Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT A. Martin Zeus-Brown Angus M Marshall University of Teesside.

Similar presentations


Presentation on theme: "SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT A. Martin Zeus-Brown Angus M Marshall University of Teesside."— Presentation transcript:

1 SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT A. Martin Zeus-Brown Angus M Marshall University of Teesside

2 Intro About me –My background –Research area’s Remote covert investigations Cyber crime Social engineering –This area is a new area that I’m interested in exploring and linking in with my other areas

3 Idea Looking at social engineering –Its move to the e-environment –The Technologies used –Avatars (e-presence) –Victims

4 Pre-Contact Social Engineering model Victim identification Desires identification Weakness identification Stage 1

5 Victim identification Victims can be: –A single target selection –A group selection –A localisation target Feed from intelligence –Selected to for fill a reward need –Selected due to a weakness –Random selection

6 Pre-Contact Social Engineering model Reward Attack type Vs. Victim Desires (Stage 1) Stage 2 Attack type identification

7 Attack type identification The attack type identification will affected by: –Previous attacks carried out (knowledge) –Ingenuity of the attacker (originality of attacks) Attackers ability (technical level of the attacks) –Attackers e- environment security –The common e-environment ie the game or forum –Victims expected knowledge (to evade/ignore the attack) Victims expected e-environment security

8 Attack type identification The attack (A) type identification will affected by: –Previous attacks carried out (knowledge) (C e ) –Ingenuity of the attacker (originality of attacks) (C e ) –Attackers ability (technical level of the attacks) (C e ) –Attackers e- environment security (C x g ) –The common e-environment ie the game or forum (C f ) –Victims expected knowledge (to evade/ignore the attack) (V e ) –Victims expected e-environment security (V g ) This can be mapped successfully to the cyber profiling formula proposed by Marshall Moore and Tompsett [ 2006] L=(C e x C f x A)/(V e x V g x C x g ) This could help us predict possible social engineering attacks as it seem to be the criminal is using this logic unwittingly already to select the best type of attack

9 Pre-Contact Social Engineering model Stage 1 knowledge Stage 2 knowledge Reward Vs. Risk Risk > reward Move back to stage 1 Risk < reward Proceed to 1 st contact Stage 3

10 How can Pre-contact information be obtained In the meat space environment –Dumpsters diving –Freedom of information –Public records –Word of mouth –Observation of activity The e-environment hold many similarities

11 e-Data sources Social network sites –Myspace –Facebook –etc Online games –World Of Warcraft “ researchers have claimed that WoW (and other MMOGs) can be used as a laboratory for studying human behaviour.” (J Bohannon 2008) –Age Of Conan –Dark Ages Of Camelot

12 The e-garbage Can While many people think a deleted web page has gone. –We know its not true Wayback Machine Archive-It Collections WebCite Even Google –cached:URL –Many more place’s as well such as proxy servers User’s webhistory etc

13 Social network sites You can gather huge amounts of information such as: –Name –Address –DOB –Phone number –Employer –School –Friends names –Likes and dislikes (possible password list)

14 Physical Network Data Collection The Physical network –WIFI sniffing This type of collection requires a medium to high level of technical knowledge and would suggest that the attacker has some prior knowledge –Man in the middle/Re-play attacks Again this requires a high level of technical knowledge

15 The uses The information + a little social engineering can result in: –Grooming. Leading child exploitation. –Fraud. including affects on e-economics and virtual economics [Castronova 2007] [ Castronova 2005] –Money laundering. –Terrorism. –Other linked crimes/acts

16 1 st contact Comparison meat space –Social compliance e-environment –Social compliance

17 Me, my virtual self and Avatar What is it

18 The e-presence Made up of 3 parts –The Avatar –The Persona –The e-self

19 What can be considered an avatar Still image. 3D model. –IP law starting to impact on avatar [Onishi H 2008]

20 What can be considered an Persona User name Nick name Any collection of data that the users want to represents them (or in some case’s how users feel’s at a given time)

21 What can be considered The e-self This is the actions that the operator or operators of the e- presence take: –Interacting with a playing in a game. –The wording of the post they make. Negatively or Positively –The good they purchase –Website’s they visit –Ect…

22 Victim Perceptions Victim ability to identify fraud in meat space vs. e-environment. –Victim’s see a lower threat to their avatar, due to: Little to no tactile ownership The removal of physical stimulus

23 Avatar ownership However the owners of avatars can build a very strong link to the avatar. –With arguments, fights and even death spilling over to meat space –“Feelings such as love, like, dislike, fear, hate or indifference drive the agents movements and affect an agent's reaction to an Inhabitant when in its vicinity” [Allen, R, 1998]

24 Further studies Furthers studies are needed to better understand –The link between meat space a e- environment susceptibility to social engineering –Avatar ownership –The link between e-self actions and choices and meat space action and choices

25 References Allen, R (1998) 'The Bush soul: Travelling consciousness in an unreal world', Digital Creativity, 9:1, 7 — 10 Castronova, E, "On Virtual Economies" July CESifo Working Paper Series No Available at SSRN: Castronova, E, Synthetic Worlds: The Business and Culture of Online Games 2005 Bower J M, " The Scientific Research Potential of Virtual Worlds" 27 July 2007, p. 472 Bohannon J, A TASTE OF THE GONZO SCIENTIST: Scientists Invade Azeroth, 20 June 2008 Science 320 (5883), [DOI: /science ] Kingsley, M (1899) West African Studies. London: Macmillan and Co., pp Criminalization of the internet an examination of illegal activity online, Proc EAFS 2006, Marshall M. Moore G. Tompsett B, 2006 MacKay M, World of Warcraft, could it be killing our teens. online:http://searchwarp.com/swa26182.htm last seen: 06/07/2008 Meier, C.A. (1986) Soul and Body. San Francisco: The Lapis Press, pp Onishi H, Who am I talking to?, Bileta 2008


Download ppt "SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT A. Martin Zeus-Brown Angus M Marshall University of Teesside."

Similar presentations


Ads by Google