FREE ELECTRONIC LIBRARY - Abstracts, online materials

Pages:     | 1 | 2 ||

«Abstract: Vulnerability to deception is part of human nature, owing to fundamental limitations of the human mind. This vulnerability is exploited by ...»

-- [ Page 3 ] --

First, false expectations are created whenever someone misunderstands how something works [Hus97, San84]. For example, it is not uncommon for emerging computer technology to be grossly over-valued by consumers and investors. Historical examples include artificial intelligence, Java, and even the Internet. Consumers and investors who hold such false expectations are vulnerable to deception, and the vulnerability is invariably exploited by conmen who promise to deliver the emerging technology. Similarly, many hackers will also hold popular delusions about emerging technology, and these false-expectations could be exploited to deceive them. For instance, firewalls and intrusion detection systems (IDSs) are security systems whose power and effectiveness have, historically, been widely over-estimated. It may be possible to deter hackers by using deception to exaggerate the effectiveness of a network’s computer-security systems. As an example, hacking instances that are detected by conventional means could be attributed to the “new generation of powerful IDSs.” Indeed, in the mid 80s, a hacker wrongly concluded that his subsequent attempts to access a computer system at SRI International failed because of an IDS. His expectations were based on reading a report about IDSs on the machine, and deducing that the concept had been implemented. In fact, the passwords on the system had been changed following his initial break-in.

Second, trust creates expectations that can make a person vulnerable to deception [San84]. If the deception target trusts something that is corrupt, or corruptible, then that trust can be used to deceive. For example, consumers tend to trust name brands, and a corporation can deceptively exploit that trust by selling substandard products under its brand. Deception occurs when the corporation allows buyers to assume the substandard product is of the same quality as its other products. Similarly, hackers rely on a variety of systems, tools and organizations, and their trust in these things can potentially be exploited. As an example, when hackers break into Unix computers, they often download and compile hacking tools. Their trust in the resident compilers can be exploited. For instance, the compilers can be rigged to create binaries that secretly trigger security alarms whenever the code is run.

4.3 A guilty conscience King Solomon observed that “the wicked flee when no one pursues...” (Proverbs 28:1).

Apparently, criminals have a guilty conscience, and it tends to make them paranoid about getting caught and punished. They are hypersensitive to the possibility of detection and retribution.

Also, they respond fearfully. Such hypersensitivity can make them vulnerable to deceptive indicators of detection and retribution. For example, fake security cameras, and signs warning about nonexistent alarm systems, can be very effective.

DoD Cyber Crime Conference 2007 (c) 2007, by the authors 9 In computer security, most hackers are criminals, e.g., trespassing script-kiddies, cyber thieves, and state-sponsored hackers who are engaged in unjust warfare. Hackers’ guilty consciences can make them hypersensitive to deceptive indicators of detection and retribution.

For instance, well publicized hacking prosecutions can be used to exaggerate intrusion response capabilities. Also, fake displays of network intrusion-detection systems can be used to exaggerate detection capabilities, as commonly done in physical security. For example, if hackers suspect honeypots are being used, real computers can be given honeypot components that hackers look for, such as a keystroke logger.

4.4 Cravings and compulsions One of con-men’s most well known techniques is to exploit greed [BW82, San84].

Greed powerfully lulls suspicion, impairs critical thinking, and thereby makes people vulnerable to deception. In general, there are a variety of cravings and compulsions that impair thinking and make humans vulnerable to deception. The causes of these cravings and compulsions include: a) moral vices, such as greed, substance abuse, uncontrolled anger, and a lust for power and fame;

b) desperation, as seen by the perpetual sales of fraudulent remedies for terminal illnesses and excess weight; and c) psychological disorders, such as obsessive-compulsive behavior.

Cravings and compulsions make humans vulnerable to deception in two ways. First, they impair the thinking abilities needed for counterdeception. Secondly, when a deception offers the target what he wants, the opportunity will often arouse his suspicions. In such cases, cravings and compulsions can cause the target to take foolish risks and thereby fall for suspected deceptions.

Hackers are often characterized by their vices and disorders. As described earlier, most hackers are criminals, and consequently, they are engaged in vice. For example, many script kiddies covet the technical abilities that will make them “elite” and famous among their peers.

Cyber thieves are driven by greed. Hacking itself can be highly intriguing, and hackers commonly display extreme obsessive-compulsive behavior in their hacking. A good example is the hacker Matt Singer, who was unemployed and hacked constantly [FM97].

