Introduction: Twitter, Facebook, Instagram. What do all these and many other social media networks have in common? The all have functionality to show your location, give personal “tid-bits,” show pictures and generally create a public profile . These can all be a great way to stay in contact with friends and family despite long distances. They can also be a great way to get hired or show your talents and professional abilities. These social media networks can end up causing security catastrophes. This essay aims to discuss various technologies and methods used to socially engineer social networks. It will accomplish this by using resources from various experts, firsthand accounts and social experiments. Following these discussions, a conclusion will summarize the findings of this essay and provide contemplation topics for the reader. Social engineering may seem like a conspiracy theory, but despite what one may think it is a prevalent method currently in use by many organizations. It happens... Big organizations get targeted for social-engineering. In 2013 the New York Times fell victim to their website being defaced and this is accredited to a social-engineering attack. Countless organizations are victims to this prevalent hacking technique. Social engineering is usually done through emails or even face-to-face contacts. Those techniques can be easier to mitigate for many companies because they can enforce policies and procedures that protect themselves and their employees. A not so easy tactic to prevent is when attackers turn to social media for social-engineering.
Nearly everyone has a Facebook, LinkedIn or Twitter account . Many organizations have “Employees [that] are on Facebook, LinkedIn, Twitter and Quora, and they are adding personal information to the Web every single day” . This can be a big concern for companies because many employees will use these accounts to explicitly or implicitly state where they are, where they might be or what they are doing. A simple social-engineering attack may be simpler than people may think.
An attacker might begin by desiring the data and records from a specific organization. They can begin by getting on the internet and going to LinkedIn. From this website they can search for that specific organization. This will allow them to have the possibility to acquire many contacts. Then they may acquire “Job titles, employment histories, education history, affiliated organizations, business contacts and in some cases their [employee] pictures” . Based off this information the attacker could now get an idea of the hobbies they like, family relations and Facebook accounts. After this information is acquire a slightly technologically savvy attacker could spoof a text message from a business associate to the targeted victim. This text message could be the beginning of the end for an organization's security measures. This is just one of countless ways an attacker could use a social network for nefarious desires.
The scary stuff… It is fun to be able to update friends and family concerning one's whereabouts even safety can come from this, but widely available software might get the attention of individuals against streaming constant updates. Social networks love giving members the opportunity to inform others what is currently happening in their lives'. Social engineers also love this prevailing capability. Geolocation profiles are essentially dossiers containing as much information as possible about a targets' daily routine. These profiles are created by going through Facebook updates, Twitter updates and any other social media the target might be subscribed to, in order to obtain location updates. This information is used to find the target's physical location on the earth. Then, a "routine" is essentially written out that shows where the target is during the specified parts of the day.
A potential target might leave their house on their way to work and grab a coffee from Starbucks every morning. When they get to Starbucks they might take a picture of their morning coffee with some clever comment and post it to Facebook. An attacker might target their Facebook and be able to map out the days of the week that individual works and when they work based on these status updates. They may also be able to see what Starbucks location the individual goes to every work day. This is how an attacker can begin to build a geolocation profile.
Cree.py is a well-designed easy to use program used for creating geolocation profiles . This software comes with a neat tutorial and can install on just about a Linux or even Windows distribution. This software allows one to simply type in the user name of the social media account that the target subscribes to, and the software begins looking for any location updates. From here one can export the file to Google Earth and then the magic happens. The software will gladly create an entire map with times and dates of where the target was when they made a status update. This software is available for anyone, it is free and easy to install for nearly anyone that knows a little bit about technology. How does one protect themselves from such social media engineering techniques?
Robin Sage The Robin Sage experiment was a social-engineering experiment that used social media as the primary method . This social experiment was conducted for 28 days. During the course of these 28 days a profile was created for a fictitious female “security analyst” that happened to have an attractive profile picture. Thomas Ryan conducted this experiment as a way to draw attention and concern to this type of attack. Over the 28 days Ryan used this profile to gather “hundreds of connections through various social networking sites” . The most concerning part of the study was that Ryan was able to obtain “information revealed to Robin Sage [that] violated OPSEC procedures” . Ryan's fictitious profile was even asked to come and “speak at a variety of security conferences” . The conclusion of this case study show that one needs to beware of seemingly friendly unknown business connections.
Psychology Social engineers are essentially applying basic well known techniques from human psychology. “The trigger most often used by an attacker is called 'the strong affect.' This trigger uses a heightened sense of emotional state, such as fear, panic, excitement, or grief in order to get the victim to take an action” . This theory is often used in combination with breaking news and malicious links via social media. An attacker will wait until a news story becomes mainstream such as a celebrity dying or a plane crash. Once this has happened the attacker might take advantage of a social media technology like Twitter. They can Tweet a comment with the Hashtag that links to the mass event with a link in the Tweet stating something like, “Get the full story here” or some seemingly promising title. Any victim that clicks the link might get malware installed on their device. The best ways to thwart a social engineering through social media attack is usually education.
