A Taxonomy for Social Engineering attacks

As the technology to secure information improves, hackers will employ less technical means to get access to unauthorized data. The use of Social Engineering as a non tech method of hacking has been increasingly used during the past few years. There are different types of social engineering methods reported but what is lacking is a unifying effort to understand these methods in the aggregate. This paper aims to classify these methods through taxonomy so that organizations can gain a better understanding of these attack methods and accordingly be vigilant against them

Lo-Fi Matchmaking: A Study of Social Pairing for Backpackers

There is a new world emerging around mobile social networks and the technologies used to facilitate and mediate them. It is technically feasible for mobile social software such as pairing or matchmaking systems to introduce people to others and assist information exchange. However, little is known about the social structure of many mobile communities or why they would want pairing systems. When these systems are built, it is not clear what the social response by those communities will be or what the systems will be like to use in practice. While engaged in other work determining requirements for a mobile travel assistant we saw a potentially useful application for a pairing system to facilitate the exchange of travel information between backpackers. To explore this area, we designed two studies involving usage of a low-fidelity role prototype of a social pairing system for backpackers. Graphs of the resulting social pairings showed backpackers who were hubs in the network of travel information. It also demonstrated the effect of travel direction on information utility. Backpackers rated the utility of different pairing types, and provided feedback on the social implications of being paired based on travel histories. Practical usage of the social network pairing activity and the implications of broader societal usage are discussed

Socialbots and the Challenges of Cyberspace Awareness

As security communities brace for the emerging social automation based threats, we examine the mechanisms of developing situation awareness in cyberspace and the governance issues that socialbots bring into this existing paradigm of cyber situation awareness. We point out that an organisation's situation awareness in cyberspace is a phenomena fundamentally distinct from the original conception of situation awareness, requiring continuous data exchange and knowledge management where the standard implementation mechanisms require significant policy attention in light of threats like malicious social automation. We conceptualise Cyberspace Awareness as a socio-technical phenomena with Syntactic, Semantic, and Operatic dimensions - each subject to a number of stressors which are exacerbated under social automation based threats. The paper contributes to the ideas of situational awareness in cyberspace, and characterises the challenges therein around tackling the increasingly social and often pervasive, automation in cyber threat environments

Operationalizing Offensive Social Engineering for the Air Force

Social engineering is the art and science of persuading individuals to bypass in place security mechanisms causing the unintended release of information. It is a low tech solution to a high tech problem and is as much an art as a science. As is true of many such solutions, social engineering is both ill-defined yet extremely effective. Its low cost, high payoff nature makes it an extremely attractive alternative to adversaries that do not have access to all the resources of a nation state. However, with full backing, the weapon can become that much more effective. Social engineering is something the Department of Defense already does. All branches of the military have Red Teaming organizations that use social engineering methods as part of their mission to assess and improve internal security measures. While network and physical protection mechanisms have become more robust, the human remains the weak point of any defense, and social engineering will nearly always succeed. As the Air Force organizes, trains, and equips its new cyber warrior force, it will need to operationalize social engineering principles in order to grow a repeatable, sustainable capability. However social engineering remains a poorly defined concept for the Air Force in particular and the Department of Defense in general. It is some- thing practiced but on a limited scope and with little standardization. Despite its successes, social engineering has yet to achieve widespread acceptance. The focus of this paper is on the use of offensive social engineering. There are three main points. First, establish legitimacy and demonstrate that social engineering is in fact compatible with existing Air Force and Joint military doctrine. This is done with a thorough analysis of doctrine and historical writings about military deception, psychological operations, and related concepts

What is the impact of Information Systems on democracy promotion and the role in decision-making process

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementThis study aims to contribute to a better understanding of modern democracy and how democracy can be shaped by information systems solutions. We discuss the role of information systems and social media in democratic activities and how information systems can be a part of core democratic processes and contribute to finding solutions for some of the problems democracies face today. The main question being: how is democracy fostered by the introduction of information systems and the existing information systems platforms today? Several common problems of democracies will be identified, analyzed and paired with relevant information systems platforms or solutions resulting in a conceptual framework that nations can use to improve their democratic processes. Areas identified as relevant for the study are direct democracy using existing technological solutions, collaborative democracy, which would allow citizens to increase participation in the creation of laws, the allocation of budgets and online voting. Although it might not be possible to provide an exhaustive listing of all existing solution, due to the rapidly evolving nature of the information systems field, several existing solutions already provide interesting opportunities for the improvement of current democratic processes and if there was a wider adoption of these technologies it would improve the participation of citizens and reduce the increasing percentage of alienated citizens that abstain from taking part in the democratic process of their countries

