Paper: How to obtain passwords of online scammers by using social engineering methods
Title: How to obtain passwords of online scammers by using social engineering methods
Author(s): Andreas Zingerle
Email: andreas.zingerle (at) ufg.at
Published at: Cyberworlds conference 2014, Santander, Spain.
This paper addresses three social engineering techniques that vigilante online communities of scambaiters use for ’Inbox diving’: an act of gaining access to internet scammers email accounts. The methods have been gathered by analyzing scambaiting forums and were put on the test in direct email exchange between the author and Internet scammers. By diving into the scammers inboxes, their working methods can be observed, gang structures investigated and potential victims warned. I discuss the moral issues an ’inbox diver’ faces and question the ethics of scambaiting communities that prefer social engineering techniques rather than hacking email accounts. The research lead into the creation of the artistic installation ’Password:******’ and presents an artistic position dealing with password security.
If you want to read the full paper, please get in touch with me: mail at andreaszingerle dot com
Anderson, N., How I became a password cracker, [Online]. Available: http://www.wired.co.uk/news/archive/2013-03/25/cracking-passwords/page/2, 2013.
Atkins, B., Huang, W., A Study of Social Engineering in Online Frauds. Open Journal of Social Sciences, 1, 23, 2013.
Bartoll, A., Forgot your pasword?, [Online]. Available: datenform.de/forgot-your-password.html?
Berg, A., Cracking a Social engineer, [Online]. LAN Times, Available: http://packetstorm.deceptions.org/docs/socialengineering/socintro.html, Nov. 6, 1995.
Bregant, J., Bregant, R., Cybercrime and Computer Crime. The Encyclopedia of Criminology and Criminal Justice, 2014.
Burrell, J., Invisible Users: Youth in the Internet Caf`es of Urban Ghana. MIT Press, 2012.
Debatty, R., Fursicle Safurry, [Online]. Available: http://we-make-money-not-art.com/archives/2005/09/fursiclesafurr.php#.Uzl4gMd4HLe, Sep 22, 2005.
Galbraith, R., Yahoo says email accounts hacked, passwords stolen. [Online]. Available: http://www.cbc.ca/news/technology/yahoo-says-emailaccounts-hacked-passwords-stolen-1.2518625, Jan 31, 2014.
Fuss, J., Mayrhofer, A., Macala, M., Sojer, M., Vogl, A., Password Hacking Station. ’Out of control’ exhibition, Ars Electronica Center. 2014.
Perlroth, N., Lax Security at LinkedIn Is Laid Bare. [Online]. Available: http://www.nytimes.com/2012/06/11/technology/linkedinbreach-exposes-lightsecurity-even-at-data-companies.html, Jun 10, 2012.
Krebs, B., The Value of a Hacked Email Account. [Online]. Available: http://krebsonsecurity.com/2013/06/the-valueof-a-hacked-email-account/, 2013.
Longe, O. B., Mbarika, V., Kourouma, M., Wada, F., Isabalija, R., Seeing beyond the surface, understanding and tracking fraudulent cyber activities arXiv preprint arXiv:1001.1993.2010.
Mann, I., Hacking the human: social engineering techniques and security countermeasures. Gower Publishing, Ltd. 2010.
Palumbo, J., Social engineering: What is it, why is so little said about it and what can be done?, SANS Institute, [Online]. Available: http://www.sans.org/infosecFAQ/social/social.htm, 2000.
Schneier, B., Heartbleed, [Online]. Available: https://www.schneier.com/blog/archives/2014/04/heartbleed.html
Waddilove, R., Whats best free email service. [Online]. Available: http://www.pcadvisor.co.uk/features/internet/3448241/whatsbest-free-email-service/
Warner, J., Understanding cyber-crime in Ghana: A view from below. The International Journal of Cyber Criminology, 5, 736-749. 2011.
Wood, M. Flaw Calls for Altering Passwords, Experts Say. [Online] http://www.nytimes.com/2014/04/10/technology/flawcalls-for-altering-passwords-experts-say.html
Zingerle, A. Towards a categorization of scambaiting strategies against online advance fee fraud. The International Journal of Art, Design and Technology. 2014