SlideShare ist ein Scribd-Unternehmen logo

Social engineering - Ingeniería social

Als PPSX, PDF herunterladen
N
Neuromon 21

Ingeniería social http://www.cse.unr.edu/~mgunes/cs450/cs450sp11/student/

Bildung
1 von 19
Social Engineering Training Jan-Willem Bullee
2 Cyber-crime Science Background  Effectiveness of authority on compliance  We can get some of the answers from » Literature (Meta-analysis) » Attacker stories/interviews  But the answers are inconclusive » Different context » Hard to measure human nature » Difficult to standardize behaviour. 2
3 Cyber-crime Science Persuasion Principles  Authority  Conformity  Commitment  Liking  Reciprocity  Scarcity 3
4 Cyber-crime Science Authority  Titles: Professionals vs Lay people  Clothing: Formal vs Casual  Trappings: Status vs Insignificance 4 [Cia01] R. B. Cialdini. The science of persuasion. Scientific American Mind, 284:76-81, Feb 2001. http://dx.doi.org/10.1038/scientificamerican0201-76
5 Cyber-crime Science Literature on Authority  Classical Milgram Shock Experiment » 66% full compliance  Nurse-Physician relationship » 95% compliance  Login credentials » 47% compliance 5 [Mil63] S. Milgram. Behavioral study of obedience. The Journal of Abnormal and Social Psychology, 67(4), 371–378.
6 Cyber-crime Science Success factors of Authority  Sense of duty  Obedience to authority 6
7 Cyber-crime Science Attacker Stories  Books about Social Engineering  Six Principles of Persuasion  Provisionally Results: » 4 books » 100 cases. 7 [Mit02] K. Mitnick, W. L. Simon, and S. Wozniak. The Art of Deception: Controlling the Human Element of Security. Wiley, Oct 2002. http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0471237124.html
8 Cyber-crime Science Mitnick Analysis 8
9 Cyber-crime Science Nurse Study: Design  Attacker: Doctor  Target: Nurse  Goal: Violating policy » Maximum dose of medicine  Interface: Phone  Persuasion Principle: Authority 9 [Hof66] C. Hofling, E. Brotzman, S. Dalrymple, N. Graves, and C. Pierce. An experimental study in Nurse-Physician relationships. J. of Nervous & Mental Disease, 143(2):171-180, Aug 1966.
10 Cyber-crime Science Stealing a key  What is the influence on compliance on a request of: » Social Engineering (e.g. Authority)  You are the researchers! 10
11 Cyber-crime Science Our: Design  Attacker: You (Student)  Target: Employee  Goal: Violating policy » Sharing office key with 3rd party  Interface: Face 2 Face  Persuasion Principle: Authority 11
12 Cyber-crime Science Method : Our design  Dependent and Independent variables  4 experimental conditions » Intervention / No Intervention » Authority / No Authority  Dependent variable » Compliance / No Compliance to request. 12 Request Comply [Fie09] A. Field. Discovering statistics using SPSS. Sage, London, 3rd edition, Jan 2009. http://www.uk.sagepub.com/field3e/main.htm
13 Cyber-crime Science Method : Our procedure  Subjects from the Carré building » 14 research groups » 4 conditions  Intervention vs No intervention  Authority: Suite vs Casual  Randomized sample  Attack in 1 day 13
14 Cyber-crime Science Method : Our procedure  Attack targets » Impersonate facility manager, and ask for the key of the employee » Short Questionnaire » Note date, time, location, condition, compliance, difficulty, etc.  More details on the course-site 14
15 Cyber-crime Science What to do on Wed 11 Sep  Attacker training in the morning CR2022  Execute experiment individually (or in duo’s) » One or two attackers per area » Condition and area allocation: Jan-Willem Bullee On the course-site soon » Debrief directly after attack 15
16 Cyber-crime Science What to do on Wed 11 Sep  We have permission to do this only at » UT: Carré  Enter your data in SPSS » Directly after the attack » Come to me ZI4047  Earn 0.5 (out of 10) bonus points 16
17 Cyber-crime Science Ethical issues  Informed consent not possible  Zero risk for the subjects  Approved by facility management  Consistent with data protection (PII form)  Approved by ethical committee, see http://www.utwente.nl/ewi/en/research/ethics_protocol/ 17
18 Cyber-crime Science Conclusion  Designing research involves: » Decide what data are needed » Decide how to collect the data » Use validated techniques where possible » Experimental Design, pilot, evaluate and improve » Training, data gathering » Start again... 18
19 Cyber-crime Science Further Reading 19 [Cia09] R. B. Cialdini. Influence: The Psychology of Persuasion. Harper Collins, 2009. http://www.harpercollins.com/browseinside/index.aspx?isbn13=9780061241895 [Gre96a] T. Greening. Ask and ye shall receive: a study in 'social engineering'. SIGSAC Rev., 14(2):8-14, Apr 1996. http://doi.acm.org/10.1145/228292.228295

