Cyber-Deception and Attribution in Capture-the-Flag Exercises

Attributing the culprit of a cyber-attack is widely considered one of the major technical and policy challenges of cyber-security. The lack of ground truth for an individual responsible for a given attack has limited previous studies. Here, we overcome this limitation by leveraging DEFCON capture-the-flag (CTF) exercise data where the actual ground-truth is known. In this work, we use various classification techniques to identify the culprit in a cyberattack and find that deceptive activities account for the majority of misclassified samples. We also explore several heuristics to alleviate some of the misclassification caused by deception.Comment: 4 pages Short name accepted to FOSINT-SI 201

Cyberpsychology and Human Factors

The online environment has become a significant focus of the everyday behaviour and activities of individuals and organisations in contemporary society. The increasing mediation of communication has led to concerns about the potential risks and associated negative experiences which can occur to users, particularly children and young people. This is related to the emergence of the online environment as a location for criminal and abusive behaviour (e.g., harassment, sexual exploitation, fraud, hacking, malware). One of the key aspects of understanding online victimisation and engagement in criminal behaviours is the characteristics of online communication that are related to the affordances of the technologies, services and applications which constitute digital environments. The aim of this paper is to examine the influence of these characteristics on individual and group behaviour, as well as the associated opportunities for victimisation and criminal behaviour. These issues are of relevance for those involved in the design and implementation of technologies and services, as the ability to assess their potential use in this way can enhance strategies for improving the security of systems and users. It can also inform educational strategies for increasing user understanding of potential informational, privacy and personal risks, and associated steps to improve their security and privacy. Each of the main characteristics of mediated communication is examined, as well as their potential impact on individual and group behaviour, and associated opportunities for victimisation and offending. The article ends by considering the importance of recognising these issues when designing and implementing new technologies, services and applications

Fighting Authorship Linkability with Crowdsourcing

Massive amounts of contributed content -- including traditional literature, blogs, music, videos, reviews and tweets -- are available on the Internet today, with authors numbering in many millions. Textual information, such as product or service reviews, is an important and increasingly popular type of content that is being used as a foundation of many trendy community-based reviewing sites, such as TripAdvisor and Yelp. Some recent results have shown that, due partly to their specialized/topical nature, sets of reviews authored by the same person are readily linkable based on simple stylometric features. In practice, this means that individuals who author more than a few reviews under different accounts (whether within one site or across multiple sites) can be linked, which represents a significant loss of privacy. In this paper, we start by showing that the problem is actually worse than previously believed. We then explore ways to mitigate authorship linkability in community-based reviewing. We first attempt to harness the global power of crowdsourcing by engaging random strangers into the process of re-writing reviews. As our empirical results (obtained from Amazon Mechanical Turk) clearly demonstrate, crowdsourcing yields impressively sensible reviews that reflect sufficiently different stylometric characteristics such that prior stylometric linkability techniques become largely ineffective. We also consider using machine translation to automatically re-write reviews. Contrary to what was previously believed, our results show that translation decreases authorship linkability as the number of intermediate languages grows. Finally, we explore the combination of crowdsourcing and machine translation and report on the results