The purpose of this paper is to establish a terminological framework in order to explain social engineering and analyze it from phenomenological and security aspect. From phenomenological point of view, the paper explains the phenomenon of social engineering as a contemporary, specific and sophisticated manner of manipulating people. Social engineering is characterized by attacker’s innovative method of selecting and approaching the victim and, when needed, an unlimited number of attack cycles, depending on the goal set by the attacker. Attacks are based on the use of various tools and techniques. From the aspect of security, social engineering holds a very important place in planning and executing cyber-attacks. This paper analyzes perpetrators’ criminogenic and motivational factors from the criminological point of view. Motive and profile of perpetrators cannot always be established due to spatial and temporal limitations, as well as architectural and environmental characteristics of... the information and communication system, which is the final target of the attacks. Regardless of the fact that it is present in each phase of a cyber-attack, social engineering is always the foundation of the first phase, in which the attacker learns in details the information which will facilitate access to the information and communication system he plans to attack. In this initial and crucial phase, preconditions for successful continuation and termination of the cyber-attack are realized. At the end of the paper, there is a detailed classification of threat subjects based on motives that moves them and the goal that is supposed to be achieved. In the scientific and professional thematization, this has not been done yet.
Keywords:
Criminogenic and motivational factors of perpetrators / Cybercrime / Information and communication technologies / Information security / Social engineering
Source:
Security Risks: Assessment, Management and Current Challenges, 2017, 111-128
TY - CHAP
AU - Mandić, Goran
AU - Putnik, Nenad
AU - Milošević, Mladen
PY - 2017
UR - https://rhinosec.fb.bg.ac.rs/handle/123456789/345
AB - The purpose of this paper is to establish a terminological framework in order to explain social engineering and analyze it from phenomenological and security aspect. From phenomenological point of view, the paper explains the phenomenon of social engineering as a contemporary, specific and sophisticated manner of manipulating people. Social engineering is characterized by attacker’s innovative method of selecting and approaching the victim and, when needed, an unlimited number of attack cycles, depending on the goal set by the attacker. Attacks are based on the use of various tools and techniques. From the aspect of security, social engineering holds a very important place in planning and executing cyber-attacks. This paper analyzes perpetrators’ criminogenic and motivational factors from the criminological point of view. Motive and profile of perpetrators cannot always be established due to spatial and temporal limitations, as well as architectural and environmental characteristics of the information and communication system, which is the final target of the attacks. Regardless of the fact that it is present in each phase of a cyber-attack, social engineering is always the foundation of the first phase, in which the attacker learns in details the information which will facilitate access to the information and communication system he plans to attack. In this initial and crucial phase, preconditions for successful continuation and termination of the cyber-attack are realized. At the end of the paper, there is a detailed classification of threat subjects based on motives that moves them and the goal that is supposed to be achieved. In the scientific and professional thematization, this has not been done yet.
PB - Nova Science Publishers, Inc.
T2 - Security Risks: Assessment, Management and Current Challenges
T1 - Contemporary deception techniques: Social engineering – semantic, phenomenological and security aspects
SP - 111
EP - 128
UR - conv_513
ER -
@inbook{
author = "Mandić, Goran and Putnik, Nenad and Milošević, Mladen",
year = "2017",
abstract = "The purpose of this paper is to establish a terminological framework in order to explain social engineering and analyze it from phenomenological and security aspect. From phenomenological point of view, the paper explains the phenomenon of social engineering as a contemporary, specific and sophisticated manner of manipulating people. Social engineering is characterized by attacker’s innovative method of selecting and approaching the victim and, when needed, an unlimited number of attack cycles, depending on the goal set by the attacker. Attacks are based on the use of various tools and techniques. From the aspect of security, social engineering holds a very important place in planning and executing cyber-attacks. This paper analyzes perpetrators’ criminogenic and motivational factors from the criminological point of view. Motive and profile of perpetrators cannot always be established due to spatial and temporal limitations, as well as architectural and environmental characteristics of the information and communication system, which is the final target of the attacks. Regardless of the fact that it is present in each phase of a cyber-attack, social engineering is always the foundation of the first phase, in which the attacker learns in details the information which will facilitate access to the information and communication system he plans to attack. In this initial and crucial phase, preconditions for successful continuation and termination of the cyber-attack are realized. At the end of the paper, there is a detailed classification of threat subjects based on motives that moves them and the goal that is supposed to be achieved. In the scientific and professional thematization, this has not been done yet.",
publisher = "Nova Science Publishers, Inc.",
journal = "Security Risks: Assessment, Management and Current Challenges",
booktitle = "Contemporary deception techniques: Social engineering – semantic, phenomenological and security aspects",
pages = "111-128",
url = "conv_513"
}
Mandić, G., Putnik, N.,& Milošević, M.. (2017). Contemporary deception techniques: Social engineering – semantic, phenomenological and security aspects. in Security Risks: Assessment, Management and Current Challenges
Nova Science Publishers, Inc.., 111-128.
conv_513
Mandić G, Putnik N, Milošević M. Contemporary deception techniques: Social engineering – semantic, phenomenological and security aspects. in Security Risks: Assessment, Management and Current Challenges. 2017;:111-128.
conv_513 .
Mandić, Goran, Putnik, Nenad, Milošević, Mladen, "Contemporary deception techniques: Social engineering – semantic, phenomenological and security aspects" in Security Risks: Assessment, Management and Current Challenges (2017):111-128,
conv_513 .
