SlideShare uma empresa Scribd logo

Social Engineering Research Methods

Transferir como PPSX, PDF
N
Neuromon 21

Ingeniería social http://www.cse.unr.edu/~mgunes/cs450/cs450sp11/student/

Educação
1 de 19
Social Engineering Training Jan-Willem Bullee
2 Cyber-crime Science Background  Effectiveness of authority on compliance  We can get some of the answers from » Literature (Meta-analysis) » Attacker stories/interviews  But the answers are inconclusive » Different context » Hard to measure human nature » Difficult to standardize behaviour. 2
3 Cyber-crime Science Persuasion Principles  Authority  Conformity  Commitment  Liking  Reciprocity  Scarcity 3
4 Cyber-crime Science Authority  Titles: Professionals vs Lay people  Clothing: Formal vs Casual  Trappings: Status vs Insignificance 4 [Cia01] R. B. Cialdini. The science of persuasion. Scientific American Mind, 284:76-81, Feb 2001. http://dx.doi.org/10.1038/scientificamerican0201-76
5 Cyber-crime Science Literature on Authority  Classical Milgram Shock Experiment » 66% full compliance  Nurse-Physician relationship » 95% compliance  Login credentials » 47% compliance 5 [Mil63] S. Milgram. Behavioral study of obedience. The Journal of Abnormal and Social Psychology, 67(4), 371–378.
6 Cyber-crime Science Success factors of Authority  Sense of duty  Obedience to authority 6
7 Cyber-crime Science Attacker Stories  Books about Social Engineering  Six Principles of Persuasion  Provisionally Results: » 4 books » 100 cases. 7 [Mit02] K. Mitnick, W. L. Simon, and S. Wozniak. The Art of Deception: Controlling the Human Element of Security. Wiley, Oct 2002. http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0471237124.html
8 Cyber-crime Science Mitnick Analysis 8
9 Cyber-crime Science Nurse Study: Design  Attacker: Doctor  Target: Nurse  Goal: Violating policy » Maximum dose of medicine  Interface: Phone  Persuasion Principle: Authority 9 [Hof66] C. Hofling, E. Brotzman, S. Dalrymple, N. Graves, and C. Pierce. An experimental study in Nurse-Physician relationships. J. of Nervous & Mental Disease, 143(2):171-180, Aug 1966.
10 Cyber-crime Science Stealing a key  What is the influence on compliance on a request of: » Social Engineering (e.g. Authority)  You are the researchers! 10
11 Cyber-crime Science Our: Design  Attacker: You (Student)  Target: Employee  Goal: Violating policy » Sharing office key with 3rd party  Interface: Face 2 Face  Persuasion Principle: Authority 11
12 Cyber-crime Science Method : Our design  Dependent and Independent variables  4 experimental conditions » Intervention / No Intervention » Authority / No Authority  Dependent variable » Compliance / No Compliance to request. 12 Request Comply [Fie09] A. Field. Discovering statistics using SPSS. Sage, London, 3rd edition, Jan 2009. http://www.uk.sagepub.com/field3e/main.htm
13 Cyber-crime Science Method : Our procedure  Subjects from the Carré building » 14 research groups » 4 conditions  Intervention vs No intervention  Authority: Suite vs Casual  Randomized sample  Attack in 1 day 13
14 Cyber-crime Science Method : Our procedure  Attack targets » Impersonate facility manager, and ask for the key of the employee » Short Questionnaire » Note date, time, location, condition, compliance, difficulty, etc.  More details on the course-site 14
15 Cyber-crime Science What to do on Wed 11 Sep  Attacker training in the morning CR2022  Execute experiment individually (or in duo’s) » One or two attackers per area » Condition and area allocation: Jan-Willem Bullee On the course-site soon » Debrief directly after attack 15
16 Cyber-crime Science What to do on Wed 11 Sep  We have permission to do this only at » UT: Carré  Enter your data in SPSS » Directly after the attack » Come to me ZI4047  Earn 0.5 (out of 10) bonus points 16
17 Cyber-crime Science Ethical issues  Informed consent not possible  Zero risk for the subjects  Approved by facility management  Consistent with data protection (PII form)  Approved by ethical committee, see http://www.utwente.nl/ewi/en/research/ethics_protocol/ 17
18 Cyber-crime Science Conclusion  Designing research involves: » Decide what data are needed » Decide how to collect the data » Use validated techniques where possible » Experimental Design, pilot, evaluate and improve » Training, data gathering » Start again... 18
19 Cyber-crime Science Further Reading 19 [Cia09] R. B. Cialdini. Influence: The Psychology of Persuasion. Harper Collins, 2009. http://www.harpercollins.com/browseinside/index.aspx?isbn13=9780061241895 [Gre96a] T. Greening. Ask and ye shall receive: a study in 'social engineering'. SIGSAC Rev., 14(2):8-14, Apr 1996. http://doi.acm.org/10.1145/228292.228295

