. (2005). Crime prevention through environmental design (CPTED): a review and modern bibliography. Property management, 23(5), 328-356. • CPTED Framework (Crime Prevention Through Environmental Design) • Activity Support • Eyes on the street • Unfortunately: also provides opportunity • Overall crimes are reduced by increasing activity 10 Cyber-crime Science

  19. Hypotheses • H0: Cabinets in busy and quite areas are equally used. • H0: Cabinets with surveillance (e.g. service desk) and with no surveillance are equally used. • H0: Cabinets in lunch hours (e.g. lunch) and lecture hours are equally used. 10 Cyber-crime Science

  20. Our Design • Researchers: You (Student) • Target: Fellow Students and Employee • Goal: Observe • Observe and interview people • Interface: Face 2 Face • Count people and short questionnaire 11 Cyber-crime Science

  21. Method : Our design • 2 experimental conditions • Users of the system / non users of the system • 6 locations • Experimental: Bastille, Hal-B, Horst and Spiegel • Control: ITC (city center), Ravelijn 12 Cyber-crime Science

  22. Method : Our procedure • Subjects from the experimental building • Teams of 1 researcher • One minute count: the people that pass-by • Approach users of the system • Subjects from the control building • Teams of 2 researchers • Interview people walking in the area • More details on the course-site 13 Cyber-crime Science

  23. What to do • Before Tuesday 9 September • Register in the Doodle • On 10, 17 (and 24) September • 09:30 - 09:50 Briefing at ZI4047 • Travel to location • 10:30 - 12:45 Experiment • 12:45 - 13:30 Break and travel • 13:30 - 15:45 Experiment part 2 15 Cyber-crime Science

  24. What to do • We have permission to do this only at • UT: Bastille, Hal-B, Horst, Ravelijn, Spiegel and ITC • Enter your data in SPSS • Directly after the attack • Come to me ZI4047 • Earn 0.5 (out of 10) bonus points 16 Cyber-crime Science

  25. Ethical issues • Informed consent not possible • Zero risk for the subjects • Approved by facility management • Consistent with data protection (PII form) • Approved by ethical committee, see http://www.utwente.nl/ewi/en/research/ethics_protocol/ 17 Cyber-crime Science

  26. Conclusion • Designing research involves: • Decide what data are needed • Decide how to collect the data • Use validated techniques where possible • Experimental Design, pilot, evaluate and improve • Training, data gathering 18 Cyber-crime Science

  27. [Cia09] R. B. Cialdini. Influence: The Psychology of Persuasion. Harper Collins, 2009. http://www.harpercollins.com/browseinside/index.aspx?isbn13=9780061241895 [Gre96a] T. Greening. Ask and ye shall receive: a study in 'social engineering'. SIGSAC Rev., 14(2):8-14, Apr 1996. http://doi.acm.org/10.1145/228292.228295 [Hof66] C. Hofling, E. Brotzman, S. Dalrymple, N. Graves, and C. Pierce. An experimental study in Nurse-Physician relationships. J. of Nervous & Mental Disease, 143(2):171-180, Aug 1966. Further Reading 19 Cyber-crime Science

More Related