Analyzing Social Engineering Research through Co-authorship Networks Using Scopus Database during 1926-2020

Purpose: Hacking the human brain and manipulating human trust to obtain information and get monetary gains is called social engineering. This study aims to visualize and analyze the co-authorship networks in the Scopus citation database's social engineering research from 1926 to 2020. Method: The present quantitative study used the bibliometric method and social network analysis. The study collected data from the Scopus database. A total number of 1994 records were taken as the sample of the study. Researchers used descriptive and inferential statistics and social network analysis to obtain results; to do this, different software types were used in the study (SPSS, Microsoft Excel, Text Statistics Analyzer, ISI.exe, Pajek, and VOSviewer). Findings: The findings indicate the top three sources of publishing and the related subject areas. Furthermore, the top three core authors and countries were identified. Also, the authors with high centrality measures in the co-authorship networks were identified. A large majority of papers had only one author. The Collaborative Coefficient among researchers was 0.36. Based on the results of Spearman's test, there was a significant association between the number of documents, the number of citations, and the rate of total link strength of the countries. Likewise, there was a positive and high significant association between degree and closeness centralities. Conclusion: The researchers' frequently used keywords in this area were social engineering, phishing, and information security; in addition, the frequency of keywords was not compatible with Zipf’s Law. A small sample of keywords will not properly follow Zipf’s distribution

The Internet as a Platform for Civic Engagement in Singapore

Master'sMASTER OF ART

Methods of Understanding and Designing For Mobile Communities

Society is increasingly on the move, mobile devices are commonly being used to coordinate group actions, and group communication features are rapidly being added to existing technologies. Despite this, little is known about how mobile groups act, or how communications technologies should be designed to augment existing behaviour. This is partially due to minimal research being done on the topic, but also to the lack of research methods available to study the topic with. Mobile groups are challenging to study because of frequent and long-duration movement, frequent distribution, and the rapidly changing environments they operate within. To address these issues, this research focuses on methodological issues surrounding the development of mobile devices for mobile groups and communities. More specifically it addresses backpackers, who are a relevant example of this type of community. The research primarily explores the convergence of computer supported cooperative work (CSCW) and the field of mobile device development. This enables the combination of emphasis on designing technologies for groups, social implications, mobile device design, and mobile settings. Major research outcomes presented in this thesis lie in three areas: 1) methods, 2) technology designs, and 3) backpacker culture. Five studies of backpacker behaviour and requirements form the core of the research. The methods used are in-situ and exploratory, and apply both novel and existing techniques to the domain of backpackers and mobile groups. Methods demonstrated in this research include: field trips for exploring mobile group behaviour and device usage, a social pairing exercise to explore social networks, contextual postcards to gain distributed feedback, and blog analysis which provides post-hoc diary data. Theoretical contributions include: observations on method triangulation, a taxonomy of mobility research, method templates to assist method usage, and identification of key categories leading to mobile group requirements. Design related outcomes include: 57 mobile tourism product ideas, a format for conveying product concepts, and a design for a wearable device to assist mobile researchers. Our understanding of backpacker culture has also improved as a consequence of the research. It has also generated user requirements to aid mobile development, methods of visualising mobile groups and communities, and a listing of relevant design tensions. Additionally, the research has added to our understanding of how new technologies such as blogs, SMS and iPods are being used by backpackers and how mobile groups naturally communicate

Social Engineering in the Information Age

This article explores the relevance of social engineering for thepostindustrial epoch. The concept of social engineering has beendormant in recent years, stained by the behavior of police statesin the 20th century. Yet stripped of its excesses, social engineeringstill represents a defensible moral and political enterprise. Whatis needed for the 21st century, however, is a chastened, deontologicaltheory of social engineering, one that accepts the inviolabilityof the person while still pursuing ambitious long-term teleologicalstrategies through state action. For its content, progressive informationsociety policy should revisit the ethical norms developedby the left-liberal tradition, as articulated by the late John Rawlsand others. The article concludes that the information age offers anew opportunity to engineer a just social order, or, at any rate, thatthe policymaking community needs to re evaluate the idea of socialengineering