Book Chapter: Revealing passwords: Using Social engineering methods to monitor scammer email communication

Title: Revealing passwords: Using Social engineering methods to monitor scammer email communication
Author(s): Andreas Zingerle
Email: andreas.zingerle (at) ufg.ac.at

Published at: Analyzing Art, Communication and Design Technologies

Abstract
This chapter addresses three social engineering techniques that digilante online communities of scambaiters use for ‘Inbox diving’: an act of gaining access to Internet scammers email accounts. The methods have been gathered by analyzing scambaiting forums and were put on the test in direct email exchange between the author and Internet scammers. By diving into the scammers’ inboxes, their working methods can be observed, gang structures investigated and potential victims warned. The author discusses the moral issues an ‘Inbox diver’ faces and questions the ethics of scambaiting communities that prefer social engineering techniques rather than hacking email accounts. The research lead into the creation of the artistic installation ‘Password: ******’ and the data sculpture ‘Monitoring Harry Brooks’ and presents two artistic positions dealing with password security and data visualization.

 

Download the pdf

 

References:

Anderson, N., How I became a password cracker, [Online]. Available: http://www.wired.co.uk/news/archive/2013-03/25/cracking-passwords/page/2, 2013.

Atkins, B., Huang, W., A Study of Social Engineering in Online Frauds. Open Journal of Social Sciences, 1, 23, 2013.

Bartoll, A., Forgot your pasword?, [Online]. Available: datenform.de/forgot-your-password.html?

Berg, A., Cracking a Social engineer, [Online]. LAN Times, Available: http://packetstorm.deceptions.org/docs/socialengineering/socintro.html, Nov. 6, 1995.

Bregant, J.
, Bregant, R., Cybercrime and Computer Crime. The Encyclopedia of Criminology and Criminal Justice, 2014.

Burrell, J.
, Invisible Users: Youth in the Internet Caf`es of Urban Ghana. MIT Press, 2012.

Debatty, R.
, Fursicle Safurry, [Online]. Available: http://we-make-money-not-art.com/archives/2005/09/fursiclesafurr.php#.Uzl4gMd4HLe, Sep 22, 2005.

Galbraith, R.
, Yahoo says email accounts hacked, passwords stolen. [Online]. Available: http://www.cbc.ca/news/technology/yahoo-says-emailaccounts-hacked-passwords-stolen-1.2518625, Jan 31, 2014.

Fuss, J., Mayrhofer, A., Macala, M., Sojer, M., Vogl, A.
, Password Hacking Station. ’Out of control’ exhibition, Ars Electronica Center. 2014.

Perlroth, N.
, Lax Security at LinkedIn Is Laid Bare. [Online]. Available: http://www.nytimes.com/2012/06/11/technology/linkedinbreach-exposes-lightsecurity-even-at-data-companies.html, Jun 10, 2012.

Krebs, B.
, The Value of a Hacked Email Account. [Online]. Available: http://krebsonsecurity.com/2013/06/the-valueof-a-hacked-email-account/, 2013.

Longe, O. B., Mbarika, V., Kourouma, M., Wada, F., Isabalija, R.
, Seeing beyond the surface, understanding and tracking fraudulent cyber activities arXiv preprint arXiv:1001.1993.2010.

Mann, I
., Hacking the human: social engineering techniques and security countermeasures. Gower Publishing, Ltd. 2010.

Palumbo, J.
, Social engineering: What is it, why is so little said about it and what can be done?, SANS Institute, [Online]. Available: http://www.sans.org/infosecFAQ/social/social.htm, 2000.

Schneier, B.
, Heartbleed, [Online]. Available: https://www.schneier.com/blog/archives/2014/04/heartbleed.html

Waddilove, R.
, Whats best free email service. [Online]. Available: http://www.pcadvisor.co.uk/features/internet/3448241/whatsbest-free-email-service/

Warner, J
., Understanding cyber-crime in Ghana: A view from below. The International Journal of Cyber Criminology, 5, 736-749. 2011.

Wood, M.
Flaw Calls for Altering Passwords, Experts Say. [Online] http://www.nytimes.com/2014/04/10/technology/flawcalls-for-altering-passwords-experts-say.html

Zingerle, A.
Towards a categorization of scambaiting strategies against online advance fee fraud. The International Journal of Art, Design and Technology. 2014