Embed Size (px)
Citation preview
Judging By The Cover:
Profiling Through
Social Media
Christina Lekati
Social Engineering Security
Cyber Risk GmbH
“A cost-effective way to steal secrets”
Christina Lekati | Cyber Risk GmbH
“The ends did not always justify the means we chose to
employ.
But, as long as there is espionage, there will be
Romeos seducing unsuspecting Juliets with access to
secrets. After all, I was running an intelligence service,
not a lonely-hearts club."
Case Study: https://www.cia.gov/news-information/featured-story-archive/2018-featured-story-archive/romeo-spies.html
• Social Engineers
• Investigators
• OSINT & HUMINT Practitioners
Who Is This Presentation For?
Christina Lekati | Cyber Risk GmbH
OSINT
SOCMINT
SOCial Media INTelligence
What Is SOCMINT All About?
Christina Lekati | Cyber Risk GmbH
SOCMINT is a discipline that lends itself readily to targeting, & profiling.
The accuracy of assumptions on a target depend on:
a) the portion of sharing on social media networks
b) The diversity of the content
and
c) The quality of the analysis
SOCMINT: Targeting & Profiling
Christina Lekati | Cyber Risk GmbH
Quick Wins
Christina Lekati | Cyber Risk GmbH
Will not bother about
information-/cyber-
security
Vulnerability Exposure Posts
Spoof phishing email
Christina Lekati | Cyber Risk GmbH
Romance fraudster
on the way?
Vulnerability Exposure Posts
Christina Lekati | Cyber Risk GmbH
Bribery is a tool too-
Exploiting needs/
feeding addictions
Vulnerability Exposure Posts
Christina Lekati | Cyber Risk GmbH
Personality Indicators: Example - Narcissists
In reality, they are
particularly
vulnerable to their
own needs.
They are also
quite predictable.
…and they are very willing to bend rules and
violate boundaries, if they think it serves them.
That makes them easy targets for skilled
manipulators.
Christina Lekati | Cyber Risk GmbH
Highly Targeted Attacks:
Profiling
Christina Lekati | Cyber Risk GmbH
• Threat actor: likely COBALT GYPSY
• Target: critical infrastructure organizations
• Plan A: Phishing attacks delivering PupyRAT
• Plan B: Mia Ash
• Fake identity used several social media
accounts used to perform reconnaissance on
and establish relationships with specific targets
Source: https://www.secureworks.com/research/the-curious-case-of-mia-ash
Case Study – Mia Ash
Christina Lekati | Cyber Risk GmbH
Who Are You on Social Media?
You are YOU. Curated.
On social media we project the
way we want to be viewed by
others.
This provides extremely valuable
information for a HUMINT or
social engineering operation.
Christina Lekati | Cyber Risk GmbH
What Do We Look For
• An overall representation –
the “Personal Brand”
• Selection of words
• Selection of interests &
activities
• Professional responsibilities
• Social life
Christina Lekati | Cyber Risk GmbH
What Do We Look For
• Motivating factors
• Weaknesses
• Subjects one feels strong about
• Overall ideology
Christina Lekati | Cyber Risk GmbH
An Example…
Christina Lekati | Cyber Risk GmbH
Overall Impressions
Christina Lekati | Cyber Risk GmbH
“Shadow Talk”
• Body Language
• Variety of facial
expressions
• Content (activities)
• Colors
• Locations
• Other people
Overall Impressions
Christina Lekati | Cyber Risk GmbH
Personality
TraitsInterests Wants Vulnerabilities
• Confident
• Expressive
• Sharing
• Fitness
• Exploration
• Adventure
??? ???
• Extraverted
• Wide social
circle
• Travel
• Socializing??? ???
??? ??? ??? ???
Self Image
Social Life
Professional
Life
The Profiling Matrix – First Assumptions
Christina Lekati | Cyber Risk GmbH
Words. Patterns. Expressive Style.
What Else Do We Look At?
Christina Lekati | Cyber Risk GmbH
Ambition.
Determination.
Verbal Cues
Christina Lekati | Cyber Risk GmbH
Influence.
Adventure.
Extraversion.
Verbal Cues
Christina Lekati | Cyber Risk GmbH
Personality
TraitsInterests Wants Vulnerabilities
• Confident
• Expressive
• Sharing
• Determined
• Hard worker
• Fitness
• Exploration
• Adventure
• Growth
• Respect
• Admiration
• Growth
???
• Extraverted
• Wide social
circle
• Authoritative
• Travel
• Socializing
• Others’
well being
• Influential
• Authoritative
• Asked for
advice
???
