Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT A. Martin Zeus-Brown Angus M Marshall University of Teesside.

Published bySonya Maple Modified over 9 years ago

Similar presentations

Presentation on theme: "SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT A. Martin Zeus-Brown Angus M Marshall University of Teesside."— Presentation transcript:

1 SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT A. Martin Zeus-Brown Angus M Marshall University of Teesside

2 Intro About me –My background –Research area’s Remote covert investigations Cyber crime Social engineering –This area is a new area that I’m interested in exploring and linking in with my other areas

3 Idea Looking at social engineering –Its move to the e-environment –The Technologies used –Avatars (e-presence) –Victims

4 Pre-Contact Social Engineering model Victim identification Desires identification Weakness identification Stage 1

5 Victim identification Victims can be: –A single target selection –A group selection –A localisation target Feed from intelligence –Selected to for fill a reward need –Selected due to a weakness –Random selection

6 Pre-Contact Social Engineering model Reward Attack type Vs. Victim Desires (Stage 1) Stage 2 Attack type identification

7 Attack type identification The attack type identification will affected by: –Previous attacks carried out (knowledge) –Ingenuity of the attacker (originality of attacks) Attackers ability (technical level of the attacks) –Attackers e- environment security –The common e-environment ie the game or forum –Victims expected knowledge (to evade/ignore the attack) Victims expected e-environment security

8 Attack type identification The attack (A) type identification will affected by: –Previous attacks carried out (knowledge) (C e ) –Ingenuity of the attacker (originality of attacks) (C e ) –Attackers ability (technical level of the attacks) (C e ) –Attackers e- environment security (C x g ) –The common e-environment ie the game or forum (C f ) –Victims expected knowledge (to evade/ignore the attack) (V e ) –Victims expected e-environment security (V g ) This can be mapped successfully to the cyber profiling formula proposed by Marshall Moore and Tompsett [ 2006] L=(C e x C f x A)/(V e x V g x C x g ) This could help us predict possible social engineering attacks as it seem to be the criminal is using this logic unwittingly already to select the best type of attack

9 Pre-Contact Social Engineering model Stage 1 knowledge Stage 2 knowledge Reward Vs. Risk Risk > reward Move back to stage 1 Risk < reward Proceed to 1 st contact Stage 3

10 How can Pre-contact information be obtained In the meat space environment –Dumpsters diving –Freedom of information –Public records –Word of mouth –Observation of activity The e-environment hold many similarities

11 e-Data sources Social network sites –Myspace –Facebook –etc Online games –World Of Warcraft “ researchers have claimed that WoW (and other MMOGs) can be used as a laboratory for studying human behaviour.” (J Bohannon 2008) –Age Of Conan –Dark Ages Of Camelot

12 The e-garbage Can While many people think a deleted web page has gone. –We know its not true Wayback Machine Archive-It Collections WebCite Even Google –cached:URL –Many more place’s as well such as proxy servers User’s webhistory etc

13 Social network sites You can gather huge amounts of information such as: –Name –Address –DOB –Phone number –Employer –School –Friends names –Likes and dislikes (possible password list)

14 Physical Network Data Collection The Physical network –WIFI sniffing This type of collection requires a medium to high level of technical knowledge and would suggest that the attacker has some prior knowledge –Man in the middle/Re-play attacks Again this requires a high level of technical knowledge

15 The uses The information + a little social engineering can result in: –Grooming. Leading child exploitation. –Fraud. including affects on e-economics and virtual economics [Castronova 2007] [ Castronova 2005] –Money laundering. –Terrorism. –Other linked crimes/acts

16 1 st contact Comparison meat space –Social compliance e-environment –Social compliance

17 Me, my virtual self and Avatar What is it

18 The e-presence Made up of 3 parts –The Avatar –The Persona –The e-self

19 What can be considered an avatar Still image. 3D model. –IP law starting to impact on avatar [Onishi H 2008]

20 What can be considered an Persona User name Nick name Any collection of data that the users want to represents them (or in some case’s how users feel’s at a given time)

21 What can be considered The e-self This is the actions that the operator or operators of the e- presence take: –Interacting with a playing in a game. –The wording of the post they make. Negatively or Positively –The good they purchase –Website’s they visit –Ect…

22 Victim Perceptions Victim ability to identify fraud in meat space vs. e-environment. –Victim’s see a lower threat to their avatar, due to: Little to no tactile ownership The removal of physical stimulus

23 Avatar ownership However the owners of avatars can build a very strong link to the avatar. –With arguments, fights and even death spilling over to meat space –“Feelings such as love, like, dislike, fear, hate or indifference drive the agents movements and affect an agent's reaction to an Inhabitant when in its vicinity” [Allen, R, 1998]

24 Further studies Furthers studies are needed to better understand –The link between meat space a e- environment susceptibility to social engineering –Avatar ownership –The link between e-self actions and choices and meat space action and choices