Conclusion Perhaps, after reading about all the dangers of using the internet one might want to stay as far away from it as possible. Although this would be a viable technique to avoiding social engineer networking techniques it is not very achievable in the information age in which society operates. There was a time when society was positive the earth was flat, and even put people to death if they disagreed. Thankfully, education tends to enlighten the minds of many.
As with most things in life education is the key to success. Whether this is success in marriage or success in avoiding scams and malicious schemes, the more an individual is educated and knowledgeable on the given subject the greater their chances are of survival. It is important to never stop learning about new technologies and their benefits and downfalls. If one does this they will avoid most hardships and heartaches that can come from being ignorant.
The best way to prevent social engineer networking is to stay educated on the topic. It is best to remember that, generally, if it is too good to be true it probably is not true, Also, do not put information on any social media network that would compromise the security of your home, family or workplace. Finally, one needs to be smart with the exchange of information, i.e., one should always be constantly vigilant with regards to personal information sharing. Following the previous suggestions will likely increase one's personal security and help detour any social engineering attacks through social networking.
Since societies have originated there have always been individuals that decided to go against common acceptance of societal rules. In the modern age we face robberies, theft of property, and destruction of property in other forms. These problems are becoming an issue for the digital world. Malicious hackers, sometimes rumored to be funded by government agencies or working on their own, have begun to develop software that unifies Artificial Intelligence (AI) with malicious hacking techniques.
This paper attempts to explore some of the most common and uncommon AI hacking techniques. The first topic to be discussed will be referred to as AI hacking attacks. After that it will discuss techniques that use AI to fight hacking attacks. The penultimate topic it will discuss is “bleeding edge” technology that involves AI and presents new possible concerns for hacking attacks. Finally, a brief summary of what was discussed will conclude the essay.
Known AI Hacking Techniques: Malware is a growing problem for anyone that accesses the World Wide Web (WWW). It has been estimated that “web based attacks increased 36% with over 4,500 new attacks each day in 2012 .” These increases in attacks are almost inconceivable and the same report states, “In 2011, Symantec Internet Security reported that ∼ 403 million new variants of malware were created, a 41% increase from 2010 .” Clearly, malware could be understated as the new black plague. The majority of attacks demanding accolades are done by highly skilled hackers. “State sponsored highly skilled hackers are developing customized malwares to disrupt industries and for military espionage .” The first generation of malware created had a static structure to its program. With the emergence of second generation malware researchers are finding that the structure of the program is changing in a variant of ways. Second generation malwares are often categorized as the following: encrypted, Oligomorphic, Polymorphic and Metamorphic Malwares .”
Encrypted malware works by using an encryptor and decryptor. It begins by decrypting the main body of the code when the program is run. Each time the malware is run the main body is encrypted in order to hide its signature from the anti-virus software. But, eventually the anti-virus software is able to detect the malware because the decryptor does not change from each version of the malware. According to , the anti-virus software is able to recognize the code pattern through looking for the code signature. Signature detection works by extracting unique bytes from the malware code until enough bytes can be used to create a unique signature. Then the scanner checks the computers programs for these bytes and if it is found then it alerts the user. This is an effective way of detecting known malware. The signature must match exactly in order for the scanner to detect it. Naturally, malicious hackers developed a way to change the decryptor so that it is harder to detect the code.
Oligomorphic means that something can be changed in a few ways; oligomorphic malware does exactly that. Hackers devised ways to create multiple decryptors. “At most this malware can generate few hundred different decryptors, e.g. Win95/Memorial had the ability to build 96 different decryptor patterns .” Inevitably virus scanners eventually detect the malicious software. Oligomorphic software led to the next evolution of malware which is polymorphic malware .
Polymorphic or many forms, is the newest known wave of malware. “In Polymorphic malwares, millions of decryptors can be generated by changing instructions in the next variant of the malware to avoid signature based detection .” The technique involves a “mutation engine that creates a new decryptor which is joined with the encrypted malware body to construct a new variant of malware .” Included in this technique is malware obfuscation. Obfuscation is simply obscuring the code through various means. Some of the techniques are “dead-code insertion, register reassignment, subroutine reordering, instruction substitution, code transposition/integration etc. .” Anti-virus programs use the emulation technique of recognizing code signatures to eventually detect malware.
Metamorphic malware exhibits the ability to change the actual body of the program. All the other techniques mentioned only change the encryptor and/or decryptor. Metaphoric malware is virtually undetectable because the signature can be mutated. Only a few viruses have been considered truly metamorphic. The first was detected was “in 1998 called … Win95/Regswap. In 2000, Win32/Ghost virus was created with 3628800 different variants. One of the strongest metamorphic malware W32/NGVCK was created in 2001 with the help of Next Generation Virus Creation Kit (NGVCK) .” These are clearly the beginning stages of malicious hackers utilizing AI in their programs. AI is also being developed on the other side of the spectrum namely malware detection developers.
