Advertisement

Basic Study on Targeted E-mail Attack Method Using OSINT

  • Kota Uehara
  • Kohei Mukaiyama
  • Masahiro Fujita
  • Hiroki Nishikawa
  • Takumi Yamamoto
  • Kiyoto Kawauchi
  • Masakatsu NishigakiEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 926)

Abstract

In recent years, attackers have easily gained considerable information on companies and individuals using open source intelligence (OSINT), thereby increasing the threat of targeted attacks. In light of such a situation, modeling the synergistic effect of OSINT and targeted attacks will be an effective measure against these attacks. In this paper, we formulate a state transition model that defines the process by which attackers gather a target’s information by using OSINT tools. Then we categorize the targeted e-mails that the attackers can generate in each state. The results of the analysis can be used by the victims to estimate the extent of attacks from the contents of the targeted e-mails, and to take appropriate measures.

References

  1. 1.
    Acquisti, A., Gross, R., Stutzman, F.: Face recognition and privacy in the age of augmented reality. J. Priv. Confidentiality 6, 1–20 (2014)Google Scholar
  2. 2.
    Rainie, L., Kiesler, S., Kang, R., Madden, M., Duggan, M., Brown, S., Dabbish, L.: Anonymity, privacy, and security online. Pew Research Center (2013)Google Scholar
  3. 3.
    Ball, L.D., Ewan, G., Coull, N.J.: Undermining-social engineering using open source intelligence gathering. In: Proceedings of 4th International Conference on Knowledge Discovery and Information Retrieval (KDIR), pp. 275–280. SciTePress-Science and Technology Publications (2012)Google Scholar
  4. 4.
    Best, C.: OSINT, the internet and privacy. In: EISIC, p. 4 (2012)Google Scholar
  5. 5.
    INFOSEC: Top Five Open Source Intelligence (OSINT) Tools. https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/. Accessed 30 July 2018
  6. 6.
    IntelTechniques.com: Buscador OSINT VM. https://inteltechniques.com/buscador/index.html. Accessed 3 Aug 2018
  7. 7.
    Chen, S., Fitzsimons, G.M., Andersen, S.M.: Automaticity in close relationships. In: Social Psychology and the Unconscious: The Automaticity of Higher Mental Processes, pp. 133–172 (2007)Google Scholar
  8. 8.
    Japan Pension Service: Investigation Result Report on Information Leakage Cases due to Unauthorized Access (in Japanese). https://www.nenkin.go.jp/files/kuUK4cuR6MEN2.pdf. Accessed 7 Aug 2018
  9. 9.
    Edwards, M., Larson, R., Green, B., Rashid, A., Baron, A.: Panning for gold: automatically analysing online social engineering attack surfaces. Comput. Secur. 69, 18–34 (2017)CrossRefGoogle Scholar
  10. 10.
    Silic, M., Back, A.: The dark side of social networking sites: understanding phishing risks. Comput. Hum. Behav. 60, 35–43 (2016)CrossRefGoogle Scholar
  11. 11.
    Singh, A., Thaware, V.: Wire Me Through Machine Learning. Black Hat, USA (2017)Google Scholar
  12. 12.
    Iwata, K., Nakamura, Y., Inamura, H., Takahashi, O.: An automatic training system against advanced persistent threat. In: 2017 Tenth International Conference on Mobile Computing and Ubiquitous Network (ICMU), pp. 1–2. IEEE (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Kota Uehara
    • 1
  • Kohei Mukaiyama
    • 1
  • Masahiro Fujita
    • 1
  • Hiroki Nishikawa
    • 2
  • Takumi Yamamoto
    • 2
  • Kiyoto Kawauchi
    • 2
  • Masakatsu Nishigaki
    • 1
    Email author
  1. 1.Shizuoka UniversityHamamatsuJapan
  2. 2.Mitsubishi Electric CorporationKamakuraJapan

Personalised recommendations