Method of Counteraction in Social Engineering on Information Activity Objectives
DOI:
https://doi.org/10.28925/2663-4023.2018.1.616Keywords:
social engineering, attack, fishing, access point, protection of personal informationAbstract
The article presents a study using attacks such as a fake access point and a phishing page. The previous publications on social engineering have been reviewed, statistics of break-ups are analyzed and directions and mechanism of realization of attacks having elements of social engineering are analyzed. The data from the research in three different places were collected and analyzed and the content statistics were provided. For comparison, three categories of higher education institutions were chosen: technical, humanitarian and mixed profiles. Since the research was conducted in educational institutions during the week, most students in the experiment and graduate students took part in the experiment. For each educational institution, a registration form template was created that mimicked the design of the main pages. Examples of hardware and software implementation of a typical stand for attack, data collection and analysis are given. In order to construct a test stand, widely available components were chosen to show how easy it is to carry out attacks of this kind without significant initial costs and special skills. The article provides statistics on the number of connections, permission to use the address of the e-mail and password, as well as permission to automatically transfer service data to the browser (cookies). The statistics are processed using specially written algorithms. The proposed approaches to solving the problem of socio-technical attacks can be used and implemented for operation on any objects of information activity. As a result of the experiments, it is clear that the awareness of users of even technical specialties is not enough, so one needs to pay particular attention to the development of methods for raising awareness of users and reducing the number of potential attacks on objects of information activity.
Downloads
References
O. O. Nemtseva, “Ponyattya informatsiyno-psykholohichnoho vplyvu [The Notion of Informational and Psychological Influence],” Social Communications: Theory and Practice, vol. 1, Kyiv, ICD IC “Komtek”, pp. 55–66, 2015. (In Ukrainian).
S. L. Emelyanov and V. V. Nosov, “Shlyakhy i kanaly vytoku informatsiyi z typovoho ob’yekta informatyzatsiyi [Ways and Channels of Information Leakage from a Typical Object of Informatization],” Law and Safety, no. 1, pp. 273–279, 2009. (In Ukrainian).
L. Ya. Filippova, “Informatsiyna paradyhma sotsial'noyi komunikatsiyi (ohlyad naukovykh pidkhodiv i kontseptsiy) [Information Paradigm of Social Communication (Review of Scientific Approaches and Concepts)],” Bulletin of the Kharkiv State Academy of Culture, no. 39, pp. 79–86, 2013. (In Ukrainian).
D. A. Dashko and V. I. Meshkov, “Sotsial'naya inzheneriya s tochki zreniya informatsionnoi bezopasnosti [Social Engineering from the Point of View of Information Security],” in V Ukrainian Conference “ITBtaZ,” Apr. 2013, Kyiv, DVNZ “NGU,” LLC “Salvia,” pp. 1–2, 2013. (In Russian).
A. V. Daddyuk and V. M. Petryk, “Protydiya avtomatyzovanym zasobam vykorystannya sotsial'noyi inzheneriyi [Counteraction to Automated Means of Using Social Engineering],” Proceedings of the IX All-
Ukrainian Scientific and Practical Conference “Actual Problems of Information Security Management of the
State,” Kyiv, NASBU, pp. 346–347, Mar. 2018. (In Ukrainian).
Ya. Yu. Navrotsky and N. V. Patsey, “Realizatsiya politik keshirovaniya v informatsionno-orientirovannykh setyakh [Implementation of Caching Policies in Information-Oriented Networks],” in BSTU, vol. 3, #1, Minsk, BSSTU, pp. 99–103, 2018. (In Russian).
“Data Breach Investigations Report,” Verizon Communications Inc., 11th ed., 68 p., 2018.
“Sovremennye ugrozy, iskhodyashchie ot informatsionnykh sistem [Modern threats emanating from information systems],” InfoWatch, 12 p., 2017. (In Russian).
“Mezhdunarodnyi ISO/IEC standart 27001:2013. Informatsionnye tekhnologii. Metody zashchity. Sistemy menedzhmenta informatsionnoi bezopasnosti. Trebovaniya [International ISO/IEC Standard 27001:2013. Information technology. Methods of protection. Information Security Management Systems. Requirements],” 2013, 34 p. (In Russian).
M. O. Shatkovsky, “Vplyv sotsial'noyi inzheneriyi na informatsiynu bezpeku orhanizatsiy [The Influence of Social Engineering on the Information Security of Organizations],” Kyiv, NTUU “KPI”, 2015, 4 p. [in Ukrainian].