Deception can exploit the target’s impaired critical thinking, caused by cravings and compulsions. For instance, Singer’s obsessive behavior seemed to impair sober-minded reflection about his vulnerabilities and risks. When his brother cautioned him about getting caught, he replied that he was telnetting through too many systems to be tracked. Apparently, it did not occur to Singer that his initial connection was often to the same university network, and its system administrator was stealthfully monitoring his world-wide hacking adventures.

4.5 Limitations in critical thinking Another vulnerability to fraud arises from deficient critical thinking. There are two types of such thinking that con-men often exploit, and they can be used for computer security deceptions. One deficiency is credulity, or the willingness to believe something based on slight or uncertain evidence [San94]. A common cause of credulity is naiveté, as superficial knowledge can limit critical thinking and make one vulnerable to deception. Hackers can be quite naive about the networks they hack, due to their unfamiliarity with the network topology and the operation it supports, e.g., banking or military. Script-kiddies will tend to be credulous due to youthful naiveté. Another deficiency in critical thinking is laziness [San84]. It may be DoD Cyber Crime Conference 2007 (c) 2007, by the authors 10 possible for a hacker to discover a deception, but the deception will be safe if the hacker is not willing to invest the effort required for discovery. Hackers who do not fear being caught, or who act impetuously, may simply not make the effort needed for counterdeception. Many scriptkiddies are likely to act in this manner.

5 Conclusion Table 1 summarizes the eleven psychological vulnerabilities to deception presented in the paper. Exploitation of the vulnerabilities can increase a deception’s likelihood of success. An understanding of the vulnerabilities is a tool for the deception planner’s toolbox, and the vulnerabilities’ most significant uses are recapped here. In the military and intelligence deception literature, there is a resounding admonition to exploit the target’s expectations and desires. The work of fraud artists indicates that the target’s cravings and compulsions are desires that make him particularly vulnerable to deception. In general, deceptions that are contrary to the target’s expectations should be avoided, if possible.

From our analysis of deceptions that exploit psychological vulnerabilities, we make three observations regarding their application to computer security. First, deceptions that exaggerate security capabilities such as intrusion detection can potentially exploit a guilty conscience, false expectations and all of the cognitive biases. Second, things that the target expects to be hidden can often be deceptively portrayed just by showing their indicators or evidence. Such deceptions can potentially exploit biases toward causal explanations, oversensitivity to consistency, and difficulties in detecting missing evidence. Third, deceptions based on conditioning can exploit biases toward causal explanations and biases in estimating probabilities.

There are limitations to exploiting psychological vulnerabilities to deception owing to uncertainties in the target’s reaction. Fortunately, there are several ways the deception planner can manage or reduce the problems associated with this uncertainty. First, the uncertainty can be reduced by gaining a better understanding of the targets’ psychological vulnerabilities. Second, although some psychological vulnerabilities are capricious, others are more predictable, such as hackers’ expectations about network traffic. Third, when designing deception operations, the deception planner does not have to focus on exploiting the target’s psychological vulnerabilities, but rather, he can exploit the vulnerabilities when the opportunity presents itself. Lastly, for many deceptions, the exploitation of psychological vulnerabilities does not have to work all the time, just often enough to be useful.

The savvy deception target will be familiar with psychological vulnerabilities to deception. He will seek to minimize them and to detect attempts to exploit them. For instance, his counterdeception work will benefit from the knowledge that most deceptions will seek to exploit his expectations and desires. However, to a certain extent, psychological vulnerabilities to deception are unavoidable, due to the inherent weaknesses and limitations of humans. For example, although expectations are fallible, they are a necessary means for making sense of the overwhelming information received by the senses. The target must form expectations, and these expectations can often be used to advantage in deception.

WWII deception planner Lt Col Geoffrey Barkas provides an insight into the human vulnerability to deception [Bar52]. Barkas was responsible for many of the highly successful deceptions that contributed to Rommel's defeat in North Africa in 1942. After seeing the Germans capture a dummy oil port he had built, Barkas thought the Germans would never be DoD Cyber Crime Conference 2007 (c) 2007, by the authors 11 fooled again, as they had now seen what British deceptions could accomplish. However, further successful deceptions led Barkas to conclude that, "as long as the enemy has a good intelligence service and pays attention to what it says, it will be possible to fool him again and again." The British used the German intelligence service to communicate deception stories to the German military leaders. The Germans could be deceived repeatedly because their human limitations left them ever vulnerable to deception. In general, deception is always a possibility, as the target's counter-deception efforts cannot fully overcome his inherent vulnerabilities to deception. This often provides the deceiver with an advantage over the target. However, the advantage is not unilateral—the deceiver is also flesh and blood, and inherently vulnerable to deception himself.

