Automated Social Engineering Attacks using ChatBots on Professional Social Networks
Resumo
The growth of the internet and social networks has intensified human interactions, raising the risk of cyberattacks. Social Engineering targets those human relationships in the cyber environment, using technology as a support to exploit natural human failures. Research has shown the capacity of Social Engineering attacks, however, there are few papers focusing on the evolution and trust of ChatBots and automation as a support for those attacks. This paper presents an analysis of the capacity of professional social networks to detect and block automated Social Engineering threats to their users. The approach developed allowed us to identify the characteristics of the trust relationship between the user, the social network, and the ChatBot resulting from the established interaction, and failures on the part of social networks to identify and block this kind of behavior. To this end, an automated Social Engineering bot was developed. The analysis and discussion of the results allow demonstration of the security vulnerabilities present in professional networks and in building the user’s trust relationship with the ChatBot.
Referências
Al-Charchafchi, A., Manickam, S., and Alqattan, Z. N. (2019). Threats against information privacy and security in social networks: A review. In International Conference on Advances in Cyber Security, pages 358–372. Springer.
Aroyo, A. M., Rea, F., Sandini, G., and Sciutti, A. (2018). Trust and social engineering in human robot interaction. IEEE Robotics and Automation Letters, 3(4):3701–3708.
Assenmacher, D., Clever, L., Frischlich, L., Quandt, T., Trautmann, H., and Grimme, C. (2020). Demystifying social bots: On the intelligence of automated social media actors. Social Media+ Society, 6(3):2056305120939264.
Boshmaf, Y., Muslukhov, I., Beznosov, K., and Ripeanu, M. (2011). The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th annual computer security applications conference, pages 93–102.
Boshmaf, Y., Muslukhov, I., Beznosov, K., and Ripeanu, M. (2013). Design and analysis of a social botnet. Computer Networks, 57(2):556–578.
Camisani-Calzolari, M. (2012). Analysis of twitter followers of the us presidential election candidates: Barack obama and mitt romney. http://digitalevaluations.com.
Castells, M. (2009). Communication power. nueva york: oxford university press.
Crossler, R. and Bélanger, F. (2014). An extended perspective on individual security behaviors. ACM SIGMIS Database, 45(4):51–71.
Culot, G., Fattori, F., Podrecca, M., and Sartor, M. (2019). Addressing industry 4.0 cybersecurity challenges. IEEE Engineering Management Review, 47(3):79–86.
Darwish, A., Zarka, A. E., and Aloul, F. (2012). Towards understanding phishing victims’ profile. In 2012 International Conference on Computer Systems and Industrial Informatics, pages 1–5.
De Kimpe, L., Ponnet, K., Walrave, M., Snaphaan, T., Pauwels, L., and Hardyns, W. (2020). Help, i need somebody: Examining the antecedents of social support seeking among cybercrime victims. Computers in Human Behavior, 108:106310.
Dewangan, M. and Kaushal, R. (2016). Socialbot: Behavioral analysis and detection. In International Symposium on Security in Computing and Communication, pages 450– 460. Springer.
Ferrara, E., Varol, O., Davis, C., Menczer, F., and Flammini, A. (2016). The rise of social bots. Communications of the ACM, 59(7):96–104.
Freitas, C., Benevenuto, F., Ghosh, S., and Veloso, A. (2015). Reverse engineering socialbot infiltration strategies in twitter. In IEEE/ACM ASONAM 2015), pages 25–32. IEEE.
Freitas, C., Benevenuto, F., and Veloso, A. (2014). Socialbots: Implicações na segurança e na credibilidade de serviços baseados no twitter. SBRC, Santa Catarina, Brasil, pages 603–616.
Gallegos-Segovia, P. L., Bravo-Torres, J. F., Larios-Rosillo, V. M., Vintimilla-Tapia, P. E., Yuquilima-Albarado, I. F., and Jara-Saltos, J. D. (2017). Social engineering as an attack vector for ransomware. In CHILECON 2017, pages 1–6. IEEE.
Greitzer, F. L., Purl, J., Leong, Y. M., and Sticha, P. J. (2019). Positioning your organization to respond to insider threats. IEEE Engineering Management Review, 47(2):75–83.
Grimme, C., Preuss, M., Adam, L., and Trautmann, H. (2017). Social bots: Human-like by means of human control? Big data, 5(4):279–293.
