Detecting SSH identity theft in HPC cluster environments using Self-organizing maps

Leufvén, Claes

January 2006

Many of the attacks on computing clusters and grids have been performed by using stolen authentication passwords and unprotected SSH keys, therefore there is a need for a system that can detect intruders masquerading as ordinary users. Our assumption is that an attacker behaves significantly different compared to an ordinary user. Previous work in this area is for example statistical analysis of process accounting using Support Vector Machines. We can formalize this into a classification problem that we will solve with Self-organizing maps. The proposed system will work in a tier model that uses process accounting and SSH log messages as data sources.

SSH identity theft

cluster security

intrusion detection

Self organizing

Computer and Information Sciences

Data- och informationsvetenskap

Phishing within e-commerce: reducing the risk, increasing the trust

Megaw, Gregory M

January 2010

E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation.

Phishing

Identity theft -- Prevention

Electronic commerce

Computer security

Internet -- Safety measures

Cybercrime Using Electronical Identification

Brandt Hjertstedt, Eleonor

January 2019

Detta examensarbete undersöker riskerna med elektronisk identifiering, mer specifikt säkerhetsrisker kring enheten BankID i Sverige. Idag används BankID i stor utsträckning, men elektronisk identifiering kommer också med vissa risker när det gäller identitetsrelaterade brott. I Sverige var brottstypen som ökade mest det senaste året mätt i anmälda brott, bedrägerier som huvudsakligen begåtts genom informationsteknik. Arbetet syftar därför till att undersöka vilka säkerhetsrisker som finns med den elektroniska identifieringen BankID, och hur Polismyndigheten och Ekobrottsmyndigheten bekämpar brott på detta område. Resultatet visar att den största säkerhetsrisken med BankID är användare/kunder som kan luras. Gärningsmän använder olika metoder för att få tillgång till andra personer BankID. Vad gäller hur Polismyndigheten och Ekobrottsmyndigheten bekämpar brott riktade mot elektronisk identifiering är resultatet delvis bristfälligt på grund av att Ekobrottsmyndigheten inte är representerade. Utifrån polisens perspektiv så undersöker de bedrägeri avseende BankID så som de gör med alla andra brott, men brottet har generellt en lägre prioritet inom myndigheten. Polisen samarbetar med olika aktörer samt bidrar båda till att utveckla produktens säkerhet och informera kunderna om säkerhet och risker avseende BankID. / This thesis investigates the threats against electronical identification, more specifically the danger that comes with the device BankID in Sweden. Today BankID is widely used but electronical identification also comes with certain security risks regarding identity related crimes. In Sweden, the crime type which increased the most last year 2018 measured in reported crimes was fraud mainly committed through information technology. This thesis therefore aim to investigate what the safety risks are using electronical identification, such as BankID and how the police force and Swedish Economic Crime Authority combat cybercrimes in this area. The result show that the main security risk with BankID is the customers that can be deceived. Perpetrators use different methods to get access to another individuals BankID. Regarding how the police force and Swedish Economic Crime Authority combat crimes against electronical identification, the result is partly defective due to that the Swedish Economic Crime Authority not being represented in this thesis. However, from the police perspective, they investigate fraud regarding BankID as all other crimes but it has in general a lower priority within the authority. The police cooperate with different actors and help both with development of the product security and inform customers about safety and risks regarding BankID.

BankID

Cybercrime

Electronical Identification

Fraud

Identity Related Crimes

Identity Fraud

Identity Theft

Social Sciences

Samhällsvetenskap

An Empirical Assessment of Senior Citizens’ Cybersecurity Awareness, Computer Self-Efficacy, Perceived Risk of Identity Theft, Attitude, and Motivation to Acquire Cybersecurity Skills

Blackwood-Brown, Carlene G.

01 January 2018

Cyber-attacks on Internet users have caused billions of dollars in losses annually. Cybercriminals launch attacks via threat vectors such as unsecured wireless networks and phishing attacks on Internet users who are usually not aware of such attacks. Senior citizens are one of the most vulnerable groups who are prone to cyber-attacks, and this is largely due to their limited cybersecurity awareness and skills. Within the last decade, there has been a significant increase in Internet usage among senior citizens. It was documented that senior citizens had the greatest rate of increase in Internet usage over all the other age groups during the past decade. However, whenever senior citizens use the Internet, they are being targeted and exploited particularly for financial crimes, with estimation that one in five becoming a victim of financial fraud, costing more than $2.6 billion per year. Increasing the cybersecurity awareness and skills levels of Internet users have been recommended to mitigate the effects of cyber-attacks. However, it is unclear what motivates Internet users, particularly senior citizens, to acquire cybersecurity skills so that they can identify as well as mitigate the effects of the cyber-attacks. It is also not known how effective cybersecurity awareness training are on the cybersecurity skill level of senior citizens. Therefore, the main goal of this quantitative study was to empirically investigate the factors that contributed to senior citizens’ motivation to acquire cybersecurity skills so that they would be able to identify and mitigate cyber-attacks, as well as assess their actual cybersecurity skills level. This was done by assessing a model of contributing factors identified in prior literature (senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, & older adults’ computer technology attitude) on the motivation of senior citizens to acquire cybersecurity skills. This study utilized a Web-based survey to measure the contributing factors and a hands-on scenarios-based iPad app called MyCyberSkills™ that was developed and empirically validated in prior research to measure the cybersecurity skills level of the senior citizens. All study measures were done before and after cybersecurity awareness training (pre- & post-test) to uncover if there were any differences on the assessed models and scores due to such treatment. The study included a sample of 254 senior citizens with a mean age of about 70 years. Path analyses using Smart PLS 3.0 were done to assess the pre- and post-test models to determine the contributions of each contributing factor to senior citizens’ motivation to acquire cybersecurity skills. Additionally, analysis of variance (ANOVA) and analysis of covariance (ANCOVA) using SPSS were done to determine significant mean difference between the pre-and post-test levels of the senior citizens’ cybersecurity skill level. The path analysis results indicate that while all paths on both models were significant, many of the paths had very low path coefficients, which in turn, indicated weak relationships among the assessed paths. However, although the path coefficients were lower than expected, the findings suggest that both intrinsic and extrinsic motivation, along with antecedents such as senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, and older adults’ computer technology attitude significantly impact the cybersecurity skill levels of senior citizens. The analysis of variance results indicated that there was a significant increase in the mean cybersecurity skills scores from 59.67% to 64.51% (N=254) as a result of the cybersecurity awareness training. Hence, the cybersecurity awareness training was effective in increasing the cybersecurity skill level of the senior citizens, and empowered them with small but significant improvement in the requisite skills to take mitigating actions against cyberattacks. The analysis of covariance results indicated that, except for years using computers, all the other demographic indicators were not significant. Contributions from this study add to the body of knowledge by providing empirical results on the factors that motivate senior citizens to acquire cybersecurity skills, and thus, may help in reducing some of the billions of dollars in losses accrued to them because of cyber-attacks. Senior citizens will also benefit in that they will be better able to identify and mitigate the effects of cyber-attacks should they attend cybersecurity awareness trainings. Additionally, the recommendations from this study can be useful to law enforcement and other agencies that work with senior citizens in reducing the number of cases relating to cybersecurity issues amongst senior citizens, and thus, free up resources to fight other sources of cybercrime for law enforcement agencies.

Gerontology Cyber-attack

Cybersecurity Awareness

Cybersecurity Skill

Identity Theft

Motivation

Senior Citizen

Computer Sciences

Designing a Security Education Curriculum Using Gamification Principles

Selinger, David Emanuel

25 November 2019

No description available.

Computer Science

Cybersecurity

Social Media

Identity Theft

Gamification

Simulation

Social Network

Phishing,

Feeding Phishers

Lynch, Nicholas J

01 July 2009

Phishing campaigns continue to deceive users into revealing their credentials, despite advancing spam filters, browser and toolbar warnings, and educational efforts. Recently, researchers have begun investigating how fake credentials --- or honeytokens --- can be used to detect phishing sites and protect users. BogusBiter, one such work, creates sets of honeytokens based on users' real credentials and sends them alongside real user submissions to phishing sites. In this paper, we present Phish Feeder, an anti-phishing tool which extends the BogusBiter honeytoken generation algorithm in order to create more realistic and authentic-looking credentials. Phish Feeder also employs a ``honeytoken repository'' which stores generated credentials and provides a lookup service for legitimate sites that encounter invalid credentials. The Phish Feeder client is implemented as a Firefox extension and the repository is implemented as a Java web application. We compare the effectiveness of the Phish Feeder generation algorithm to that of the previous work and find that it is up to four times as effective at hiding real users' credentials within a set. Furthermore, we find that Phish Feeder introduces only negligible overhead during normal browsing, and a low overhead during credential creation and submission.

phishing

identity theft

honeytokens

fake credentials

browser extension

Other Computer Sciences

Detection, Triage, and Attribution of PII Phishing Sites

Roellke, Dennis

January 2022

Stolen personally identifiable information (PII) can be abused to perform a multitude of crimes in the victim’s name. For instance, credit card information can be used in drug business, Social Security Numbers and health ID’s can be used in insurance fraud, and passport data can be used for human trafficking or in terrorism. Even Information typically considered publicly available (e.g. name, birthday, phone number, etc.) can be used for unauthorized registration of services and generation of new accounts using the victim’s identity (unauthorized account creation). Accordingly, modern phishing campaigns have outlived the goal of account takeover and are trending towards more sophisticated goals. While criminal investigations in the real world evolved over centuries, digital forensics is only a few decades into the art. In digital forensics, threat analysts have pioneered the field of enhanced attribution - a study of threat intelligence that aims to find a link between attacks and attackers. Their findings provide valuable information for investigators, ultimately bolster takedown efforts and help determine the proper course of legal action. Despite an overwhelming offer of security solutions today suggesting great threat analysis capabilities, vendors only share attack signatures and additional intelligence remains locked into the vendor’s ecosystem. Victims often hesitate to disclose attacks, fearing reputation damage and the accidental revealing of intellectual property. This phenomenon limits the availability of postmortem analysis from real-world attacks and often forces third-party investigators, like government agencies, to mine their own data. In the absence of industry data, it can be promising to actively infiltrate fraudsters in an independent sting operation. Intuitively, undercover agents can be used to monitor online markets for illegal offerings and another common industry practice is to trap attackers in monitored sandboxes called honeypots. Using honeypots, investigators lure and deceive an attacker into believing an attack was successful while simultaneously studying the attacker’s behavior. Insights gathered from this process allow investigators to examine the latest attack vectors, methodology, and overall trends. For either approach, investigators crave additional information about the attacker, such that they can know what to look for. In the context of phishing attacks, it has been repeatedly proposed to "shoot tracers into the cloud", by stuffing phishing sites with fake information that can later be recognized in one way or another. However, to the best of our knowledge, no existing solution can keep up with modern phishing campaigns, because they focus on credential stuffing only, while modern campaigns steal more than just user credentials — they increasingly target PII instead.We observe that the use of HTML form input fields is a commonality among both credential stealing and identity stealing phishing sites and we propose to thoroughly evaluate this feature for the detection, triage and attribution of phishing attacks. This process includes extracting the phishing site’s target PII from its HTML <label> tags, investigating how JavaScript code stylometry can be used to fingerprint a phishing site for its detection, and determining commonalities between the threat actor’s personal styles. Our evaluation shows that <input> tag identifiers, and <label> tags are the most important features for this machine learning classification task, lifting the accuracy from 68% without these features to up to 92% when including them. We show that <input> tag identifiers and code stylometry can also be used to decide if a phishing site uses cloaking. Then we propose to build the first denial-of-phishing engine (DOPE) that handles all phishing; both Credential Stealing and PII theft. DOPE analyzes HTML <label> tags to learn which information to provide, and we craft this information in a believable manner, meaning that it can be expected to pass credibility tests by the phisher.

Computer science

Identity theft

Machine learning

Phishing

Internet--Security measures

JavaScript (Computer program language)

Biometric authentication systems for secured e-transactions in Saudi Arabia : an empirical investigation of the factors affecting users' acceptance of fingerprint authentication systems to improve online security for e-commerce and e-government websites in Saudi Arabia