–  –  –

DoD Cyber Crime Conference 2007 (c) 2007, by the authors 13 6 Bibliography [Bar52] Barkas, G. The Camouflage Story, Cassell & Co. Ltd, 1952.

[BW82] Bell, J., B. Whaley. Cheating and Deception. Transaction Publishers, 1982.

[CIA80] Deception Maxims: Fact and Folklore, Deception Research Program, Office of Research and Development, Central Intelligence Agency, 1980.

[Dew89] Dewar, M. The Art of Deception in Warfare, David & Charles, 1989.

[DH82a] Daniel, D., K. Herbig, editors. Strategic Military Deception, Pergamon Press, 1982.

[DH82b] Daniel, D., K. Herbig. “Propositions on Military Deception”, in [DH82a].

[FM97] Freedman, D.H. and C.C. Mann. At Large: The Strange Case of the World's Biggest Internet Invasion, Simon & Schuster, 1997.

[Heu81] Heuer, R. “Cognitive Factors in Deception and Counterdeception”, in [DH82a].

[Hus97] Huston, P. Scams From The Great Beyond : How To Make Easy Money Off Of ESP, Astrology, UFOs, Crop Circles, Cattle Mutilations, Alien Abductions, Atlantis, Channeling, And Other New Age Nonsense, Paladin Press, 1997.

[ISV95] Icove, D., K. Seger, and W. VonStorch. Computer Crime : A Crimefighter’s Handbook, O’Reilly, 1995.

[JDD96] Joint Doctrine Division, Joint Doctrine for Military Deception, U.S. Joint Command, http://www.dtic.mil/doctrine, 1996.

[Jer68] Jervis, R. “Hypotheses on Misperception”, World Politics, 20(3):454-479, April 1968.

[San84] Santoro, V. The Rip Off Book : The Complete Guide to Frauds, Loompanics Unlimited, 1984.

[San94] Santoro, V. Economic Sodomy : How Modern Fraud Works and How to Protect Yourself, Loompanics Unlimited, 1994.

[Sch93] Schlossberg, H. Idols for Destruction : The Conflict of Christian Faith and American Culture, Crossway Books, 1993.

[Sto89] Stoll, C. The cuckoo's egg : tracking a spy through the maze of computer espionage, Doubleday, 1989.

[TK71] Tversky, A., Kahneman, D. ”The Belief in the Law of Small Numbers”, Psychology Bulletin, 76:105-110, 1971.

[USA88] FM 90-2 Battlefield Deception, U.S. Army, 1988.

[USM89] FM 15-6 Strategic and Operational Military Deception: U.S. Marines and the Next Twenty Years, U.S. Marine Corps, 1989.

[Wha69] Whaley, B. Stratagem : Deception and Surprise in War, Center for International Studies, Cambridge, 1969.

7 Authors Jim Yuill is a PhD candidate in the Computer Science Department at North Carolina State University. This paper is related to his dissertation. Jim previously worked at IBM in operating systems development. jimyuill-at-pobox.com Fred Feer is retired from a career with the U.S. Army counterintelligence, CIA, RAND and independent consulting. Deception has been an interest and area of professional specialization for over 40 years. ffeer-at-comcast.net Dr. Dorothy Denning is a Professor in the Department of Defense Analysis at the Naval Postgraduate School. She worked in the computer security field for 30 years and is author of Information Warfare and Security. dedennin-at-nps.edu

Pages:     | 1 | 2 ||

Similar works:

«1 Appetite 53, 434-437. http://dx.doi.org/10.1016/j.appet.2009.08.004 submitted manuscript with a few verbal corrections Lines, dashed lines and “scale” ex-tricks. Objective measurements of appetite versus subjective tests of intake. DAVID A. BOOTH Food Quality and Nutritional Psychology Research Group, School of Psychology, College of Life and Environmental Sciences, University of Birmingham, Edgbaston, Birmingham B15 2TT, U.K. Abstract Investigators of appetite for food have been tricked...»

«1 15 Minds in Uniform How generative linguistics regiments culture, and why it shouldn’t Published as a chapter in Sampson and Babarczy, Grammar without Grammaticality (de Gruyter, 2013); an earlier version was the keynote address at IADA 2006, Mainz, and was published in Marion Grein and Edda Weigand, eds, Dialogue and Culture (John Benjamins, 2007). The present version contains a (very) few revisions by Sampson to the 2013 text.15.1 Trivializing cultural differences Practitioners of...»