Empfohlen

Conversion Hotel 2018 Keynote: Lizzie Eardley
Conversion Hotel 2018 Keynote: Lizzie EardleyConversion Hotel 2018 Keynote: Lizzie Eardley
Conversion Hotel 2018 Keynote: Lizzie EardleyWebanalisten .nl
 
Do no harm: Tips for avoiding the unethical turn of events in user research (...
Do no harm: Tips for avoiding the unethical turn of events in user research (...Do no harm: Tips for avoiding the unethical turn of events in user research (...
Do no harm: Tips for avoiding the unethical turn of events in user research (...Jennifer (Jen) McGinn
 
A Case Study of Bias in Bug-Fix Datasets
A Case Study of Bias in Bug-Fix DatasetsA Case Study of Bias in Bug-Fix Datasets
A Case Study of Bias in Bug-Fix DatasetsSAIL_QU
 
Ingenieria Social
Ingenieria SocialIngenieria Social
Ingenieria SocialCarlos Fernandez
 
Ingeniería social
Ingeniería social Ingeniería social
Ingeniería social Cosme Fulanito
 
Ingenieria social
Ingenieria socialIngenieria social
Ingenieria socialmdsp1995
 
Ingenieria Social
Ingenieria SocialIngenieria Social
Ingenieria SocialLuis R Castellanos
 
06 Network Study Design: Ethical Considerations and Safeguards (2016)
06 Network Study Design: Ethical Considerations and Safeguards (2016)06 Network Study Design: Ethical Considerations and Safeguards (2016)
06 Network Study Design: Ethical Considerations and Safeguards (2016)Duke Network Analysis Center
 

Empfohlen

Conversion Hotel 2018 Keynote: Lizzie Eardley
Conversion Hotel 2018 Keynote: Lizzie EardleyConversion Hotel 2018 Keynote: Lizzie Eardley
Conversion Hotel 2018 Keynote: Lizzie EardleyWebanalisten .nl
 
Do no harm: Tips for avoiding the unethical turn of events in user research (...
Do no harm: Tips for avoiding the unethical turn of events in user research (...Do no harm: Tips for avoiding the unethical turn of events in user research (...
Do no harm: Tips for avoiding the unethical turn of events in user research (...Jennifer (Jen) McGinn
 
A Case Study of Bias in Bug-Fix Datasets
A Case Study of Bias in Bug-Fix DatasetsA Case Study of Bias in Bug-Fix Datasets
A Case Study of Bias in Bug-Fix DatasetsSAIL_QU
 
Ingenieria Social
Ingenieria SocialIngenieria Social
Ingenieria SocialCarlos Fernandez
 
Ingeniería social
Ingeniería social Ingeniería social
Ingeniería social Cosme Fulanito
 
Ingenieria social
Ingenieria socialIngenieria social
Ingenieria socialmdsp1995
 
Ingenieria Social
Ingenieria SocialIngenieria Social
Ingenieria SocialLuis R Castellanos
 
06 Network Study Design: Ethical Considerations and Safeguards (2016)
06 Network Study Design: Ethical Considerations and Safeguards (2016)06 Network Study Design: Ethical Considerations and Safeguards (2016)
06 Network Study Design: Ethical Considerations and Safeguards (2016)Duke Network Analysis Center
 
06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguards06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguardsdnac
 
INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docx INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docxhallettfaustina
 
Introduction to the ethics of machine learning
Introduction to the ethics of machine learningIntroduction to the ethics of machine learning
Introduction to the ethics of machine learningDaniel Wilson
 
501 Presentation 10-9
501 Presentation 10-9501 Presentation 10-9
501 Presentation 10-9Alan Nochenson
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Fullgloriakt
 
A Case for Expectation Informed Design
A Case for Expectation Informed DesignA Case for Expectation Informed Design
A Case for Expectation Informed Designgloriakt
 
The Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects ResearchThe Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects ResearchInternet Research Ethics Digital Library, Resource Center, and Commons
 
Data, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceData, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceUniversity of Washington
 
Data Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyData Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyTarun Chopra
 
AAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityAAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityLangerResearch
 