Al-Harby, Fahad Mohammed

January 2010

Security is becoming an increasingly important issue for business, and with it comes the need for appropriate authentication; consequently, it is becoming gradually more important to develop secure e-commerce systems. Fraud via the web, identity theft, and phishing are raising concerns for users and financial organisations. In addition, current authentication methods, like passwords, have many problems (e.g. some users write them down, they forget them, or they make them easy to hack). We can overcome these drawbacks by using biometric authentication systems. Biometric systems are being used for personal authentication in response to the rising issue of authentication and security. Biometrics provide much promise, in terms of preserving our identities without the inconvenience of carrying ID cards and/or remembering passwords. This research is important because the securing of e-commerce transactions is becoming increasingly important. Identity theft, hacking and viruses are growing threats to Internet users. As more people use the Internet, more identity theft cases are being reported. This could harm not only the users, but also the reputation of the organisations whose names are used in these illegal acts. For example, in the UK, online banking fraud doubled in 2008 compared to 2007. More users took to e-shopping and online banking, but failed to take necessary protection. For non-western cultures, the figures for web security, in 2008, illustrated that Saudi Arabia was ranked ninth worldwide for users who had been attacked over the web. The above statistics reflect the significance of information security with e-commerce systems. As with any new technology, user acceptance of the new technology is often hard to measure. In this thesis, a study of user acceptance of biometric authentication systems in e-transactions, such as online banking, within Saudi society was conducted. It examined whether Saudis are practically willing to accept this technology. This thesis focuses upon Saudi Arabia, which has developing economy. It has achieved a rapid rate of growth, and therefore makes an interesting and unique case study. From an economist's point of view, Saudi Arabia is the powerhouse of the Middle East. It has the leading regional economy, and, even though it is still relatively young. It has a young and rapid growing population; therefore, this makes Saudi Arabia an attractive potential market for all kinds of e-commerce applications. Having said that, with more than half of population under the age of 30 are more to be expected to take the risk of accepting new technology. For this work, 306 Saudi participants were involved in the experiments. A laboratory experiment was created that actively tested a biometric authentication system in combination with a survey. The Technology Acceptance Model (TAM) was adopted in the first experimental phase as the theoretical basis on which to develop the iv research framework, the model has proven its efficiency as a good predictor for the biometric authentication system. Furthermore, in a second experimental phase, the Unified Theory of Acceptance and Use of Technology (UTAUT) with moderating variables such as age, gender and education level was examined as a proposed conceptual framework to overcome the limitations of TAM. The aim of the study was to explore factors affecting users' acceptance of biometric authentication systems. The findings from Structural Equation Modelling (SEM) analysis indicate that education level is a significant moderating factor, while gender and age do not record as significant. This thesis added new knowledge to this field and highlighted the importance of the perceptions of users regarding biometric security technologies. It helps determine the factors affecting the acceptance of biometric technology. To our knowledge, this is the first systematic study of this issue carried out by academic and non-biased researchers in Saudi Arabia. Furthermore, the thesis presents security technology companies and developers of information security products with information to help in the determination of what is significant to their user base when taking into account the introduction of new secure systems and products.

381

Įvesties duomenų analizė tapatybės vagysčių prevencijai / Keystroke analysis for identity theft prevention

Ruškys, Vaidas

17 June 2010

Šiame darbe aptariamos vartotojų internete tykančios grėsmės, susijusios su tapatybės vagystėmis. Aptariamos slaptažodžių žvejybos bei MITM atakos ir jų veikimo principai. Problemos sprendimui siūloma naudoti vieną iš biometrijos dalių - klavišų paspaudimo analizę. Pagrindinis darbo tikslas - atlikus tyrimą nustatyti, ar galima naudojant klavišų paspaudimo analizės metodą sėkmingai sumažinti tapatybės vagystės tikimybę. Pateikiami tyrimo rezultatai naudojant skirtingai veikiančias programas, naudojančias klavišų paspaudimo analizės metodą. Analizuojama, kaip klavišų paspaudimo analizės panaudojimo galimybė kinta keičiant tam tikras analizės sudedamąsias dalis. / This paper analyzes vulnerabilities that internet users face on the internet, which are related to identity theft. Phishing and MITM attacks and their principals are described. For solving this problem is suggested one part of biometrics-Keystroke analysis. Goal of this paper is to analyze possibility to reduce probability of these attacks by using Keystroke analysis. The results of using different types of programs using Keystroke analysis are presented. Analysis off how possibility of usability to use Keystroke analysis differs by changing different parts of Keystroke analysis.

Informatics Engineering

Biometrija

Klavišų paspaudimo analizė

MITM

Slaptažodžių žvejyba

Tapatybės vagystės

Identity theft

Biometrics

Keystroke analysis

MITM

Phishing

Exploring Phishing Attacks and Countermeasures

Persson, Anders

January 2007

Online banking and e-commerce applications have good protection against attacks directed direct towards their computer systems. This, the attacker has considered and instead use “social engineering” attacks, such as phishing to gain access to the information inside [1] [15] [21]. Phishing is a growing problem that many different companies are trying to develop a working protection against. The number of new phishing-sites per month increased by 1363 % between January 2005 and October 2006, from 2560 to 37 444 attacks [3] [2]. Today there are several different antiphishing applications as well as implemented methods to prevent attacks, but it’s not certain they giving enough protection. In this paper we plan to investigate the concept of phishing to better understand the threat it provides. We will analyse 252 different phishing attacks and examine a number of existing antiphishing applications to see if there are possibilities to improve the different protection methods to improve the accuracy of such tools.

Phishing

Information Security

Identity Theft

Social Engineering

Computer Sciences

Datavetenskap (datalogi)

Human Computer Interaction