A cultural exploration of the social media manipulators

The widespread use of Internet social media sites for the production and dissemination of propaganda continues to grow and gather attention. Social media sites spread information faster and wider than those institutions and methods historically limited to state-affiliated organizations. There are several characteristics that are unique to virtual space and make the production and dissemination of propaganda different; they include the Internet’s global reach, the recipient’s apparent trust placed in information source as well as the information sources, and the low cost of participation. Thus, the use of social media as a method to spread misleading information exploits trust relationships between the reader and the source. Although propaganda is a weapon with a long history in war, in the 21st century, the delivery and distribution of propaganda through the trusted channel of social media is markedly different than what was historically observed. We investigated the relationships among state-affiliated actors who use social media to produce and distribute propaganda along with their national cultural values. Prior research inferred a link between culture and social media usage (Hofstede et al., 2010; Sample & Karamanian 2014). Specifically, Hofstede et al. (2010) contended that cultures that are more masculine use the Internet for information seeking, whereas more feminine-oriented cultures use social media sites for sharing information, seeking to build better “trusting” relationships. We sought to explore whether masculine countries would leverage the trust relationships that are present with social media users to further the reach of state-affiliated propaganda. We built upon Bradshaw & Howard’s (2017) study on propaganda purveyors, which examined preferred social media deployment techniques across 29 different countries. Using previously published methods, we examined associations with culture using Hofestede’s scale. Since masculine countries have previously been associated with information-seeking behaviors, we sought to explore the potential that more masculine cultural values are associated with greater information-shaping and -distributing behaviors compared with more feminine cultural values. The results showed a strong difference in distributions, countries that deployed fake news via social media tended to have more masculine cultural values. Moderate differences were observed in other cultural values, purveyors of social media propaganda exhibited more authoritarianism and uncertainty avoidance. These findings suggest that specific cultural values associate with the distrubtion of fake news, indicating that culturally aware responses may be more effective when responding to these events

A cultural exploration of social media manipulators

Internet social media sites enable the rapid and widespread production and dissemi- nation of propaganda. Although propaganda has a long history in warfare, the spreading of propaganda via social media is markedly different from past distribution methods. The authors investigated the relationships between state-affiliated actors who use social media to produce and distribute propaganda and their national cultural values. The results showed that countries that deployed fake news via social media tended to have more masculine cultural values. These findings suggest that specific cultural values are associated with fake news distribution, which may indicate that culturally aware responses may be more effective in responding to propaganda

"It may take ages":understanding human-centred lateral phishing attack detection in organisations

Smartphones are a central part of modern life and contain vast amounts of personal and professional data as well as access to sensitive features such as banking and financial apps. As such protecting our smartphones from unauthorised access is of great importance, and users prioritise this over protecting their devices against digital security threats. Previous research has explored user experiences of unauthorised access to their smartphone – though the vast majority of these cases involve an attacker who is known to the user and knows an unlock code for the device. We presented 374 participants with a scenario concerning the loss of their smartphone in a public place. Participants were allocated to one of 3 scenario groups where a different unknown individual with malicious intentions finds the device and attempts to gain access to its contents. After exposure, we ask participants to envision a case where someone they know has a similar opportunity to attempt to gain access to their smartphone. We compare these instances with respect to differences in the motivations of the attacker, their skills and their knowledge of the user. We find that participants underestimate how commonly people who know them may be able to guess their PIN and overestimate the extent to which smartphones can be ‘hacked into’. We discuss how concerns over the severity of an attack may cloud perceptions of its likelihood of success, potentially leading users to underestimate the likelihood of unauthorised access occurring from known attackers who can utilize personal knowledge to guess unlock codes

