Towards Automating Social Engineering Using Social Networking Sites (Preprint)

I made the preprint version of my publication on “Towards Automating Social Engineering Using Social Networking Sites” available online. You can fetch the pdf from here: http://asebot.nysos.net. As I said before I will present this work at this year’s PASSAT in Vancouver.

Abstract—A growing number of people use social networking
sites to foster social relationships among each other. While the
advantages of the provided services are obvious, drawbacks on
a users’ privacy and arising implications are often neglected. In
this paper we introduce a novel attack called automated social
engineering which illustrates how social networking sites can
be used for social engineering. Our approach takes classical
social engineering one step further by automating tasks which
formerly were very time-intensive. In order to evaluate our
proposed attack cycle and our prototypical implementation
(ASE bot), we conducted two experiments. Within the first
experiment we examine the information gathering capabilities
of our bot. The second evaluation of our prototype performs a
Turing test. The promising results of the evaluation highlight
the possibility to efficiently and effectively perform social
engineering attacks by applying automated social engineering
bots.

No Comments / Jul 06.09 / ASE, research, security, thesis / by markus

Politics on Facebook: The Iranian Election June 2009

The election results of the Iranian election from yesterday are causing major concerns among voters and controversy. Also have a look at this article (in German): http://www.zeit.de/online/2009/25/iran-wahl-ergebnis. It is interesting that there is a lot of discussion on Facebook about this topic.

Below are some screenshots of polical messages I saw on Facebook today:

It seems Facebook is blocked in China, Persia & Co. for a reason. I wish the Iraniens good luck and hope Facebook helps them.

UPDATE: Videos from youtube

2 Comments / Jun 13.09 / election, iran, personal, politics, random / by markus

Automated Social Engineering Bot - PASSAT 2009

I got a paper on my Automated Social Engineering Bot accepted at the PASSAT 2009 conference. I’ll post the camery-ready version soon. :-)

No Comments / Jun 13.09 / ASE, random, security, thesis / by markus

Paper accepted

We just got a paper accepted at the WISE09. It’s on virtualization of security lab exercises based on OSS. I planning to post the paper here, once I have the print-ready version.

No Comments / Apr 20.09 / random, security / by markus

Automated Social Engineering PoC is out

I finished my thesis on automated social engineering via Facebook two weeks ago. More information and the thesis is available online: http://asebot.nysos.net .

I will present my work in Stockholm tomorrow and then leave to Madrid for some vacations.

No Comments / Mar 23.09 / ASE, security, thesis / by markus

An end is in sight …

I’m writing the last pages of my master’s thesis on Automated Social Engineering and should present my work soon. Once it’s done I’m also planning to post a digitial version online on my blog.

1 Comment / Feb 27.09 / ASE, random, security / by markus

25C3

Attending the Chaos Communication Congress for the first time this year, I must say it’s rather exciting so far. The presentations have been outstanding, especially the one by Jacob Appelbaum on the Cold Boot Attack, and TCP Denial of Service Vulnerabilities by Fabian Yamaguchi. Vienna seems to be well represented here in Berlin, with Metalab also during presentations.

25C3

No Comments / Dec 29.08 / 25c3, security / by markus

Small update

Time is passing by fast. After my last trips in to Copenhagen, Brussels, and Tallinn - it’s my last week at the DSV Seclab in Stockholm. At the moment I’m working on my master’s thesis and also on solving the fun time-consuming security challenges of Advanced Internet Security at TU Vienna. Now it’s time for Christmas at home and I’m already looking forward to attending the 25C3 in Berlin.

No Comments / Dec 15.08 / random, security / by markus

Time to say …

au revoir Genève!

I had a brilliant time at CERN. I could learn quite a lot and met a bunch of super-fun and fascinating people. My personal highlights included: after work editor-wars at R1, one student’s mum calling after seeing him on TV to tell him “you should shave”, one guy getting corrected on the 17th digest of PI (he calculated with some Taylor series at a party), and of course the LHC start-up.

Today I’ll go back to Austria then leave for mini-vacations to Istanbul with my beloved Ms. Fru Li and finally go back to sthlm to finish my studies.

Among all CERN celebrities (including Nobel Laureates) I chose this picture I took with alpinekat from the LHC-Rap. :-)

No Comments / Sep 19.08 / cern, random / by markus

LHC-CMS hacked?

“The Telegraph reports that Greek hackers were able to gain momentary access to a CERN computer system of the Large Hadron Collider (LHC) while the first particles were zipping around the particle accelerator on September 10th. “

With all this nonsense about the LHC right now, this article is not a big surprise:
http://it.slashdot.org/article.pl?sid=08/09/12/1657211
http://www.telegraph.co.uk/earth/main.jhtml?xml=/earth/2008/09/12/scicern312.xml&page=1

In my personal opinion this article is somewhat lurid; I totally question that anyone could break into LHC(island-system) or vaguely understand how the system works/could be manipulated.

Update: Although the story already seems to have disappeared from the media, an article in the German newspaper Die Zeit aptly summed up the official report of CERN - which made once again clear that solely a web server was compromised (a plain script kiddie’s site-defacement).

1 Comment / Sep 13.08 / cern, security / by markus

« Previous Entries


2008 DIO.NYSOS.NET:~$ . Thanks for visiting!