 |
”Much like the current botnets, which are threatening due to their size and network communicating possibilities, the automated social engineering bots will be threatening due to the fact that they will
know so many people and so much about them. Their threat will lie in abusing the social networks, and not the Internet traffic networks." Nohlberg 2008
Abstract-- Automated social engineering (ASE) takes the classical social engineering attack one step further and makes it a time efficient and thus cheap attack. ASE is enabled through social networking sites (SNSs) which entail a pool of digitized personal information which make traditional social engineering approaches such as dumpster diving obsolete. We created a proof of concept ASE bot on the basis of Facebook
which is one of the biggest SNSs at the time of writing. In order to
evaluate the feasibility of ASE attacks on Facebook we conducted two
experiments on the basis of our ASE bot implementation. In the first
experiment we evaluated the information gathering functionalities of
the ASE bot on basis of five Swedish multinational corporations.
Although our application on average found more than eight possible
targets per organization, the actual number was dependent on the
organization's network size in Facebook and the privacy awareness of
their employees. In the second experiment we performed a Turing test
were twenty test subjects had to decide if they were talking to a real person
or to the ASE bot. The test subjects in generally were able to identify
the ASE bot with a high probability. Although Facebook has a number of
protective measures in place the ASE bot did not get detected or
blocked during our experiments simply because it aimed at simulating an average Facebook user.
Our results in conclusion showed that ASE bots are feasible from a
technical standpoint and that existing chatbots need to be adapted for
social networking services. |
Publications
Nohlberg,
M., Kowalski, S. & Huber, M. (2008) Measuring Readiness for
Automated Social Engineering.
In Proceedings of the 7th Annual Security
Conference. Las Vegas, USA, June 2008.
@InProceedings{ nohlberghuber2008,
title = "{Measuring Readiness for Automated Social Engineering}",
author = "Marcus Nohlberg and Stewart Kowalski and Markus Huber",
month = jun,
year = "2008",
booktitle = "In CD ROM Proceedings of the 7th Security Conference",
location = "Las Vegas, USA",
isbn = "978-1-935160-01-4",
pages = "20.1--20.13."
}
Automated Social Engineering PoC, Masters thesis, DSV SecLab, SU/KTH Stockholm, Sweden
Automated Social Engineering PoC by Markus Huber is licensed under a Creative Commons Attribution-Noncommercial 3.0 Austria License.
Permissions beyond the scope of this license may be available at http://asebot.nysos.net
@MastersThesis{ ASEthesis09,
title = "Automated Social Engineering, Proof of Concept",
author = "Markus Huber",
school = "DSV SecLab, Stockholm University/Royal Institute of Technology",
month = mar,
year = "2009",
url = "http://asebot.nysos.net"
}
Towards Automating Social Engineering Using Social Networking Sites, PASSAT2009, Vancouver, CA
@article{
10.1109/CSE.2009.205,
author = {Markus Huber and Stewart Kowalski and Marcus Nohlberg and Simon Tjoa},
title = {Towards Automating Social Engineering Using Social Networking Sites},
journal ={Computational Science and Engineering, IEEE International Conference on},
volume = {3},
year = {2009},
isbn = {978-0-7695-3823-5},
pages = {117-124},
doi = {http://doi.ieeecomputersociety.org/10.1109/CSE.2009.205},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}Related WorkTobias Lauinger, Veikko Pankakoski, Davide Balzarotti, Engin Kirda,
Honeybot: Your Man in the Middle for Automated Social Engineering, 3rd
USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San
Jose, April 2010
Contact[Image Copyright:
http://www.flickr.com/photos/warmnfuzzy/466382462/sizes/m/]
|
Attachments (3)
-
ASE_PASSAT09_preprint.pdf - on Jul 5, 2009 11:53 PM by Markus Huber (version 1)
1047k
Download
-
Measuring Readiness against Automated Social Engineering_2008_final_93.pdf - on Apr 19, 2010 6:55 AM by Markus Huber (version 1)
167k
Download
-
thesis_ASE-PoC_MHuber.pdf - on Mar 31, 2009 3:29 PM by Markus Huber (version 3 / earlier versions)
1830k
Download
|