Lecture10 Cyberpsychology

Question 1

The more sensational the content, the greater the spread. Now there has been numerous studies investigating the technical aspects of such concerns e.g. the use of bots to flood inaccurate info. and from the social sciences there are also numerous studies that observe that people have an inclination to share based on emotional responses such as fear or humour so the propagation is not always artificially inflated. We in the cyber security world need to bridge the gap to understand how cyber threats target technology & people together - the cannot be approached in isolation which demands input form both computers and social sciences in order for the cyber security community to respond to non-traditional threats. By doing this, and understanding how we engage online, we can prepare adequate responses.

Answer 1

Introduction

Question 2

Phishing

Answer 2

the practice of sending emails that appear to be from reputable sources with the goal of influencing or gaining personal information
Characteritics:
- sense of urgency
- similar look and feel to make it seem authentic
- client address is email instead of name
- similar look and feel to buttons
- images stolen from linkedIn profile to make it seem like the sender is legitimate
- many classical elements of social engineering here

Question 3

As of April 2020, Google is …

Answer 3

blocking 18m coronavirus scam emails every day

Question 4

If we are aware of these scams, why are they still working?

Answer 4

• timing e.g. no precedence for pandemic payments so we don’t know what to expect. In Ireland, from April 14th, 533,000 have been given covid payments resulting in a broader pool of people to target. Also people might be under financial pressure or anxious and so more susceptible to risk

Question 5

Examples of cyber breaches

Answer 5

1) Data security threat scars digital healthcare: security researcher proved that they didn’t have surgery by showing they had no scars. (Security breach led impersonator to steal healthcare info)
2) Businesses warned of increased online fraud: spearphishing attack - victim received an email from an attacker impersonating as a solicitor requesting a 5 figure sum

Question 6

Impersonation

Answer 6

The practice of pretexting as another person with the goal of obtaining information or access to a person, company or system.

e. g. attacker impersonating a contact tracer, seeking to info about grandmother
- the nature of online communication facilitates impersonation

Question 7

Attention Economy

Answer 7

Games are designed to completely engage you on multiple levels. Your attention is a valuable resource to online providers. Your time online is revenue for that provider. Developers are battling for your time otherwise known as the Attention Economy

Question 8

Gaming attacks 1

Answer 8

Applications are immersive and designed to engage e.g. in-app purchases, alerts, friend notifications, communicating with peers while playing all designed to increase engagement. Attackers are aware of this and add digital marketing techniques and prime the target to click something or do something

Question 9

Lockboxes

Answer 9

an example of monetising play. In order to proceed you may need to purchase a key for example

Question 10

Gaming attacks 2

Answer 10

Attackers produce professional looking social media sites, blogs, commentary, updates that kindly guide you to install what is often malware.

Principles must be created for game design and websites to inhibit this sort of attack

Question 11

Information presentation

Answer 11

We tend to see brief headlines and snippets of info.

The more we see it the more we accept it

Question 12

Health debates online

Answer 12

A study from 2018 studied how Trolls, twitter bots & cyborgs influenced a measles vaccine debate.
Dr. Google described how parents can trust this online info over health officials: techniques such as posting positive/negative comments to increase the perception of authenticity. The problem is they’re inherently biased. This was observed for the measles outbreak in 2015

Question 13

Sample tactics

Answer 13

1) Hashtag poisoning: wereby the content is altered unexpectedly to the reader
2) Posting arguments from both sides of a debate to make the argument seem more plausible
3) Targeting individuals who are likely to post a view to a target audience
4) Trolling and harassing people that don’t agree with a view
5) Multiple channels: the use of multiple online channels to broaden reach
6) False reports of malicious accounts to have legitimate accounts temporarily blocked

Question 14

Cybersecurity considerations

Answer 14

Social engineering

Question 15

Social Engineering techniques

Answer 15

• Open Source Intelligence (OSINT) is the term used to describe gathering information about someone
• Elicitation/Drawing out info
• Pretexting/Becoming someone else (impersonating)
• Psychological Principles/Mind Tricks
• Influence/Persuasion

Many of these techniques apply to both online and offline

Question 16

Traditional approaches that influence behaviours can have significant effect especially when online (positive)

Answer 16

• Digital Marketing
• Support People
• Doctors, Lawyers, Police
• Pentesters
• Gov / Public order

Question 17

Traditional approaches that influence behaviours can have significant effect especially when online (negative)

Answer 17

• Influence campaign
• manipulate people
• criminal /scammers
• hackers
• Gov / Control

Question 18

Cyberpsychology

Answer 18

• relates to how you engage with tech
  Cyberpsychology applies psychological theory to explain how individuals interact in cyberspace and how these interactions might affect our offline lives

High level description:

1) How we interact with others via technical mediums
2) How tech developments accommodate our desires and needs
3) The impact tech has on our psychological state and behaviour

Question 19

Areas that may be considered in an online environment

Answer 19

1) Privacy: perceived privacy online i.e. we have control over the info we disclose. Actually, When we communicate online we have no control over the other party
2) Trust: can we really trust what we see? are images real, message real? Can we be sure that friends received info from info from trustworthy source
3) Identity: does your online self reflect your offline self?
4) Disclosure: More difficult to get that gut feeling we get from face-to-face contact. Online uncertainty is reduced by asking more probing questions resulting in heightened self-disclosure
5) Anonymity: We feel more anonymous online (keyboard warrior). Reality is there is always a digital footprint
6) Disinhibition: Easier to get caught up in the moment
7) Escalation: When we see others behaving in a certain way it becomes more acceptable to behave that way

Question 20

Conclusion

Answer 20

The symbiotic relationship between technologies and peoples demands a symbiotic relationship between the cybersecurity community and others to defend against temporary threats
- also see screenshot