Automated Social Engineering Clause Samples

Automated Social Engineering. As described in Section 1.4.5 it is possible to automate several parts of a social engineering attack using an ASE approach [162], which involves the chat-bots to mimic the human role. With reference to ▇▇▇▇▇▇▇▇ and ▇▇▇▇▇▇▇▇ model introduced in Section 4.1 (see Figure 25), the attack involves the following phases:  Goal & plan: During this phase, the SE will prepare and configure the attack. Configuration needed to prepare the succeeding phases to perform an attack against a Social Network account are: o Facebook account information –The account used by the bot to access the SNs. It should be configured according to the character to impersonate. The choice will depend on pre-acquired information about the target organization’s members; o Target organization to attack – The target organization from where information is expected to be retrieved as a result of a successful attack; o Selection criteria for victims – The victims’ profile preferences to be easily attracted and cheated by the bot’s account profile; o chat logic – This includes the chat logic implementation (rules used to mimic the human behavior) and the criteria to define the minimum numbers of members that ASE bot should map in the nest phase;  Map & Bond: This is the automated phase. Within it, the ASE bot tries to map an organization and bond with future victims. Actions in this phase are carried on in the following order: 1. Fetching of basic information related with all members that belong to the specified organization’s network in Facebook; 2. Search for a group of victims matching the predefined selection criteria and sample size. In order to access the full profile the bot incrementally uses predefined fetching strategies (i.e. open profiles, geographical networks, add as a friend). In the case the bot is unable to find the specified group of victims, it will terminate; 3. If the sufficient number of victims have been identified, the software starts creating a relationship with the victims by communicating through Facebook Chat according with its pre-defined chat-logic; 4. Once the bonding goal has been reached, the bot moves on to the next stage.  Execute: The predefined attack will be executed. The actual attack could consist of asking the victim to follow a link or to reveal some confidential information of interest for the attacker.  Recruit & Cloak: After the attack execution, the bot can delete the account used to carry out the attack (if cloak was enabled on post-attack action...