COGNITIVE HACKING AND THE
VALUE OF INFORMATION
COGNITIVE HACKING AND THE
VALUE OF INFORMATION
George Cybenko Annarita Giani
Paul Thompson
Thayer School of Engineeringand
Institute for Security Technology Studies
Dartmouth CollegeHanover, NH
OverviewOverview
• Definition
• Comparison with related concepts
• Examples
• Information Theory Model
• Applications
• Countermeasures
• Future work
COGNITIVE HACKING
DefinitionDefinition
A networked information system attack that relies on changing human users' perceptions and corresponding behaviors in order to be successful.
Key elements:
Requires the use of an information system - not true for all social engineering
Requires a user to change some behavior- not true for all hacking
Exploits our growing reliance on networked information sources
• Propaganda
• Advertising
• Social Engineering
• Semantic Hacking
• Computer Security
• Information Warfare
Related conceptsRelated concepts
Telephone call to ask for a SSN
Email exchange asking for a password
Web page hacking
SocialEngineering
CognitiveHacking
INTRUSION DETECTION
POLICY
Host
s
peri
mete
r defe
nse
encryptio
n
bac
kups
AUDITINGFIREWALLS
authentication protocols
Smurf attacks
MITNICK ATTACK
TCP WRAPPERShoneyp
otsVULNERABILITY
SCANNERS
PHYSICAL ATTACKS
AUTONOMOUS ATTACKS
COGNITIVE ATTACKS
cryptologyVirus
Warm
FireCoffee
HAMMER
Web defacementSpoofing
Misinformation
PKI
Types Types MODE GOALS
Autonomous Cognitive-overt
Cognitive-covert
Theft of Services 8 8, 15
Theft of Information 4
Fraud Financial 1, 2, 3, 4, 5
Fraud- non Financial 6, 7
Political 10,11,14,15, 17
17
Commercial or PrivatePerception Management
6, 9 6
Self-aggrandizement 12, 13, 15
White Hat Hack 13, 16
1. NEI Webworld pump and dump 2. Jonathan Lebed case 3. Fast-trades.com website pump and dump 4. PayPal.com 5. EMULEX 6. Non-financial fraud-search engine optimization 7. Non-financial fraud - CartoonNetwork.com 8. Bogus virus patch report 9. Usenet perception management 10. Hamas site11. Ariel Sharon site 12. New York Times site13. Yahoo site 14. Afghanistan related web sites15. Fluffi Bunni declares Jihad 16. CNN site17. WTO site
Hacking with the Goal of Modifying User Behavior
Example (1)Example (1)
On 7 October 2001. “Singer Britney Spears Killed in Car Accident”.
Due to a bug in CNN’s software, when people at the spoofed site clicked on the “E-mail This” link, the real CNN system distributed a real CNN e-mail to recipients with a link to the spoofed page.
With each click at the bogus site, the real site’s tally of most popular stories was incremented for the bogus story.
Allegedly this hoax was started by a researcher who sent the spoofed story to three users of AOL’s Instant Messenger chat software.
Within 12 hours more than 150,000 people had viewed the spoofed page.
Example (2)Example (2)
In February 2001 the New York Times web site was defaced by a
hacker identified as “splurge” from a group called “Sm0ked Crew”,
which had a few days previously defaced sites belonging to
Hewlett-Packard, Compaq, and Intel.
THE-REV | SPLURGE
Sm0ked crew is back and better than ever!
“Well, admin I’m sorry to say by you have just got sm0ked by splurge.
Don’t be scared though, everything will be all right, first fire your current
security advisor . . .”
Models of Cognitive Hacking - Information TheoryModels of Cognitive Hacking - Information Theory
Horse race Stock portfolio Theory of the firm
PossibleFrameworks
A cognitive hacker might lure an indecisive gambler (investor) to
invest money on false prospects. In this case it would be useful
to understand how sensitive the function W is to p and o and
tamper with the data in order to convince a gambler that it is:
a. worth playing
b. playing a certain way
Horse race modelHorse race model
A horse race is a system defined by the following ingredients (see [Cover and Thomas - “Elements of Information Theory” ]):
there are n horses in a race.
each horse i is assigned a probability pi of winning the race
each horse i is assigned an odds signifying that a gambler that bet bi
dollars on horse i would win bi oi dollars in case of victory (and suffer a
total loss in case of defeat).
W is the “doubling rate”, that is, after k plays, the expected value of the
gambler’s assets are 2Wk
iiobpm
iilog
1
o)p,W(b,
Horse race model analysisHorse race model analysis
2121 )(1 log )(1 log) , ,( W oppo p poop
2
121 o
op1
p log )o ,o p, (
pW
121
1 op
)o ,o (p, oW
221
2 op1
)o ,o (p, oW
2 1, , W op 2 500, , W op
ANALYSIS
p p
O1 = 1 O1 = 500
2 5, , W op
2o p 2o2o
O1 = 5
Apply the model to the Emulex exploitApply the model to the Emulex exploit
~ successful new product release imminent
~ the company is under investigation
Mark Jakob, shorted 3,000 shares of Emulex stock for $72 and
$92 Price rose to $100 Jakob lost almost $100,000
Sends false press release to Internet Wire Inc. Claims Emulex Corporation being investigated by the SEC Claims company was forced to restate 1998 and 1999 earnings.
He manipulated earning $236,000 2o
2o1o
He retaliated with a cognitive hack
Better model for cognitive hacking, e.g., for
the Emulex example
Not yet developed – future work
Stock Portfolio AnalysisStock Portfolio Analysis
Market analysis and assumption of perfect, costless information inadequate to describe firms
More efficient, automated information flow lowers both transaction and organization costs
Information systems susceptible to cognitive hacking
Theory of the FirmTheory of the Firm
Possible CountermeasuresPossible Countermeasures
Single source
Authentication of source
Information "trajectory" modeling
Ulam games
Multiple Sources Source Reliability via Collaborative Filtering and Reliability
reporting
Byzantine Generals Models
Detection of Collusion by Information Sources
Linguistic Analysis , e.g. Determination of common
authorship
Future workFuture work
Working with Securities and Exchange Commission –
Office of Internet
Enforcement
Development of Software tools to:
Detect misinformation
Detect common authorship