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxL. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxcroysierkathey
 
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxPrivacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxsleeperharwell
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a DiseaseSurfWatch Labs
 
Discussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinDiscussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinVinaOconner450
 
Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsAttaporn Ninsuwan
 
Introduction to ethics 1
Introduction to ethics 1Introduction to ethics 1
Introduction to ethics 1syedsaqibrazarizvi
 
Chapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxChapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxketurahhazelhurst
 
Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012thesocialreporters
 
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011freida_m
 
Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Carlos Castillo (ChaTo)
 
ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 
CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 

Weitere ähnliche Inhalte

Ähnlich wie Social engineering - Ingeniería social

06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguards06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguardsdnac
 
INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docx INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docxhallettfaustina
 
Introduction to the ethics of machine learning
Introduction to the ethics of machine learningIntroduction to the ethics of machine learning
Introduction to the ethics of machine learningDaniel Wilson
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Fullgloriakt
 
A Case for Expectation Informed Design
A Case for Expectation Informed DesignA Case for Expectation Informed Design
A Case for Expectation Informed Designgloriakt
 
Data, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceData, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceUniversity of Washington
 
Data Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyData Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyTarun Chopra
 
AAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityAAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityLangerResearch
 
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxL. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxcroysierkathey
 
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxPrivacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxsleeperharwell
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a DiseaseSurfWatch Labs
 
Discussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinDiscussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinVinaOconner450
 
Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsAttaporn Ninsuwan
 
Chapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxChapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxketurahhazelhurst
 
Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012thesocialreporters
 
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011freida_m
 
Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Carlos Castillo (ChaTo)
 

Ähnlich wie Social engineering - Ingeniería social (20)

06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguards06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguards
 
INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docx INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docx
 
Introduction to the ethics of machine learning
Introduction to the ethics of machine learningIntroduction to the ethics of machine learning
Introduction to the ethics of machine learning
 
501 Presentation 10-9
501 Presentation 10-9501 Presentation 10-9
501 Presentation 10-9
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Full
 
A Case for Expectation Informed Design
A Case for Expectation Informed DesignA Case for Expectation Informed Design
A Case for Expectation Informed Design
 
The Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects ResearchThe Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects Research
 
Data, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceData, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data Science
 
Data Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyData Science at Intersection of Security and Privacy
Data Science at Intersection of Security and Privacy
 
AAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityAAPOR 2012 Langer Probability
AAPOR 2012 Langer Probability
 
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxL. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
 
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxPrivacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a Disease
 
Discussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinDiscussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and Coordin
 
Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer Forensics
 
Introduction to ethics 1
Introduction to ethics 1Introduction to ethics 1
Introduction to ethics 1
 
Chapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxChapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docx
 
Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012
 
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
 
Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)
 

Mehr von Neuromon 21

ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 
CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 
Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfExtracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfNeuromon 21
 
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...Neuromon 21
 
Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Neuromon 21
 
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Neuromon 21
 
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresDossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresNeuromon 21
 
Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Neuromon 21
 
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comIs there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comNeuromon 21
 
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...Neuromon 21
 
Ken Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasKen Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasNeuromon 21
 
La Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoLa Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoNeuromon 21
 
Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.bookNeuromon 21
 
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreLanguage the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreNeuromon 21
 
Nutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNeuromon 21
 
La Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalLa Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalNeuromon 21
 
Arianni conexión atlante
Arianni conexión atlanteArianni conexión atlante
Arianni conexión atlanteNeuromon 21
 
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Neuromon 21
 
Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Neuromon 21
 
Re vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comRe vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comNeuromon 21
 

Mehr von Neuromon 21 (20)

ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...
 
CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...
 
Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfExtracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
 
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
 
Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021
 
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
 
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresDossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
 
Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014
 
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comIs there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
 
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
 
Ken Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasKen Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las Cosas
 
La Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoLa Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor Gatto
 
Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.book
 
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreLanguage the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
 
Nutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick Holford
 
La Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalLa Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria Natural
 
Arianni conexión atlante
Arianni conexión atlanteArianni conexión atlante
Arianni conexión atlante
 
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
 
Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.
 
Re vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comRe vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel com
 

Kürzlich hochgeladen

Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 

Kürzlich hochgeladen (20)

Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 

Social engineering - Ingeniería social

  • 2. 2 Cyber-crime Science Background  Effectiveness of authority on compliance  We can get some of the answers from » Literature (Meta-analysis) » Attacker stories/interviews  But the answers are inconclusive » Different context » Hard to measure human nature » Difficult to standardize behaviour. 2
  • 3. 3 Cyber-crime Science Persuasion Principles  Authority  Conformity  Commitment  Liking  Reciprocity  Scarcity 3
  • 4. 4 Cyber-crime Science Authority  Titles: Professionals vs Lay people  Clothing: Formal vs Casual  Trappings: Status vs Insignificance 4 [Cia01] R. B. Cialdini. The science of persuasion. Scientific American Mind, 284:76-81, Feb 2001. http://dx.doi.org/10.1038/scientificamerican0201-76
  • 5. 5 Cyber-crime Science Literature on Authority  Classical Milgram Shock Experiment » 66% full compliance  Nurse-Physician relationship » 95% compliance  Login credentials » 47% compliance 5 [Mil63] S. Milgram. Behavioral study of obedience. The Journal of Abnormal and Social Psychology, 67(4), 371–378.
  • 6. 6 Cyber-crime Science Success factors of Authority  Sense of duty  Obedience to authority 6
  • 7. 7 Cyber-crime Science Attacker Stories  Books about Social Engineering  Six Principles of Persuasion  Provisionally Results: » 4 books » 100 cases. 7 [Mit02] K. Mitnick, W. L. Simon, and S. Wozniak. The Art of Deception: Controlling the Human Element of Security. Wiley, Oct 2002. http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0471237124.html
  • 9. 9 Cyber-crime Science Nurse Study: Design  Attacker: Doctor  Target: Nurse  Goal: Violating policy » Maximum dose of medicine  Interface: Phone  Persuasion Principle: Authority 9 [Hof66] C. Hofling, E. Brotzman, S. Dalrymple, N. Graves, and C. Pierce. An experimental study in Nurse-Physician relationships. J. of Nervous & Mental Disease, 143(2):171-180, Aug 1966.
  • 10. 10 Cyber-crime Science Stealing a key  What is the influence on compliance on a request of: » Social Engineering (e.g. Authority)  You are the researchers! 10
  • 11. 11 Cyber-crime Science Our: Design  Attacker: You (Student)  Target: Employee  Goal: Violating policy » Sharing office key with 3rd party  Interface: Face 2 Face  Persuasion Principle: Authority 11
  • 12. 12 Cyber-crime Science Method : Our design  Dependent and Independent variables  4 experimental conditions » Intervention / No Intervention » Authority / No Authority  Dependent variable » Compliance / No Compliance to request. 12 Request Comply [Fie09] A. Field. Discovering statistics using SPSS. Sage, London, 3rd edition, Jan 2009. http://www.uk.sagepub.com/field3e/main.htm
  • 13. 13 Cyber-crime Science Method : Our procedure  Subjects from the Carré building » 14 research groups » 4 conditions  Intervention vs No intervention  Authority: Suite vs Casual  Randomized sample  Attack in 1 day 13
  • 14. 14 Cyber-crime Science Method : Our procedure  Attack targets » Impersonate facility manager, and ask for the key of the employee » Short Questionnaire » Note date, time, location, condition, compliance, difficulty, etc.  More details on the course-site 14
  • 15. 15 Cyber-crime Science What to do on Wed 11 Sep  Attacker training in the morning CR2022  Execute experiment individually (or in duo’s) » One or two attackers per area » Condition and area allocation: Jan-Willem Bullee On the course-site soon » Debrief directly after attack 15
  • 16. 16 Cyber-crime Science What to do on Wed 11 Sep  We have permission to do this only at » UT: Carré  Enter your data in SPSS » Directly after the attack » Come to me ZI4047  Earn 0.5 (out of 10) bonus points 16
  • 17. 17 Cyber-crime Science Ethical issues  Informed consent not possible  Zero risk for the subjects  Approved by facility management  Consistent with data protection (PII form)  Approved by ethical committee, see http://www.utwente.nl/ewi/en/research/ethics_protocol/ 17
  • 18. 18 Cyber-crime Science Conclusion  Designing research involves: » Decide what data are needed » Decide how to collect the data » Use validated techniques where possible » Experimental Design, pilot, evaluate and improve » Training, data gathering » Start again... 18
  • 19. 19 Cyber-crime Science Further Reading 19 [Cia09] R. B. Cialdini. Influence: The Psychology of Persuasion. Harper Collins, 2009. http://www.harpercollins.com/browseinside/index.aspx?isbn13=9780061241895 [Gre96a] T. Greening. Ask and ye shall receive: a study in 'social engineering'. SIGSAC Rev., 14(2):8-14, Apr 1996. http://doi.acm.org/10.1145/228292.228295