Undermining

social engineering using open source intelligence gathering

Leslie D. Ball, Gavin Ewan, Natalie J. Coull

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)
130 Downloads (Pure)

Abstract

Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company’s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company’s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone’s password ‘over the shoulder’. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures.
Original languageEnglish
Title of host publicationProceedings of the International Conference on Knowledge Discovery and Information Retrieval
PublisherScitepress Digital Library
Pages275-280
Number of pages5
ISBN (Print)9789898565297
DOIs
Publication statusPublished - 2012
Event4th International Conference on Knowledge Discovery and Information Retrieval - Barcelona, Spain
Duration: 4 Oct 20127 Oct 2012

Conference

Conference4th International Conference on Knowledge Discovery and Information Retrieval
Abbreviated titleKDIR 2012
CountrySpain
CityBarcelona
Period4/10/127/10/12

Fingerprint

Personnel
Data privacy
Crime
Computer systems
Deposits
Engineers
Industry
Malware

Cite this

Ball, L. D., Ewan, G., & Coull, N. J. (2012). Undermining: social engineering using open source intelligence gathering. In Proceedings of the International Conference on Knowledge Discovery and Information Retrieval (pp. 275-280). Scitepress Digital Library. https://doi.org/10.5220/0004168802750280
Ball, Leslie D. ; Ewan, Gavin ; Coull, Natalie J. / Undermining : social engineering using open source intelligence gathering. Proceedings of the International Conference on Knowledge Discovery and Information Retrieval. Scitepress Digital Library, 2012. pp. 275-280
@inproceedings{94fef7a6498b485aacc64d218cb774d7,
title = "Undermining: social engineering using open source intelligence gathering",
abstract = "Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company’s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company’s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone’s password ‘over the shoulder’. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures.",
author = "Ball, {Leslie D.} and Gavin Ewan and Coull, {Natalie J.}",
year = "2012",
doi = "10.5220/0004168802750280",
language = "English",
isbn = "9789898565297",
pages = "275--280",
booktitle = "Proceedings of the International Conference on Knowledge Discovery and Information Retrieval",
publisher = "Scitepress Digital Library",

}

Ball, LD, Ewan, G & Coull, NJ 2012, Undermining: social engineering using open source intelligence gathering. in Proceedings of the International Conference on Knowledge Discovery and Information Retrieval. Scitepress Digital Library, pp. 275-280, 4th International Conference on Knowledge Discovery and Information Retrieval, Barcelona, Spain, 4/10/12. https://doi.org/10.5220/0004168802750280

Undermining : social engineering using open source intelligence gathering. / Ball, Leslie D.; Ewan, Gavin; Coull, Natalie J.

Proceedings of the International Conference on Knowledge Discovery and Information Retrieval. Scitepress Digital Library, 2012. p. 275-280.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Undermining

T2 - social engineering using open source intelligence gathering

AU - Ball, Leslie D.

AU - Ewan, Gavin

AU - Coull, Natalie J.

PY - 2012

Y1 - 2012

N2 - Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company’s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company’s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone’s password ‘over the shoulder’. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures.

AB - Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company’s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company’s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone’s password ‘over the shoulder’. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures.

U2 - 10.5220/0004168802750280

DO - 10.5220/0004168802750280

M3 - Conference contribution

SN - 9789898565297

SP - 275

EP - 280

BT - Proceedings of the International Conference on Knowledge Discovery and Information Retrieval

PB - Scitepress Digital Library

ER -

Ball LD, Ewan G, Coull NJ. Undermining: social engineering using open source intelligence gathering. In Proceedings of the International Conference on Knowledge Discovery and Information Retrieval. Scitepress Digital Library. 2012. p. 275-280 https://doi.org/10.5220/0004168802750280