25 References Allen, R (1998) 'The Bush soul: Travelling consciousness in an unreal world', Digital Creativity, 9:1, 7 — 10 Castronova, E, "On Virtual Economies" July 2002. CESifo Working Paper Series No. 752. Available at SSRN: Castronova, E, Synthetic Worlds: The Business and Culture of Online Games 2005 Bower J M, " The Scientific Research Potential of Virtual Worlds" 27 July 2007, p. 472 Bohannon J, A TASTE OF THE GONZO SCIENTIST: Scientists Invade Azeroth, 20 June 2008 Science 320 (5883), 1592. [DOI: 10.1126/science.1161351] Kingsley, M (1899) West African Studies. London: Macmillan and Co., pp. 199-209. Criminalization of the internet an examination of illegal activity online, Proc EAFS 2006, Marshall M. Moore G. Tompsett B, 2006 MacKay M, World of Warcraft, could it be killing our teens. online:http://searchwarp.com/swa26182.htm last seen: 06/07/2008 Meier, C.A. (1986) Soul and Body. San Francisco: The Lapis Press, pp. 268-277. Onishi H, Who am I talking to?, Bileta 2008

Download ppt "SOCIAL ENGINEERING IN A DIGITAL ENVIRONMENT A. Martin Zeus-Brown Angus M Marshall University of Teesside."

Similar presentations

1 Using ICT in Geography Workshop Themes Learning Online Citizenship, Europe and identity Networking, you and your schools Virtual Globes and geo-information.

1 Using ICT in Geography Workshop Themes Learning Online Citizenship, Europe and identity Networking, you and your schools Virtual Globes and geo-information.
Identity Theft and Online Identity Solutions Heidi Inman May 29, 2008.

Identity Theft and Online Identity Solutions Heidi Inman May 29, 2008.
Web Mining.

Web Mining.
CS5038 The Electronic Society Lecture: Social Networking Lecture Outline Social Networking Service Social Networking Sites –Bebo –Friendster –MySpace Social.

CS5038 The Electronic Society Lecture: Social Networking Lecture Outline Social Networking Service Social Networking Sites –Bebo –Friendster –MySpace Social.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
What is MySpace MySpace is a free online community composed of personal profiles aimed foremostly at a younger membership. A MySpace profile typically.

What is MySpace MySpace is a free online community composed of personal profiles aimed foremostly at a younger membership. A MySpace profile typically.
On-line Child Protection Year 10 E-safety. E-safety awareness and guidance is directly taught the Year 10 PSHE programme and ICT course. Safeguarding.

On-line Child Protection Year 10 E-safety. E-safety awareness and guidance is directly taught the Year 10 PSHE programme and ICT course. Safeguarding.
CS5038 The Electronic Society Lecture: Social Networking Lecture Outline Social Networking Service Social Networking Sites –Bebo –Friendster –MySpace –Facebook.

CS5038 The Electronic Society Lecture: Social Networking Lecture Outline Social Networking Service Social Networking Sites –Bebo –Friendster –MySpace –Facebook.
Internet Investigations COEN 252 Computer Forensics  Thomas Schwarz, S.J. 2006.

Internet Investigations COEN 252 Computer Forensics  Thomas Schwarz, S.J
Coxheath Primary School E-safety- Term 3 2013. Purpose To outline the use of the internet in school The use of the internet outside school What are the.

Coxheath Primary School E-safety- Term Purpose To outline the use of the internet in school The use of the internet outside school What are the.
1 What is the Internet Archive We are a Digital Library Mission Statement: Universal access to human knowledge Founded in 1996 by Brewster Kahle in San.

1 What is the Internet Archive We are a Digital Library Mission Statement: Universal access to human knowledge Founded in 1996 by Brewster Kahle in San.
What Anyone Can Know The Privacy Risks of Social Networking Sites. Thelma Ameyaw TEL2813.

What Anyone Can Know The Privacy Risks of Social Networking Sites. Thelma Ameyaw TEL2813.
Your Potential as an Entrepreneur

Your Potential as an Entrepreneur
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
A PARENT’S GUIDE TO INTERNET SAFETY KEEPING YOUR CHILD SAFE.

A PARENT’S GUIDE TO INTERNET SAFETY KEEPING YOUR CHILD SAFE.
Outline of presentation Brief introduction of Facebook as a social networking tool Research questions Methods Findings and Results Some Experimentation.

Outline of presentation Brief introduction of Facebook as a social networking tool Research questions Methods Findings and Results Some Experimentation.
Art and Science of Social Computing London, October 4, 2010 Natasa Milic-Frayling Microsoft Research Vodafone Lecture Series Royal Academy of Engineering.

Art and Science of Social Computing London, October 4, 2010 Natasa Milic-Frayling Microsoft Research Vodafone Lecture Series Royal Academy of Engineering.
Personal Transparency and self- analytic tools for online habits Mark Johnson David Sherlock David Griffiths The Institute for Educational Cybernetics.

Personal Transparency and self- analytic tools for online habits Mark Johnson David Sherlock David Griffiths The Institute for Educational Cybernetics.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

Similar presentations

Ads by Google