honeybot
play

Honeybot Your Man in the Middle for Automated Social Engineering - PowerPoint PPT Presentation

Aug 09, 2023 •508 likes •633 views

Honeybot Your Man in the Middle for Automated Social Engineering Institute Eurecom Tobias Lauinger Davide Balzarotti Veikko Pankakoski Engin Kirda Automated Social Engineering iSecLab Institute Eurecom Spambot sending spam

  1. Honeybot Your Man in the Middle for Automated Social Engineering Institute Eurecom Tobias Lauinger Davide Balzarotti Veikko Pankakoski Engin Kirda

  2. Automated Social Engineering iSecLab Institute Eurecom • Spambot sending spam • Phisher chatting with scales well victims is “hard” to detect by users • Attack is “easy” to identify by users • Attack does not scale Click here if you want to see me Good morning sir naked: http://123.123.123.123/ > Good morning We need to verify your details > Why? We do this periodically How could attackers Could you give me your birth date? improve this? > ... LEET Workshop 2010-04-27 2

  3. Previous Work iSecLab Institute Eurecom Huber, Kowalski, Nohlberg, Tjoa. Towards automating social engineering using social networking sites. In CSE, 2009. – Introduced notion of ASE – Chatterbot, identified by users after 3 messages (80%) • A pathological chatterbot example (ELIZA): Hello, I am Eliza. Hello Eliza, how are you? Would you prefer if I were not ? Eliza Emil LEET Workshop 2010-04-27 3

  4. Honeybot in the Middle iSecLab Institute Eurecom • Bot initiates conversations with users on chat • Bot uses human user to answer messages Hi there! Hello Barbara! Hello Fritz! Barbara Emil Fritz Hi, how are you? (Honeybot) Hi, how are you? ROFL: http://ww... LEET Workshop 2010-04-27 4

  5. Does This Work in Practice? iSecLab Institute Eurecom We want to test Honeybot in the wild... ...in an ethical way. • Risks for test subjects – Waste of time – Revealing personal information – Emotional consequences • Careful setup to minimise these risks • Evaluation on IRC during 74 days For clarity of presentation, only results of channel Dating 1 . LEET Workshop 2010-04-27 5

  6. Bootstrapping a Conversation iSecLab Institute Eurecom • Say Hi, wanna chat? to 1 st user & forward reply • Total success probability 59.5% • Total median bootstrapping delay 44s LEET Workshop 2010-04-27 6

  7. Maintaining a Conversation iSecLab Institute Eurecom • Forwarding messages, median duration 112s • Replacing male ↔ female words: duration 317s I'm a gentleman , I'm a lady , you know. you know. LEET Workshop 2010-04-27 7

  8. Attack, Part 1: Links iSecLab Institute Eurecom • Different contents & occasion of links Link Type Keyword Random Replacement TOTAL IP Address 50.5% 59.7% 58.3% 54.5% TinyURL 61.3% 64.5% 87.5% 63.5% MySpace 56.4% 71.3% 77.8% 62.8% TOTAL 55.9% 64.8% 76.1% 60.1% LEET Workshop 2010-04-27 8

  9. Attack, Part 2: Questions iSecLab Institute Eurecom • btw, what was US president Obama's first name again? I completely forgot – 56.1% correct answers (keyword matching) • do u know where is the eiffel tower? I know it's in France but where??? – 47.2% correct answers LEET Workshop 2010-04-27 9

  10. Countermeasures iSecLab Institute Eurecom • Technical – Prevent message forwarding, warning next to links, block links... – Can be circumvented • Systematic – Talk to verified friends only, but: Profile cloning – Trust-based mechanisms – User education, but: Attack difficult to detect LEET Workshop 2010-04-27 10

  11. Conclusion iSecLab Institute Eurecom • Towards automating social engineering – Using human to answer messages – Influence conversation – Automated & human (scalable and difficult to detect) • Tested spamming & questioning – high click rates – good stealth: “ you've got a virus, seek help! ” • Could be used to spy on conversations in underground economy channels LEET Workshop 2010-04-27 11

  12. Questions? iSecLab Institute Eurecom xkcd.com LEET Workshop 2010-04-27 12

Recommend

More recommend