Since it is difficult to change people’s behavior, it doesn’t help to provide training about how to behave securely. This is shown by Marcus Nohlberg in his dissertation at Stockholm University in Sweden in which he studied attacks that are called social engineering in IT contexts.
The concept of social engineering refers to the art of using social codes and knowledge of human behavior to get us to provide information or do things we should not do. A topical example happened very recently in Sweden, where people received calls from a person who purported to represent the IT office at their bank and asked them to identify themselves using their personal bank encoders. The attacker then used these codes to steal money from the victims’ accounts.
“I predicted a couple of years ago that this kind of attack would become common, especially account fraud,” says Marcus Nohlberg.
Despite the serious consequences, with many successful fraud attempts, this technique has received little attention among researchers. Marcus Nohlberg’s research has led to enhanced knowledge about what methods attackers use and what it is that makes people and organizations so vulnerable. Somewhat depressingly, Marcus Nohlberg’s research shows that information and training do not work as well as we think:
“There will always be a small group of people who do not do as they were taught. What’s more, it’s all too seldom that people undergo training in security issues in general. To change behavior, this is something that needs to be worked with constantly. The best thing is practical training, and it’s probable that organizations will need to start running internal checks where they in fact create fictitious attacks in order to identify weaknesses,” says Marcus Nohlberg.
Social engineering as a method of fraud is costly for the attacker since it requires commitment and time. However, software and technologies already exist that can interact with other people automatically:
“You can easily imagine how serious it will be when such programs target victims via digital forums like Facebook in the future. When it becomes just as simple as spreading spam, this will present a major threat to social activities on the Internet.”
In his research, Marcus Nohlberg presents a description of fraud crimes from the perspectives of victims, perpetrators, and defenders, but he also offers suggested measures for preventing attacks, based on his own experiences from controlled attacks.
Title of dissertation: Securing Information Assets -- Understanding, Measuring and Protecting against Social Engineering Attacks.
Maria Erlandsson | alfa
Fixating on faces
26.01.2017 | California Institute of Technology
Internet use in class tied to lower test scores
16.12.2016 | Michigan State University
More and more automobile companies are focusing on body parts made of carbon fiber reinforced plastics (CFRP). However, manufacturing and repair costs must be further reduced in order to make CFRP more economical in use. Together with the Volkswagen AG and five other partners in the project HolQueSt 3D, the Laser Zentrum Hannover e.V. (LZH) has developed laser processes for the automatic trimming, drilling and repair of three-dimensional components.
Automated manufacturing processes are the basis for ultimately establishing the series production of CFRP components. In the project HolQueSt 3D, the LZH has...
Reflecting the structure of composites found in nature and the ancient world, researchers at the University of Illinois at Urbana-Champaign have synthesized thin carbon nanotube (CNT) textiles that exhibit both high electrical conductivity and a level of toughness that is about fifty times higher than copper films, currently used in electronics.
"The structural robustness of thin metal films has significant importance for the reliable operation of smart skin and flexible electronics including...
The nearby, giant radio galaxy M87 hosts a supermassive black hole (BH) and is well-known for its bright jet dominating the spectrum over ten orders of magnitude in frequency. Due to its proximity, jet prominence, and the large black hole mass, M87 is the best laboratory for investigating the formation, acceleration, and collimation of relativistic jets. A research team led by Silke Britzen from the Max Planck Institute for Radio Astronomy in Bonn, Germany, has found strong indication for turbulent processes connecting the accretion disk and the jet of that galaxy providing insights into the longstanding problem of the origin of astrophysical jets.
Supermassive black holes form some of the most enigmatic phenomena in astrophysics. Their enormous energy output is supposed to be generated by the...
The probability to find a certain number of photons inside a laser pulse usually corresponds to a classical distribution of independent events, the so-called...
Microprocessors based on atomically thin materials hold the promise of the evolution of traditional processors as well as new applications in the field of flexible electronics. Now, a TU Wien research team led by Thomas Müller has made a breakthrough in this field as part of an ongoing research project.
Two-dimensional materials, or 2D materials for short, are extremely versatile, although – or often more precisely because – they are made up of just one or a...
20.04.2017 | Event News
18.04.2017 | Event News
03.04.2017 | Event News
27.04.2017 | Life Sciences
27.04.2017 | Physics and Astronomy
27.04.2017 | Earth Sciences