Recomendados

Conversion Hotel 2018 Keynote: Lizzie Eardley
Conversion Hotel 2018 Keynote: Lizzie EardleyConversion Hotel 2018 Keynote: Lizzie Eardley
Conversion Hotel 2018 Keynote: Lizzie EardleyWebanalisten .nl
 
Do no harm: Tips for avoiding the unethical turn of events in user research (...
Do no harm: Tips for avoiding the unethical turn of events in user research (...Do no harm: Tips for avoiding the unethical turn of events in user research (...
Do no harm: Tips for avoiding the unethical turn of events in user research (...Jennifer (Jen) McGinn
 
A Case Study of Bias in Bug-Fix Datasets
A Case Study of Bias in Bug-Fix DatasetsA Case Study of Bias in Bug-Fix Datasets
A Case Study of Bias in Bug-Fix DatasetsSAIL_QU
 
Ingenieria Social
Ingenieria SocialIngenieria Social
Ingenieria SocialCarlos Fernandez
 
Ingeniería social
Ingeniería social Ingeniería social
Ingeniería social Cosme Fulanito
 
Ingenieria social
Ingenieria socialIngenieria social
Ingenieria socialmdsp1995
 
Ingenieria Social
Ingenieria SocialIngenieria Social
Ingenieria SocialLuis R Castellanos
 
06 Network Study Design: Ethical Considerations and Safeguards (2016)
06 Network Study Design: Ethical Considerations and Safeguards (2016)06 Network Study Design: Ethical Considerations and Safeguards (2016)
06 Network Study Design: Ethical Considerations and Safeguards (2016)Duke Network Analysis Center
 

Recomendados

Conversion Hotel 2018 Keynote: Lizzie Eardley
Conversion Hotel 2018 Keynote: Lizzie EardleyConversion Hotel 2018 Keynote: Lizzie Eardley
Conversion Hotel 2018 Keynote: Lizzie EardleyWebanalisten .nl
 
Do no harm: Tips for avoiding the unethical turn of events in user research (...
Do no harm: Tips for avoiding the unethical turn of events in user research (...Do no harm: Tips for avoiding the unethical turn of events in user research (...
Do no harm: Tips for avoiding the unethical turn of events in user research (...Jennifer (Jen) McGinn
 
A Case Study of Bias in Bug-Fix Datasets
A Case Study of Bias in Bug-Fix DatasetsA Case Study of Bias in Bug-Fix Datasets
A Case Study of Bias in Bug-Fix DatasetsSAIL_QU
 
Ingenieria Social
Ingenieria SocialIngenieria Social
Ingenieria SocialCarlos Fernandez
 
Ingeniería social
Ingeniería social Ingeniería social
Ingeniería social Cosme Fulanito
 
Ingenieria social
Ingenieria socialIngenieria social
Ingenieria socialmdsp1995
 
Ingenieria Social
Ingenieria SocialIngenieria Social
Ingenieria SocialLuis R Castellanos
 
06 Network Study Design: Ethical Considerations and Safeguards (2016)
06 Network Study Design: Ethical Considerations and Safeguards (2016)06 Network Study Design: Ethical Considerations and Safeguards (2016)
06 Network Study Design: Ethical Considerations and Safeguards (2016)Duke Network Analysis Center
 
06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguards06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguardsdnac
 
INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docx INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docxhallettfaustina
 
Introduction to the ethics of machine learning
Introduction to the ethics of machine learningIntroduction to the ethics of machine learning
Introduction to the ethics of machine learningDaniel Wilson
 
501 Presentation 10-9
501 Presentation 10-9501 Presentation 10-9
501 Presentation 10-9Alan Nochenson
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Fullgloriakt
 
A Case for Expectation Informed Design
A Case for Expectation Informed DesignA Case for Expectation Informed Design
A Case for Expectation Informed Designgloriakt
 
The Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects ResearchThe Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects ResearchInternet Research Ethics Digital Library, Resource Center, and Commons
 
Data, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceData, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceUniversity of Washington
 
Data Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyData Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyTarun Chopra
 
AAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityAAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityLangerResearch
 
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxL. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxcroysierkathey
 
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxPrivacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxsleeperharwell
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a DiseaseSurfWatch Labs
 
Discussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinDiscussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinVinaOconner450
 
Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsAttaporn Ninsuwan
 
Introduction to ethics 1
Introduction to ethics 1Introduction to ethics 1
Introduction to ethics 1syedsaqibrazarizvi
 
Chapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxChapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxketurahhazelhurst
 
Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012thesocialreporters
 
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011freida_m
 
Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Carlos Castillo (ChaTo)
 
ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 
CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 

