COGNITIVE HACKING AND THE

VALUE OF INFORMATION

COGNITIVE HACKING AND THE

VALUE OF INFORMATION

George Cybenko Annarita Giani

Paul Thompson

Thayer School of Engineeringand

Institute for Security Technology Studies

Dartmouth CollegeHanover, NH

OverviewOverview

• Definition

• Comparison with related concepts

• Examples

• Information Theory Model

• Applications

• Countermeasures

• Future work

COGNITIVE HACKING

DefinitionDefinition

A networked information system attack that relies on changing human users' perceptions and corresponding behaviors in order to be successful.

Key elements:

Requires the use of an information system - not true for all social engineering

Requires a user to change some behavior- not true for all hacking

Exploits our growing reliance on networked information sources

• Propaganda

• Advertising

• Social Engineering

• Semantic Hacking

• Computer Security

• Information Warfare

Related conceptsRelated concepts

Telephone call to ask for a SSN

Email exchange asking for a password

Web page hacking

SocialEngineering

CognitiveHacking

INTRUSION DETECTION

POLICY

Host

s

peri

mete

r defe

nse

encryptio

n

bac

kups

AUDITINGFIREWALLS

authentication protocols

Smurf attacks

MITNICK ATTACK

TCP WRAPPERShoneyp

otsVULNERABILITY

SCANNERS

PHYSICAL ATTACKS

AUTONOMOUS ATTACKS

COGNITIVE ATTACKS

cryptologyVirus

Warm

FireCoffee

HAMMER

Web defacementSpoofing

Misinformation

PKI

Types Types MODE GOALS

Autonomous Cognitive-overt

Cognitive-covert

Theft of Services 8 8, 15

Theft of Information 4

Fraud Financial 1, 2, 3, 4, 5

Fraud- non Financial 6, 7

Political 10,11,14,15, 17

17

Commercial or PrivatePerception Management

6, 9 6

Self-aggrandizement 12, 13, 15

White Hat Hack 13, 16

1. NEI Webworld pump and dump 2. Jonathan Lebed case 3. Fast-trades.com website pump and dump 4. PayPal.com 5. EMULEX 6. Non-financial fraud-search engine optimization 7. Non-financial fraud - CartoonNetwork.com 8. Bogus virus patch report 9. Usenet perception management 10. Hamas site11. Ariel Sharon site 12. New York Times site13. Yahoo site 14. Afghanistan related web sites15. Fluffi Bunni declares Jihad 16. CNN site17. WTO site

Hacking with the Goal of Modifying User Behavior

Example (1)Example (1)

On 7 October 2001. “Singer Britney Spears Killed in Car Accident”.

Due to a bug in CNN’s software, when people at the spoofed site clicked on the “E-mail This” link, the real CNN system distributed a real CNN e-mail to recipients with a link to the spoofed page.

With each click at the bogus site, the real site’s tally of most popular stories was incremented for the bogus story.

Allegedly this hoax was started by a researcher who sent the spoofed story to three users of AOL’s Instant Messenger chat software.

Within 12 hours more than 150,000 people had viewed the spoofed page.

Example (2)Example (2)

In February 2001 the New York Times web site was defaced by a

hacker identified as “splurge” from a group called “Sm0ked Crew”,

which had a few days previously defaced sites belonging to

Hewlett-Packard, Compaq, and Intel.

THE-REV | SPLURGE

Sm0ked crew is back and better than ever!

“Well, admin I’m sorry to say by you have just got sm0ked by splurge.

Don’t be scared though, everything will be all right, first fire your current

security advisor . . .”

Models of Cognitive Hacking - Information TheoryModels of Cognitive Hacking - Information Theory

Horse race Stock portfolio Theory of the firm

PossibleFrameworks

A cognitive hacker might lure an indecisive gambler (investor) to

invest money on false prospects. In this case it would be useful

to understand how sensitive the function W is to p and o and

tamper with the data in order to convince a gambler that it is:

a. worth playing

b. playing a certain way

Horse race modelHorse race model

A horse race is a system defined by the following ingredients (see [Cover and Thomas - “Elements of Information Theory” ]):

there are n horses in a race.

each horse i is assigned a probability pi of winning the race

each horse i is assigned an odds signifying that a gambler that bet bi

dollars on horse i would win bi oi dollars in case of victory (and suffer a

total loss in case of defeat).

W is the “doubling rate”, that is, after k plays, the expected value of the

gambler’s assets are 2Wk

iiobpm

iilog

1

o)p,W(b,

Horse race model analysisHorse race model analysis

2121 )(1 log )(1 log) , ,( W oppo p poop

2

121 o

op1

p log )o ,o p, (

pW

121

1 op

)o ,o (p, oW

221

2 op1

)o ,o (p, oW

2 1, , W op 2 500, , W op

ANALYSIS

p p

O1 = 1 O1 = 500

2 5, , W op

2o p 2o2o

O1 = 5

Apply the model to the Emulex exploitApply the model to the Emulex exploit

~ successful new product release imminent

~ the company is under investigation

Mark Jakob, shorted 3,000 shares of Emulex stock for $72 and

$92 Price rose to $100 Jakob lost almost $100,000

Sends false press release to Internet Wire Inc. Claims Emulex Corporation being investigated by the SEC Claims company was forced to restate 1998 and 1999 earnings.

He manipulated earning $236,000 2o

2o1o

He retaliated with a cognitive hack

Better model for cognitive hacking, e.g., for

the Emulex example

Not yet developed – future work

Stock Portfolio AnalysisStock Portfolio Analysis

Market analysis and assumption of perfect, costless information inadequate to describe firms

More efficient, automated information flow lowers both transaction and organization costs

Information systems susceptible to cognitive hacking

Theory of the FirmTheory of the Firm

Possible CountermeasuresPossible Countermeasures

Single source

Authentication of source

Information "trajectory" modeling

Ulam games

Multiple Sources Source Reliability via Collaborative Filtering and Reliability

reporting

Byzantine Generals Models

Detection of Collusion by Information Sources

Linguistic Analysis , e.g. Determination of common

authorship

Future workFuture work

Working with Securities and Exchange Commission –

Office of Internet

Enforcement

Development of Software tools to:

Detect misinformation

Detect common authorship