Honeybot, your man in the middle for automated social engineering
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Exploiting social networking sites for spam
Proceedings of the 17th ACM conference on Computer and communications security
Cheap and automated socio-technical attacks based on social networking sites
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Key challenges in defending against malicious socialbots
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Design and analysis of a social botnet
Computer Networks: The International Journal of Computer and Telecommunications Networking
Social engineering attacks on the knowledge worker
Proceedings of the 6th International Conference on Security of Information and Networks
| Hi-index | 0.02 |
A growing number of people use social networking sites to foster social relationships among each other. While the advantages of the provided services are obvious, drawbacks on a users' privacy and arising implications are often neglected. In this paper we introduce a novel attack called automated social engineering which illustrates how social networking sites can be used for social engineering. Our approach takes classical social engineering one step further by automating tasks which formerly were very time-intensive. In order to evaluate our proposed attack cycle and our prototypical implementation (ASE bot), we conducted two experiments. Within the first experiment we examine the information gathering capabilities of our bot. The second evaluation of our prototype performs a Turing test. The promising results of the evaluation highlight the possibility to efficiently and effectively perform social engineering attacks by applying automated social engineering bots.