Undermining: social engineering using open source intelligence gathering

Leslie Ball; Gavin Ewan; Natalie Coull

doi:10.5220/0004168802750280

Undermining: social engineering using open source intelligence gathering

Leslie Ball, Gavin Ewan, Natalie Coull

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

11 Citations (Scopus)

777 Downloads (Pure)

Abstract

Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company’s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company’s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone’s password ‘over the shoulder’. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures.

Original language	English
Title of host publication	Proceedings of the International Conference on Knowledge Discovery and Information Retrieval
Editors	Ana Fred, Joaquim Filipe
Publisher	Scitepress Digital Library
Pages	275-280
Number of pages	6
Volume	1: KDIR
ISBN (Print)	9789898565297
DOIs	https://doi.org/10.5220/0004168802750280
Publication status	Published - 2012
Event	4th International Conference on Knowledge Discovery and Information Retrieval - Barcelona, Spain Duration: 4 Oct 2012 → 7 Oct 2012

Conference

Conference	4th International Conference on Knowledge Discovery and Information Retrieval
Abbreviated title	KDIR 2012
Country/Territory	Spain
City	Barcelona
Period	4/10/12 → 7/10/12

Keywords

Social engineering
Cognitive hacking
Open source intelligence
Phishing
Data Mining
Visualisation

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.5220/0004168802750280Licence: CC BY-NC-ND

Ball_Undermining_Published_2012Final published version, 2.7 MBLicence: CC BY-NC-ND

Cite this

@inproceedings{94fef7a6498b485aacc64d218cb774d7,

title = "Undermining: social engineering using open source intelligence gathering",

abstract = "Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company{\textquoteright}s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company{\textquoteright}s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone{\textquoteright}s password {\textquoteleft}over the shoulder{\textquoteright}. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures.",

author = "Leslie Ball and Gavin Ewan and Natalie Coull",

year = "2012",

doi = "10.5220/0004168802750280",

language = "English",

isbn = "9789898565297",

volume = "1: KDIR",

pages = "275--280",

editor = "Ana Fred and Joaquim Filipe",

booktitle = "Proceedings of the International Conference on Knowledge Discovery and Information Retrieval",

publisher = "Scitepress Digital Library",

note = "4th International Conference on Knowledge Discovery and Information Retrieval, KDIR 2012 ; Conference date: 04-10-2012 Through 07-10-2012",

}

Ball, L, Ewan, G & Coull, N 2012, Undermining: social engineering using open source intelligence gathering. in A Fred & J Filipe (eds), Proceedings of the International Conference on Knowledge Discovery and Information Retrieval. vol. 1: KDIR, Scitepress Digital Library, pp. 275-280, 4th International Conference on Knowledge Discovery and Information Retrieval, Barcelona, Spain, 4/10/12. https://doi.org/10.5220/0004168802750280

Undermining: social engineering using open source intelligence gathering. / Ball, Leslie; Ewan, Gavin; Coull, Natalie.
Proceedings of the International Conference on Knowledge Discovery and Information Retrieval. ed. / Ana Fred; Joaquim Filipe. Vol. 1: KDIR Scitepress Digital Library, 2012. p. 275-280.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Undermining

T2 - 4th International Conference on Knowledge Discovery and Information Retrieval

AU - Ball, Leslie

AU - Ewan, Gavin

AU - Coull, Natalie

PY - 2012

Y1 - 2012

N2 - Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company’s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company’s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone’s password ‘over the shoulder’. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures.

AB - Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company’s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company’s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone’s password ‘over the shoulder’. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures.

U2 - 10.5220/0004168802750280

DO - 10.5220/0004168802750280

M3 - Conference contribution

SN - 9789898565297

VL - 1: KDIR

SP - 275

EP - 280

BT - Proceedings of the International Conference on Knowledge Discovery and Information Retrieval

A2 - Fred, Ana

A2 - Filipe, Joaquim

PB - Scitepress Digital Library

Y2 - 4 October 2012 through 7 October 2012

ER -

Undermining: social engineering using open source intelligence gathering

Abstract

Conference

Keywords

UN SDGs

Access to Document

Fingerprint

Cite this