«David Keen Object Oriented Programming Mock Objects and test driven design (TDD) The text of this essay is my own, except where explicitly indicated. I give my permission for this essay to be submitted to the JISC Plagiarism Detection Service. Test every work of intellect or faith And everything that your own hands have wrought  William Butler Yeats Mock Objects are a relatively new tool in the object oriented programmer's toolkit. Developed by Tim Mackinnon, Steve Freeman, and Philip Craig...»

«History of Psychology Copyright 2000 by the Educational Publishing Foundation 2000, Vol. 3, No. 4, 326-343 1093-4510/00/$5.00 DOI: 10.1037//1093-4510.3.4.326 THE POWER OF A MUSICAL INSTRUMENT: Franklin, the Mozarts, Mesmer, and the Glass Armonica D a v i d A. Gallo and Stanley Finger Washington University In 1761 Benjamin Franklin invented the armonica (often referred to as the glass harmonica), an instrument designed to simplify the playing of the musical glasses. The instrument immediately...»

«Publisher’s Note This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering psychological, financial, legal, or other professional services. If expert assistance or counseling is needed, the services of a competent professional should be sought. Distributed in Canada by Raincoast Books Copyright © 2012 by Susan Albers New Harbinger Publications, Inc....»

«Theresa Cheung THE ELEMENT ENCYCLOPEDIA OF THE PSYCHIC WORLD the ultimate a-z of spirits, mysteries and the paranormal Contents Cover Title Page Introduction A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Resources Index Acknowledgements Copyright About the Publisher Introduction A mind that is stretched by a new experience can never go back to its old dimensions. (Oliver Wendell Holmes) In the last few decades interest in the psychic world has escalated. Beyond the basic Steven King...»

«Artificial paradises, 1996, 181 pages, Charles Baudelaire, Stacy Diamond, 0806514833, 9780806514833, Carol Pub. Group, 1996. At the time of its release in 1860, Charles Baudelaire's Artificial Paradises (Les Paradis Artificiels) met with immediate praise. One of the most important French symbolists, Baudelaire led a debauched, violent, and ultimately tragic life, dying an opium addict in 1867. This book, a response to Thomas De Quincey's Confessions of an Opium Eater, serves as a memoir of...»

«On-line interpretation of intonational meaning in L2 Bettina Braun*^ and Lara Tagliapietra* *Max Planck Institute for Psycholinguistics, Nijmegen ^ University of Konstanz, Germany Short Title: Intonational meaning in L2 Address for correspondence: Bettina Braun University of Konstanz Department of Linguistics Fach 186 D-78457 Konstanz Phone: 0049-7531-2386, Fax:?? Bettina.Braun@uni-konstanz.de Abstract Despite their relatedness, Dutch and German differ in the interpretation of a particular...»

«OMNI-DIRECTIONAL MENTORSHIP: REDEFINING MENTORSHIP AS A RECIPROCAL PROCESS OF TEACHING AND LEARNING EDWARD P. CLAPP HARVARD GRADUATE SCHOOL OF EDUCATION Abstract When one thinks of mentorship, what often comes to mind is the vision of a wizened field leader sharing knowledge and expertise with a less experienced protégé. This traditional approach to mentorship customarily involves the counsel of a young mentee by a more senior mentor. While such an approach to mentorship can be applied to...»

«A Practical Guide to Pricing Data Products Everett Leonidas Whit Walker Welcome! First and foremost, congratulations! Welcome to DataStreamX! We’ve worked hard to provide you with the tools and reference materials necessary for structuring and monetizing data products that can be sold globally. Vendors on the DataStreamX platform have varying levels of experience in distributing and selling their proprietary data into the public realm. For first-time Vendors, we have prepared a comprehensive...»

«Chapter 7 By: Kaylee Posey I sat at the bar, pensive over everything that had transpired between my wife and I the last time we spoke face-to-face—could that have been six weeks ago? I shook my head in wonderment at how time flies, yet how it also seems to stand still almost at the exact same time. It seemed like just yesterday when she told me all about her history with Teddy Johnson; a guy whose name I had repressed into the far recesses of my mind, along with all the terrible memories his...»

«The Center for www.tcme.org MINDFUL EATING TELECONFERENCE HANDOUT THE CRAVING CYCLE Ronna Kabatznick, Ph.D. TCME Board Member November 2008 PURPOSE AND OVERVIEW This teleconference is specifically designed to explain the dynamics of craving that lead to mindless eating, overeating or binging. In order to release ourselves from the craving cycle, we need to know how it works and become mindful of the places where we get caught. (A future teleconference will show how mindfulness, insight and...»

<<  HOME   |    CONTACTS
2017 www.abstract.dislib.info - Abstracts, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.