Towards automating social engineering using social networking sites
2009 (English)In: Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009, 2009, 117-124 p.Conference paper (Refereed)
A growing number of people use social networking sites to foster social relationships among each other. While the advantages of the provided services are obvious, drawbacks on a users' privacy and arising implications are often neglected. In this paper we introduce a novel attack called automated social engineering which illustrates how social networking sites can be used for social engineering. Our approach takes classical social engineering one step further by automating tasks which formerly were very time-intensive. In order to evaluate our proposed attack cycle and our prototypical implementation (ASE bot), we conducted two experiments. Within the first experiment we examine the information gathering capabilities of our bot. The second evaluation of our prototype performs a Turing test. The promising results of the evaluation highlight the possibility to efficiently and effectively perform social engineering attacks by applying automated social engineering bots.
Place, publisher, year, edition, pages
2009. 117-124 p.
Automated social engineering, Deception, Security, Social engineering, Social networking sites
Other Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-153511DOI: 10.1109/CSE.2009.205ScopusID: 2-s2.0-70849122971ISBN: 978-076953823-5OAI: oai:DiVA.org:kth-153511DiVA: diva2:753834
2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009, 29 August 2009 through 31 August 2009, Vancouver, BC, Canada
QC 201410092014-10-092014-10-062014-10-09Bibliographically approved