Guzman, A. L. and Lewis, S. C. (2020). Artificial intelligence and communication. New Media & Society, 22(1):70–86.
Hepp, A. (2020). Artificial companions, social bots and work bots. Media, Culture & Society, 42(7-8):1410–1426.
Huber, M., Kowalski, S., Nohlberg, M., and Tjoa, S. (2009). Towards automating social engineering using social networking sites. In 2009 International Conference on Computational Science and Engineering, volume 3, pages 117–124. IEEE.
Khan, R. and Das, A. (2018). Build better chatbots. A complete guide to getting started with chatbots.
Klimburg-Witjes, N. and Wentland, A. (2021). Hacking humans? social engineering and the construction of the “deficient user” in cybersecurity discourses. Science, Technology, & Human Values, 46(6):1316–1339.
Messias, J., Benevenuto, F., and Oliveira, R. (2018). Bots sociais: Como robôs podem se tornar pessoas influentes no twitter? Revista Eletrônica de Iniciação Científica em Computação, 16(1).
Mitnick, K. D. and Simon, W. L. (2003). The art of deception. John Wiley & Sons.
Paradise, A., Shabtai, A., and Puzis, R. (2019). Detecting organization-targeted socialbots by monitoring social network profiles. Networks and Spatial Economics, 19(3):731–761.
Piovesan, L. G., Silva, E. R. C., de Sousa, J. F., and Turibus, S. N. (2019). Engenharia social: Uma abordagem sobre phishing. REVISTA CIENTÍFICA DA FACULDADE DE BALSAS, 10(1):45–59.
Rouse, M. (2013). What is socialbot? https://WhatIs.com.
Salahdine, F. and Kaabouch, N. (2019). Social engineering attacks: a survey. Future Internet, 11(4):89.
Shafahi, M., Kempers, L., and Afsarmanesh, H. (2016). Phishing through social bots on twitter. In 2016 IEEE International Conference on Big Data, pages 3703–3712. IEEE.
Stoeckli, E., Uebernickel, F., and Brenner, W. (2018). Exploring affordances of slack integrations and their actualization within enterprises-towards an understanding of how chatbots create value. In Proceedings of the 51st Hawaii International Conference on System Sciences.
Tiwari, V. (2017). Analysis and detection of fake profile over social network. In ICCCA 2017, pages 175–179. IEEE.
Ye, W. and Li, Q. (2020). Chatbot security and privacy in the age of personal assistants. In IEEE/ACM SEC 2020, pages 388–393. IEEE.
Aroyo, A. M., Rea, F., Sandini, G., and Sciutti, A. (2018). Trust and social engineering in human robot interaction. IEEE Robotics and Automation Letters, 3(4):3701–3708.
Assenmacher, D., Clever, L., Frischlich, L., Quandt, T., Trautmann, H., and Grimme, C. (2020). Demystifying social bots: On the intelligence of automated social media actors. Social Media+ Society, 6(3):2056305120939264.
Boshmaf, Y., Muslukhov, I., Beznosov, K., and Ripeanu, M. (2011). The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th annual computer security applications conference, pages 93–102.
Boshmaf, Y., Muslukhov, I., Beznosov, K., and Ripeanu, M. (2013). Design and analysis of a social botnet. Computer Networks, 57(2):556–578.
Camisani-Calzolari, M. (2012). Analysis of twitter followers of the us presidential election candidates: Barack obama and mitt romney. http://digitalevaluations.com.
Castells, M. (2009). Communication power. nueva york: oxford university press.
Crossler, R. and Bélanger, F. (2014). An extended perspective on individual security behaviors. ACM SIGMIS Database, 45(4):51–71.
Culot, G., Fattori, F., Podrecca, M., and Sartor, M. (2019). Addressing industry 4.0 cybersecurity challenges. IEEE Engineering Management Review, 47(3):79–86.
Darwish, A., Zarka, A. E., and Aloul, F. (2012). Towards understanding phishing victims’ profile. In 2012 International Conference on Computer Systems and Industrial Informatics, pages 1–5.
De Kimpe, L., Ponnet, K., Walrave, M., Snaphaan, T., Pauwels, L., and Hardyns, W. (2020). Help, i need somebody: Examining the antecedents of social support seeking among cybercrime victims. Computers in Human Behavior, 108:106310.
Dewangan, M. and Kaushal, R. (2016). Socialbot: Behavioral analysis and detection. In International Symposium on Security in Computing and Communication, pages 450– 460. Springer.