Mais conteúdo relacionado

Semelhante a Social Engineering Research Methods

06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguards06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguardsdnac
 
INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docx INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docxhallettfaustina
 
Introduction to the ethics of machine learning
Introduction to the ethics of machine learningIntroduction to the ethics of machine learning
Introduction to the ethics of machine learningDaniel Wilson
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Fullgloriakt
 
A Case for Expectation Informed Design
A Case for Expectation Informed DesignA Case for Expectation Informed Design
A Case for Expectation Informed Designgloriakt
 
Data, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceData, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceUniversity of Washington
 
Data Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyData Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyTarun Chopra
 
AAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityAAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityLangerResearch
 
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxL. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxcroysierkathey
 
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxPrivacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxsleeperharwell
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a DiseaseSurfWatch Labs
 
Discussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinDiscussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinVinaOconner450
 
Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsAttaporn Ninsuwan
 
Chapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxChapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxketurahhazelhurst
 
Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012thesocialreporters
 
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011freida_m
 
Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Carlos Castillo (ChaTo)
 

Semelhante a Social Engineering Research Methods (20)

06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguards06 Network Study Design: Ethical Considerations and Safeguards
06 Network Study Design: Ethical Considerations and Safeguards
 
INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docx INTRODUCTION This chapter will focus on the causes o.docx
INTRODUCTION This chapter will focus on the causes o.docx
 
Introduction to the ethics of machine learning
Introduction to the ethics of machine learningIntroduction to the ethics of machine learning
Introduction to the ethics of machine learning
 
501 Presentation 10-9
501 Presentation 10-9501 Presentation 10-9
501 Presentation 10-9
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Full
 
A Case for Expectation Informed Design
A Case for Expectation Informed DesignA Case for Expectation Informed Design
A Case for Expectation Informed Design
 
The Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects ResearchThe Intersection of Social Media and Human Subjects Research
The Intersection of Social Media and Human Subjects Research
 
Data, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data ScienceData, Responsibly: The Next Decade of Data Science
Data, Responsibly: The Next Decade of Data Science
 
Data Science at Intersection of Security and Privacy
Data Science at Intersection of Security and PrivacyData Science at Intersection of Security and Privacy
Data Science at Intersection of Security and Privacy
 
AAPOR 2012 Langer Probability
AAPOR 2012 Langer ProbabilityAAPOR 2012 Langer Probability
AAPOR 2012 Langer Probability
 
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docxL. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
L. Marinos and I. Askoxylakis (Eds.) HASHCII 2013, LNCS 8030.docx
 
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docxPrivacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
Privacy at Work —Ethical CriteriaAnders J. PerssonSven.docx
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a Disease
 
Discussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and CoordinDiscussion 1Proposed Topic Appropriate Training and Coordin
Discussion 1Proposed Topic Appropriate Training and Coordin
 
Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer Forensics
 
Introduction to ethics 1
Introduction to ethics 1Introduction to ethics 1
Introduction to ethics 1
 
Chapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docxChapter 16Internet, Secondary Analysis, and Historical Researc.docx
Chapter 16Internet, Secondary Analysis, and Historical Researc.docx
 
Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012
 
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
Advances in qualitative and quantitative fieldwork - Microcon fafo june 2011
 
Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)Detecting Algorithmic Bias (keynote at DIR 2016)
Detecting Algorithmic Bias (keynote at DIR 2016)
 

Mais de Neuromon 21

ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 
CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 
Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfExtracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfNeuromon 21
 
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...Neuromon 21
 
Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Neuromon 21
 
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Neuromon 21
 
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresDossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresNeuromon 21
 
Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Neuromon 21
 
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comIs there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comNeuromon 21
 
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...Neuromon 21
 
Ken Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasKen Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasNeuromon 21
 
La Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoLa Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoNeuromon 21
 
Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.bookNeuromon 21
 
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreLanguage the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreNeuromon 21
 
Nutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNeuromon 21
 
La Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalLa Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalNeuromon 21
 
Arianni conexión atlante
Arianni conexión atlanteArianni conexión atlante
Arianni conexión atlanteNeuromon 21
 
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Neuromon 21
 
Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Neuromon 21
 
Re vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comRe vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comNeuromon 21
 

Mais de Neuromon 21 (20)

ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...
 
CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...
 
Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfExtracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
 
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
 
Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021
 
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
 
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresDossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
 
Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014
 
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comIs there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
 
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
 
Ken Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasKen Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las Cosas
 
La Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoLa Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor Gatto
 
Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.book
 
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreLanguage the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
 
Nutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick Holford
 
La Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalLa Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria Natural
 
Arianni conexión atlante
Arianni conexión atlanteArianni conexión atlante
Arianni conexión atlante
 
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
 
Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.
 
