Automating social engineering

Alexandru Catalin Cosoi BitDefender
Daniel Dichiu BitDefender

Social engineering is the act of manipulating people into performing certain actions or divulging specific confidential information by using social and psychological skills or specific crafted messages rather than by breaking in or using complicated hacking techniques. For maximum success, socially engineered attacks need to satisfy three important attributes: credibility, context and background.

While this phenomenon has existed since the invention of language and the success rate is considerable high, there is also a major drawback that has prevented large-scale usage of this technique. In order to become proficient in all three important aspects related to social engineering, a considerable amount of research is required, and in most cases it can only be done by using 'peopleware'. This approach has proved to be very inefficient so far, as the resources involved surpass by far the return of investment.

However, with the evolution of social networks, the constantly growing smartphone market share and the continuous interest in natural language processing techniques, automating social engineering is no longer science fiction.

With the appropriate tools and the necessary amount of firepower, an attacker can easily convert information from social media or data from your mobile device into complex targeted attacks, and all at minimum cost.

In this paper we will describe how these attacks can be automated, identify the necessary tools and the associated costs implied, along with offering possible solutions to address this problem, based on some eloquent examples of socially engineered attacks discovered in the past months.

We will also present a live demo of how these attacks are generated and the final output when we blend natural language processing techniques with social threats.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

Jobs Recruit Sidebar

Virus Bulletin
In this month's magazine:
  • VBSpam comparative review March 2014
  • VB100 comparative review on Ubuntu Server 12.04LTS
  • The shape of things to come
  • Threat intelligence sharing: tying one hand behind our backs
  • The curse of Necurs, part 1
  • More fast or more dirty?
  • Tofsee botnet
  • Back to VBA
  • Is the security industry up to the new challenges to come?
  • Greetz from academe: No place to Hyde
Virus Bulletin 04 2014
Subscribe now!

Virus Bulletin currently has 231,318 registered users.