Using AI for detection: Researchers in academia and industry settings have be working together to develop new methods of detection malware. According to , current research involving machine learning claims to be able to exceed 90% detection accuracy through classification methods with only 20 features. This method could even improve the capability to detect future malware before it is widely known. “Popular machine learning techniques among the researchers for the detection of 2nd generation malwares are Naive Bayes, Decision Tree, Data Mining, Neural Networks and Hidden Markov Modes .”
Another method of detecting polymorphic malware is by determining the information sent and the expected information received. For example, A server receives from a client device a hash value and metadata associated with an electronic file. The server determines that the received metadata relates to corresponding metadata stored at a database, the corresponding stored metadata being associated with a further hash value that differs from the received hash value. A determination is made that each of the received hash values have been reported by fewer than a predetermined number of clients and, as a result, it is determined that the electronic file is likely to be polymorphic malware [3:1].
In that example we can see AI being utilized by a program understanding to some degree what the information requested should look like and about how much of it should be received. When using AI for intrusion detection there are generally three principles focused on: “data, classification and modeling techniques and system infrastructure .”
These techniques provide a foundation for AI software to evaluate and find malware. Some of the techniques used are linear modeling methods, non-linear modeling methods, and probabilistic models. An example of a linear modeling method is the principle component analysis. This method uses AI to turn a set of data into uncorrelated latent factors, or hidden variables that are derived from original data, and then a principal component analysis (PCA) is made. The PCA is used to essentially capture as much variation in the data as possible and according to , anomalies are considered outliers which raise the alert that there could be malware detected. Non-linear models are techniques such as, clustering and K-nearest neighbor (KNN), neural networks, fuzzy logic, and many others. Perhaps, the most illustrious probabilistic model is Bayesian networks. There are many techniques that the field of AI has to contribute to malware detection. The general consensus according to , is that anti-malware software is still trying to catch up with malware so hopefully AI researchers will help make significant breakthroughs.
Malware of the future and conclusion: Futuristic malware may come in new forms. Malware essentially is playing a game of cat and mouse . It needs to hide from the detection software long enough to figure out if it is on the type of system it is targeting. Once malware is discovered it becomes obsolete. Software updates are sent out to users everywhere and systems are updated. To add to the cat and mouse analogy malware does not want to expose itself if it has made its way into a research lab or honeypot that probes for new types of malware. It needs to be able to tell if it is on a real user system or whatever it may be targeting. Some experts believe that malware will come in forms of useful software. Malware may try “to avoid detection, it makes sense to hide its true intentions behind genuinely useful properties … ‘In some cases, it may just be easier for the malware to do useful stuff on our computers – actually cleaning up our hard disks, say – before it later attacks, in order to seem genuine.’ .”
Other experts believe that the future of malware will reside in using social engineering as the prominent attack vector. “‘The lowest hanging fruit is still humans,’ said Ken Westin, a security researcher for Tripwire. ‘As long as attacks against humans still work consistently attackers will use them on their own, or as part of sophisticated, integrated campaigns.’ .” Perhaps, the scariest of attack vectors involving AI and malware is the recent advances in Brain computer interfaces (BCI). BCI technologies may also potentially be vulnerable and expose an individual’s brain to hacking, manipulation and control by third parties. “If the brain can control computer systems and computer systems are able to detect and distinguish brain patterns, then this ultimately means that the human brain can potentially be controlled by computer software .”
References: 1 A. Sharma, S. K. Sahay, “Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey,” in arXiv, online http://arxiv.org/ftp/arxiv/papers/1406/1406.7061.pdf
2 I. You, K. Yim, Malware Obfuscation Techniques: “A Brief Survey”, in IEEE magazine, http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5633410
3 Timo Harmonen, “Identifying Polymorphic Malware,” U.S. Patent 8,683,216, Mar. 25, 2014.
4 Rehman, A., & Saba, T., “Evaluation of artificial intelligent techniques to secure information in enterprises,” in The Artificial Intelligence Review, 42(4), 1029-1044. 2014, doi:http://dx.doi.org/10.1007/s10462-012-9372-9
5 A. Martin, “Future malware might offer real functions to avoid detection,” Oct. 9, 2014, online http://www.welivesecurity.com/2014/10/09/future-malware-might-offer-real- functions-avoid-detection/
6 T. Brandley, “What data breaches teach us about the future of malware: Your own data could dupe you,” Jun. 9, 2014, online http://www.pcworld.com/article/2360762/what-ebay- taught- us-about-malware-your-own-data-can-be-used-to-dupe-you.html
7 M. Xynou, “Hacking without borders: The future of artificial intelligence and surveillance,” Mar. 15, 2013, online http://cis-india.org/internet-governance/blog/hacking-without- borders-the-future-of-artificial-intelligence-and-surveillance