Re vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comRe vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel com
 

Último

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 

Último (20)

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 

Social Engineering Research Methods

  • 2. 2 Cyber-crime Science Background  Effectiveness of authority on compliance  We can get some of the answers from » Literature (Meta-analysis) » Attacker stories/interviews  But the answers are inconclusive » Different context » Hard to measure human nature » Difficult to standardize behaviour. 2
  • 3. 3 Cyber-crime Science Persuasion Principles  Authority  Conformity  Commitment  Liking  Reciprocity  Scarcity 3
  • 4. 4 Cyber-crime Science Authority  Titles: Professionals vs Lay people  Clothing: Formal vs Casual  Trappings: Status vs Insignificance 4 [Cia01] R. B. Cialdini. The science of persuasion. Scientific American Mind, 284:76-81, Feb 2001. http://dx.doi.org/10.1038/scientificamerican0201-76
  • 5. 5 Cyber-crime Science Literature on Authority  Classical Milgram Shock Experiment » 66% full compliance  Nurse-Physician relationship » 95% compliance  Login credentials » 47% compliance 5 [Mil63] S. Milgram. Behavioral study of obedience. The Journal of Abnormal and Social Psychology, 67(4), 371–378.
  • 6. 6 Cyber-crime Science Success factors of Authority  Sense of duty  Obedience to authority 6
  • 7. 7 Cyber-crime Science Attacker Stories  Books about Social Engineering  Six Principles of Persuasion  Provisionally Results: » 4 books » 100 cases. 7 [Mit02] K. Mitnick, W. L. Simon, and S. Wozniak. The Art of Deception: Controlling the Human Element of Security. Wiley, Oct 2002. http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0471237124.html
  • 9. 9 Cyber-crime Science Nurse Study: Design  Attacker: Doctor  Target: Nurse  Goal: Violating policy » Maximum dose of medicine  Interface: Phone  Persuasion Principle: Authority 9 [Hof66] C. Hofling, E. Brotzman, S. Dalrymple, N. Graves, and C. Pierce. An experimental study in Nurse-Physician relationships. J. of Nervous & Mental Disease, 143(2):171-180, Aug 1966.
  • 10. 10 Cyber-crime Science Stealing a key  What is the influence on compliance on a request of: » Social Engineering (e.g. Authority)  You are the researchers! 10
  • 11. 11 Cyber-crime Science Our: Design  Attacker: You (Student)  Target: Employee  Goal: Violating policy » Sharing office key with 3rd party  Interface: Face 2 Face  Persuasion Principle: Authority 11
  • 12. 12 Cyber-crime Science Method : Our design  Dependent and Independent variables  4 experimental conditions » Intervention / No Intervention » Authority / No Authority  Dependent variable » Compliance / No Compliance to request. 12 Request Comply [Fie09] A. Field. Discovering statistics using SPSS. Sage, London, 3rd edition, Jan 2009. http://www.uk.sagepub.com/field3e/main.htm
  • 13. 13 Cyber-crime Science Method : Our procedure  Subjects from the Carré building » 14 research groups » 4 conditions  Intervention vs No intervention  Authority: Suite vs Casual  Randomized sample  Attack in 1 day 13
  • 14. 14 Cyber-crime Science Method : Our procedure  Attack targets » Impersonate facility manager, and ask for the key of the employee » Short Questionnaire » Note date, time, location, condition, compliance, difficulty, etc.  More details on the course-site 14
  • 15. 15 Cyber-crime Science What to do on Wed 11 Sep  Attacker training in the morning CR2022  Execute experiment individually (or in duo’s) » One or two attackers per area » Condition and area allocation: Jan-Willem Bullee On the course-site soon » Debrief directly after attack 15
  • 16. 16 Cyber-crime Science What to do on Wed 11 Sep  We have permission to do this only at » UT: Carré  Enter your data in SPSS » Directly after the attack » Come to me ZI4047  Earn 0.5 (out of 10) bonus points 16
  • 17. 17 Cyber-crime Science Ethical issues  Informed consent not possible  Zero risk for the subjects  Approved by facility management  Consistent with data protection (PII form)  Approved by ethical committee, see http://www.utwente.nl/ewi/en/research/ethics_protocol/ 17
  • 18. 18 Cyber-crime Science Conclusion  Designing research involves: » Decide what data are needed » Decide how to collect the data » Use validated techniques where possible » Experimental Design, pilot, evaluate and improve » Training, data gathering » Start again... 18
  • 19. 19 Cyber-crime Science Further Reading 19 [Cia09] R. B. Cialdini. Influence: The Psychology of Persuasion. Harper Collins, 2009. http://www.harpercollins.com/browseinside/index.aspx?isbn13=9780061241895 [Gre96a] T. Greening. Ask and ye shall receive: a study in 'social engineering'. SIGSAC Rev., 14(2):8-14, Apr 1996. http://doi.acm.org/10.1145/228292.228295