Ferrara, E., Varol, O., Davis, C., Menczer, F., and Flammini, A. (2016). The rise of social bots. Communications of the ACM, 59(7):96–104.
Freitas, C., Benevenuto, F., Ghosh, S., and Veloso, A. (2015). Reverse engineering socialbot infiltration strategies in twitter. In IEEE/ACM ASONAM 2015), pages 25–32. IEEE.
Freitas, C., Benevenuto, F., and Veloso, A. (2014). Socialbots: Implicações na segurança e na credibilidade de serviços baseados no twitter. SBRC, Santa Catarina, Brasil, pages 603–616.
Gallegos-Segovia, P. L., Bravo-Torres, J. F., Larios-Rosillo, V. M., Vintimilla-Tapia, P. E., Yuquilima-Albarado, I. F., and Jara-Saltos, J. D. (2017). Social engineering as an attack vector for ransomware. In CHILECON 2017, pages 1–6. IEEE.
Greitzer, F. L., Purl, J., Leong, Y. M., and Sticha, P. J. (2019). Positioning your organization to respond to insider threats. IEEE Engineering Management Review, 47(2):75–83.
Grimme, C., Preuss, M., Adam, L., and Trautmann, H. (2017). Social bots: Human-like by means of human control? Big data, 5(4):279–293.
Guzman, A. L. and Lewis, S. C. (2020). Artificial intelligence and communication. New Media & Society, 22(1):70–86.
Hepp, A. (2020). Artificial companions, social bots and work bots. Media, Culture & Society, 42(7-8):1410–1426.
Huber, M., Kowalski, S., Nohlberg, M., and Tjoa, S. (2009). Towards automating social engineering using social networking sites. In 2009 International Conference on Computational Science and Engineering, volume 3, pages 117–124. IEEE.
Khan, R. and Das, A. (2018). Build better chatbots. A complete guide to getting started with chatbots.
Klimburg-Witjes, N. and Wentland, A. (2021). Hacking humans? social engineering and the construction of the “deficient user” in cybersecurity discourses. Science, Technology, & Human Values, 46(6):1316–1339.
Messias, J., Benevenuto, F., and Oliveira, R. (2018). Bots sociais: Como robôs podem se tornar pessoas influentes no twitter? Revista Eletrônica de Iniciação Científica em Computação, 16(1).
Mitnick, K. D. and Simon, W. L. (2003). The art of deception. John Wiley & Sons.
Paradise, A., Shabtai, A., and Puzis, R. (2019). Detecting organization-targeted socialbots by monitoring social network profiles. Networks and Spatial Economics, 19(3):731–761.
Piovesan, L. G., Silva, E. R. C., de Sousa, J. F., and Turibus, S. N. (2019). Engenharia social: Uma abordagem sobre phishing. REVISTA CIENTÍFICA DA FACULDADE DE BALSAS, 10(1):45–59.
Rouse, M. (2013). What is socialbot? https://WhatIs.com.
Salahdine, F. and Kaabouch, N. (2019). Social engineering attacks: a survey. Future Internet, 11(4):89.
Shafahi, M., Kempers, L., and Afsarmanesh, H. (2016). Phishing through social bots on twitter. In 2016 IEEE International Conference on Big Data, pages 3703–3712. IEEE.
Stoeckli, E., Uebernickel, F., and Brenner, W. (2018). Exploring affordances of slack integrations and their actualization within enterprises-towards an understanding of how chatbots create value. In Proceedings of the 51st Hawaii International Conference on System Sciences.
Tiwari, V. (2017). Analysis and detection of fake profile over social network. In ICCCA 2017, pages 175–179. IEEE.
Ye, W. and Li, Q. (2020). Chatbot security and privacy in the age of personal assistants. In IEEE/ACM SEC 2020, pages 388–393. IEEE.
Publicado
26/05/2023
Como Citar
ARIZA, Maurício; AZAMBUJA, Antonio João Gonçalves de; NOBRE, Jéferson Campos; GRANVILLE, Lisandro Zambenedetti.
Automated Social Engineering Attacks using ChatBots on Professional Social Networks. In: WORKSHOP DE GERÊNCIA E OPERAÇÃO DE REDES E SERVIÇOS (WGRS), 28. , 2023, Brasília/DF.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 43-56.
ISSN 2595-2722.
DOI: https://doi.org/10.5753/wgrs.2023.747.