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

Modeling Deception for Cyber Security

In the era of software-intensive, smart and connected systems, the growing power and so- phistication of cyber attacks poses increasing challenges to software security. The reactive posture of traditional security mechanisms, such as anti-virus and intrusion detection systems, has not been sufficient to combat a wide range of advanced persistent threats that currently jeopardize systems operation. To mitigate these extant threats, more ac- tive defensive approaches are necessary. Such approaches rely on the concept of actively hindering and deceiving attackers. Deceptive techniques allow for additional defense by thwarting attackers’ advances through the manipulation of their perceptions. Manipu- lation is achieved through the use of deceitful responses, feints, misdirection, and other falsehoods in a system. Of course, such deception mechanisms may result in side-effects that must be handled. Current methods for planning deception chiefly portray attempts to bridge military deception to cyber deception, providing only high-level instructions that largely ignore deception as part of the software security development life cycle. Con- sequently, little practical guidance is provided on how to engineering deception-based techniques for defense. This PhD thesis contributes with a systematic approach to specify and design cyber deception requirements, tactics, and strategies. This deception approach consists of (i) a multi-paradigm modeling for representing deception requirements, tac- tics, and strategies, (ii) a reference architecture to support the integration of deception strategies into system operation, and (iii) a method to guide engineers in deception mod- eling. A tool prototype, a case study, and an experimental evaluation show encouraging results for the application of the approach in practice. Finally, a conceptual coverage map- ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan- tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais de segurança, como os sistemas antivírus e de detecção de intrusão, não têm sido suficien- tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas de software actuais. Para mitigar estas ameaças são necessárias abordagens ativas de defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os adversários (do inglês deception). As técnicas de enganação (em português, "ato ou efeito de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa frustrando o avanço dos atacantes por manipulação das suas perceções. A manipula- ção é conseguida através de respostas enganadoras, de "fintas", ou indicações erróneas e outras falsidades adicionadas intencionalmente num sistema. É claro que esses meca- nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas técnicas da área militar, fornecendo apenas instruções de alto nível que ignoram, em grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software seguro. Consequentemente, há poucas referências práticas em como gerar técnicas de defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda- gem sistemática para especificar e desenhar requisitos, táticas e estratégias de enganação cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re- presentar requisitos, táticas e estratégias de enganação, (ii) uma arquitetura de referência para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó- tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores para a aplicação da abordagem na prática. Finalmente, a expressividade da linguagem de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos

Gamification of Cyber Security Awareness : A Systematic Review of Games

The frequency and severity of cyber-attacks have increased over the years with damaging consequences such as financial loss, reputational damage, and loss of sensitive data. Most of these attacks can be attributed to user error. To minimize these errors, cyber security awareness training is conducted to improve user awareness. Cyber security awareness training that is engaging, fun, and motivating is required to ensure that the awareness message gets through to users. Gamification is one such method by which cyber security awareness training can be made fun, engaging, and motivating. This thesis presents the state of the art of games used in cyber security awareness. In this regard, a systematic review of games following PRISMA guidelines was conducted on the relevant papers published between 2010 to 2021. The games were analyzed based on their purpose, cyber security topics taught, target audience, deployment methods, game genres implemented and learning mechanics applied. Analysis of these games revealed that cyber security awareness games are mostly deployed as computer games, targeted at the general public to create awareness in a wide range of cyber security topics. Most of the games implement the role-playing genre and apply demonstration learning mechanics to deliver their cyber security awareness message effectively

Computations in the social brain

This thesis consists of three empirical chapters that investigate elements of human social behavior, adherence to and violations of social norms, and the computational and neurological underpinnings thereof. I focus on three behavioral paradigms in particular – the attacker-defender contest, the trust game, and the ultimatum game – which model asymmetrical conflicts, generosity and reciprocity, and norms of fairness, respectively. Ultimately, each chapter acts as a building block contributing a different perspective to the study of human sociality. Using economic games, computational models based on the principle of utility, and model-based neuroimaging, my research contributes to the scientific endeavor working to crack the “elaborate and secret code that is written nowhere, known by none, and understood by all” (Sapir, 1927, p.137)Social decision makin

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management