?????? ??? ???
The Profiling Matrix – More Deductive Thinking
Self Image
Social Life
Professional
Life
Christina Lekati | Cyber Risk GmbH
Personality
TraitsInterests Wants Vulnerabilities
• Confident
• Expressive
• Sharing
• Determined
• Hard worker
• Fitness
• Exploration
• Adventure
• Growth
• Respect
• Admiration
• Growth
???
• Extraverted
• Wide social
circle
• Authoritative
• Travel
• Socializing
• Others’ well
being
• Influential
• Authoritative
• Asked for
advice
???
• Front line
• Manager
• Instructor
•Challenging
job
•Variety
• Prestigious
titles
• ..always
more
???
Self Image
Social Life
Professional
Life
The Profiling Matrix
etc.
Christina Lekati | Cyber Risk GmbH
Psychological Principle:
When we pursue intensely one thing…
…we are automatically trying to avoid with the same intensity,
its opposite.
Christina Lekati | Cyber Risk GmbH
Personality
TraitsInterests Wants Vulnerabilities
• Confident
• Expressive
• Sharing
• Determined
• Hard worker
• Fitness
• Exploration
• Adventure
• Growth
• Respect
• Admiration
• Growth
• Failure
• Inadequacy
• Idleness
• Triviality
• Extraverted
• Wide social
circle
• Authoritative
• Travel
• Socializing
• Others’ well
being
• Influential
• Authoritative
• Asked for
advice
• Rejection
• Low impact
• Ignorance
• Front line
• Manager
• Instructor
•Challenging
job
•Variety
• Prestigious
titles
• ..always more
• Undervalued
• Isolation
…and so on.
Self Image
Social Life
Professional
Life
The Profiling Matrix
etc.
Christina Lekati | Cyber Risk GmbH
• “Personality Traits” : Used to build
rapport. We like people that are like
us
• “Interests” and “Wants” : Fruitful
ground to start a conversation,
engage the target & incentivize
them.
• “Vulnerabilities” : can be strategically
used when likeability alone does not
drive the desired action.
Using the Profiling Matrix
Christina Lekati | Cyber Risk GmbH
Personality
TraitsInterests Wants Vulnerabilities
• Confident
• Expressive
• Sharing
• Determined
• Hard worker
• Fitness
• Exploration
• Adventure
• Growth
• Respect
• Admiration
• Growth
• Failure
• Inadequacy
• Idleness
• Triviality
• Extraverted
• Wide social
circle
• Authoritative
• Travel
• Socializing
• Others’ well
being
• Influential
• Authoritative
• Asked for
advice
• Rejection
• Low impact
• Ignorance
• Front line
• Manager
• Instructor
• Challenging job
• Variety
• Prestigious
titles
• ..always more
• Undervalued
• Isolation
• …and so on.
• The social engineer will adjust their approach according to how
you respond. They have a lot information to work with.
• How is the personality & pretext crafted? We like & relate better to
people that are like us. So they’d look a lot like…
Using the Profiling Matrix
Christina Lekati | Cyber Risk GmbH
• Profiles intended to build trust and rapport
with potential victims.
• “She” initiated conversations based on
“common interests” - moved on to other
topics.
• Escalated target to other social media
platforms & phone
• Once work email was provided – malicious
Excel file was sent.
• The file would eventually deliver PupyRATSource: https://www.secureworks.com/research/the-curious-case-of-mia-ash
Case Study – Mia Ash
Christina Lekati | Cyber Risk GmbH
Collection of both
SOCMINT & HUMINT
Source: https://www.secureworks.com/research/the-curious-case-of-mia-ash
Case Study – Mia Ash
Christina Lekati | Cyber Risk GmbH
• How insider information is found is always a mystery – or is it not?
……………………..
• Profiling helps Social Engineers identify and cultivate the right
targets (“assets”)
• Attackers conduct thorough reconnaissance and do not shy away
from building relationships with targets
Social Engineering Groundwork
Christina Lekati | Cyber Risk GmbH
Methodology:
Connecting the Dots &
Avoiding Biases
Christina Lekati | Cyber Risk GmbH
Christina Lekati | Cyber Risk GmbH
Complementary
Reading
Contact Details:
“Knowledge is a weapon. I
intend to be formidably armed.”- Terry Goodkind
Christina Lekati
@ChristinaLekati
Christina LekatiSocial Engineering Security
Trainer & Consultant
Cyber Risk GmbH
