1 / 25

SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT

SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT. A. Martin Zeus-Brown Angus M Marshall University of Teesside. Intro. About me My background Research area’s Remote covert investigations Cyber crime Social engineering

junior
Télécharger la présentation

SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT A. Martin Zeus-Brown Angus M Marshall University of Teesside

  2. Intro • About me • My background • Research area’s • Remote covert investigations • Cyber crime • Social engineering • This area is a new area that I’m interested in exploring and linking in with my other areas

  3. Idea • Looking at social engineering • Its move to the e-environment • The Technologies used • Avatars (e-presence) • Victims

  4. Pre-Contact Social Engineering model Victim identification Stage 1 Desires identification Weakness identification

  5. Victim identification Victims can be: A single target selection A group selection A localisation target Feed from intelligence Selected to for fill a reward need Selected due to a weakness Random selection

  6. Pre-Contact Social Engineering model Attack type identification Stage 2 Attack type Vs. Victim Desires (Stage 1) Reward

  7. Attack type identification The attack type identification will affected by: Previous attacks carried out (knowledge) Ingenuity of the attacker (originality of attacks) Attackers ability (technical level of the attacks) Attackers e- environment security The common e-environment ie the game or forum Victims expected knowledge (to evade/ignore the attack) Victims expected e-environment security

  8. Attack type identification The attack (A) type identification will affected by: Previous attacks carried out (knowledge) (Ce) Ingenuity of the attacker (originality of attacks) (Ce) Attackers ability (technical level of the attacks) (Ce) Attackers e- environment security (Cxg) The common e-environment ie the game or forum (Cf ) Victims expected knowledge (to evade/ignore the attack) (Ve) Victims expected e-environment security (Vg) This can be mapped successfully to the cyber profiling formula proposed by Marshall Moore and Tompsett [ 2006] L=(Ce x Cf x A)/(Ve x Vg x C xg) This could help us predict possible social engineering attacks as it seem to be the criminal is using this logic unwittingly already to select the best type of attack

  9. Pre-Contact Social Engineering model Stage 1 knowledge Stage 2 knowledge Reward Vs. Risk Stage 3 Risk > reward Move back to stage 1 Risk < reward Proceed to 1st contact

  10. How can Pre-contact information be obtained • In the meat space environment • Dumpsters diving • Freedom of information • Public records • Word of mouth • Observation of activity • The e-environment hold many similarities

  11. e-Data sources • Social network sites • Myspace • Facebook • etc • Online games • World Of Warcraft “researchers have claimed that WoW (and other MMOGs) can be used as a laboratory for studying human behaviour.” (J Bohannon 2008) • Age Of Conan • Dark Ages Of Camelot

  12. The e-garbage Can • While many people think a deleted web page has gone. • We know its not true • Wayback Machine • Archive-It Collections • WebCite • Even Google • cached:URL • Many more place’s as well such as • proxy servers • User’s webhistory • etc

  13. Social network sites • You can gather huge amounts of information such as: • Name • Address • DOB • Phone number • Employer • School • Friends names • Likes and dislikes (possible password list)

  14. Physical Network Data Collection The Physical network WIFI sniffing This type of collection requires a medium to high level of technical knowledge and would suggest that the attacker has some prior knowledge Man in the middle/Re-play attacks Again this requires a high level of technical knowledge

  15. The uses • The information + a little social engineering can result in: • Grooming. • Leading child exploitation. • Fraud. • including affects on e-economics and virtual economics [Castronova 2007] [ Castronova 2005] • Money laundering. • Terrorism. • Other linked crimes/acts

  16. 1st contact Comparison • meat space • Social compliance • e-environment • Social compliance

  17. Me, my virtual self and Avatar What is it

  18. The e-presence Made up of 3 parts The Avatar The Persona The e-self

  19. What can be considered an avatar • Still image. • 3D model. • IP law starting to impact on avatar [Onishi H 2008]

  20. What can be considered anPersona User name Nick name Any collection of data that the users want to represents them (or in some case’s how users feel’s at a given time)

  21. What can be considered The e-self • This is the actions that the operator or operators of the e-presence take: • Interacting with a playing in a game. • The wording of the post they make. • Negatively or Positively • The good they purchase • Website’s they visit • Ect…

  22. Victim Perceptions • Victim ability to identify fraud in meat space vs. e-environment. • Victim’s see a lower threat to their avatar, due to: • Little to no tactile ownership • The removal of physical stimulus

  23. Avatar ownership However the owners of avatars can build a very strong link to the avatar. With arguments, fights and even death spilling over to meat space “Feelings such as love, like, dislike, fear, hate or indifference drive the agents movements and affect an agent's reaction to an Inhabitant when in its vicinity” [Allen, R, 1998]

  24. Further studies • Furthers studies are needed to better understand • The link between meat space a e-environment susceptibility to social engineering • Avatar ownership • The link between e-self actions and choices and meat space action and choices

  25. References • Allen, R (1998) 'The Bush soul: Travelling consciousness in an unreal world', Digital Creativity, 9:1, 7 — 10 • Castronova, E, "On Virtual Economies" July 2002. CESifo Working Paper Series No. 752. Available at SSRN: • Castronova, E,Synthetic Worlds: The Business and Culture of Online Games 2005 • Bower J M, "The Scientific Research Potential of Virtual Worlds" 27 July 2007, p. 472 • Bohannon J, A TASTE OF THE GONZO SCIENTIST: Scientists Invade Azeroth , 20 June 2008Science 320 (5883), 1592. [DOI: 10.1126/science.1161351] • Kingsley, M (1899) West African Studies. London: Macmillan and Co., pp. 199-209. • Criminalization of the internet an examination of illegal activity online, Proc EAFS 2006 , Marshall M. Moore G. Tompsett B, 2006 • MacKay M, World of Warcraft, could it be killing our teens. online:http://searchwarp.com/swa26182.htm last seen: 06/07/2008 • Meier, C.A. (1986) Soul and Body. San Francisco: The Lapis Press, pp. 268-277. • Onishi H, Who am I talking to?, Bileta 2008

More Related