his.sePublications
Change search
Refine search result
1 - 8 of 8
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1. Huber, Markus
    et al.
    Kowalski, Stewart
    Nohlberg, Marcus
    University of Skövde, School of Humanities and Informatics. University of Skövde, The Informatics Research Centre.
    Tjoa, Simon
    Towards Automating Social Engineering Using Social Networking Sites2009In: 2009 International Conference on Computational Science and Engineering, IEEE Computer Society , 2009, p. 117-124Conference paper (Refereed)
    Abstract [en]

    A growing number of people use social networking sites to foster social relationships among each other. While the advantages of the provided services are obvious, drawbacks on a users’ privacy and arising implications are often neglected. In this paper we introduce a novel attack called automated social engineering which illustrates how social networking sites can be used for social engineering. Our approach takes classical social engineering one step further by automating tasks which formerly were very time-intensive. In order to evaluate our proposed attack cycle and our prototypical implementation (ASE bot), we conducted two experiments. Within the first experiment we examine the information gathering capabilities of our bot. The second evaluation of our prototype performs a Turing test. The promising results of the evaluation highlightthe possibility to efficiently and effectively perform social engineering attacks by applying automated social engineering bots.

  • 2.
    Kävrestad, Joakim
    et al.
    University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre.
    Åhlfeldt, Rose-Mharie
    University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre.
    Nohlberg, Marcus
    University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre.
    Johani, Karonen
    University of Skövde.
    Kowalski, Stewart
    University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre.
    Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS)2019In: Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019) / [ed] Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider, CEUR-WS , 2019, Vol. 2398, p. 153-155Conference paper (Refereed)
  • 3.
    Nohlberg, Marcus
    et al.
    University of Skövde, School of Humanities and Informatics. University of Skövde, The Informatics Research Centre.
    Kowalski, Stewart
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap.
    The cycle of deception: a model of social engineering attacks, defenses and victims2008In: Proceedings of the Second International Symposium on Human Aspects of Information Security and Assurance (HAISA 2008) / [ed] Nathan Clarke, Steven Furnell, University of Plymouth , 2008, p. 1-11Conference paper (Refereed)
    Abstract [en]

    In this paper we propose a model for describing deceptive crimes in general and social engineering in particular. Our research approach was naïve inductivist and the methods used were literature study and interviews with the lead investigator in a grooming case, as we see many similarities between the techniques used in grooming, and those used in social engineering. From this we create cycles describing attacker, defender, and the victim and merge them into a model describing the cycle of deception. The model is then extended into a possible deception sphere. The resulting models can be used to educate about social engineering, to create automated social engineering attacks, to facilitate better incident reporting, and to understand the impact and economical aspects of defenses.

  • 4.
    Nohlberg, Marcus
    et al.
    University of Skövde, School of Humanities and Informatics. University of Skövde, The Informatics Research Centre.
    Kowalski, Stewart
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap (Säkerhetsinformatik).
    Huber, Markus
    Stockholms universitet, Samhällsvetenskapliga fakulteten, Institutionen för data- och systemvetenskap (Säkerhetsinformatik).
    Measuring Readiness for Automated Social Engineering2008In: Proceedings of the 7th Annual Security Conference, Las Vegas, USA, June 2-3, 2008 [CD-ROM], 2008, p. 20.1-20.13Conference paper (Refereed)
    Abstract [en]

    This paper presents the result of a case study of the readiness of four large Swedish multinational corporations to deal with automated social engineering attacks. A preliminary study to review how the security policy of a large corporation deals with social engineering attacks was performed. The results from this study were combined with a conceptual model of social engineering when constructing a new interview protocol and a grading scale. This interview protocol was designed to measure the readiness of an organization to deal with social engineering attacks in general, and in this case with automated social engineering in particular. Four interviews were conducted with senior security managers and senior employees. Results indicate that no organization was over 60% on the readiness scale and thus all are considered at risk of attack.

  • 5.
    Nohlberg, Marcus
    et al.
    University of Skövde, School of Humanities and Informatics.
    Kowalski, Stewart
    Department of Computer and Systems Sciences, Stockholm University/Royal Institute of Technology, Stockholm, Sweden.
    Karlsson, Kerstin
    University of Skövde, School of Humanities and Informatics.
    Ask and you shall know: using interviews and the SBC model for social-engineering penetration testing2008In: Proceedings of the 1st International Multi-Conference on Engineering and Technological Innovation; IMETI 2008: Volume I / [ed] Chu Hsing-Wei, Estrems Manuel, Ferrer José, Franco Patricio, Savoie Michael, Orlando: International Institute of Informatics and Systemics, 2008, p. 121-128Conference paper (Refereed)
    Abstract [en]

    This paper presents the result of a case study where the SBC model was used as a foundation to perform semi-structured interviews to test the security in a medical establishment. The answers were analyzed and presented in an uncomplicated graph. The purpose was to study the feasibility of letting the users participate, instead of exploiting their weaknesses. It was found that the approach of interviewing the subjects rendered interesting, and relevant, results, making it an approach that should be studied further due to its apparent gains: less ethically troublesome penetration testing, increased awareness, improved coverage and novel information as added bonuses.

  • 6.
    Nohlberg, Marcus
    et al.
    University of Skövde, School of Humanities and Informatics. University of Skövde, The Informatics Research Centre.
    Kowalski, Stewart
    Karlsson, Kerstin
    University of Skövde.
    Non-Invasive Social Engineering Penetration Testing in a Medical Environment2008In: Proceedings of the 7th Annual Security Conference [CD-ROM], 2008, p. 22.1-22.13Conference paper (Refereed)
    Abstract [en]

    This paper proposes a soft approach for social engineering penetration testing. By using the SBC model as a foundation, questions related to the social element of security were asked in semi-structured interviews to a group of subjects. The answers were analyzed and presented in an uncomplicated graph. The purpose was to study the feasibility of letting the users participate, instead of exploiting their weaknesses. It was found that the approach of interviewing the subjects rendered interesting, and relevant, results, making it an approach that should be studied further due to its apparent gains: less ethically troublesome penetration testing, increased awareness, improved coverage and novel information as added bonuses.

  • 7.
    Nohlberg, Marcus
    et al.
    University of Skövde, School of Technology and Society. University of Skövde, School of Humanities and Informatics.
    Wangler, Benkt
    University of Skövde, School of Humanities and Informatics.
    Kowalski, Stewart
    Stockholm University, Sweden.
    A Conceptual Model of Social Engineering2011In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 7, no 2, p. 3-13Article in journal (Refereed)
    Abstract [en]

    Social engineering is a term used for techniques to trick, or con, users into giving out information to someone that should not have it. In this paper we discuss and model various notions related to social engineering. By using a broad, cross disciplinary approach, we present a conceptual model of the different kinds of social engineering attacks, and their preparation, the victim and the perpetrator, as well as the cultural aspects. By using this approach a better general understanding of social engineering can be reached. The model is also a good tool for teaching about and protecting against social engineering attacks.

  • 8.
    Nohlberg, Marcus
    et al.
    University of Skövde, School of Humanities and Informatics.
    Wangler, Benkt
    University of Skövde, School of Humanities and Informatics.
    Kowalski, Stewart
    Stockholm University, Sweden.
    A Conceptual Model of Social Engineering2010Conference paper (Refereed)
1 - 8 of 8
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf