QUESTIONING 42: How Do We Engineer for Social Engineering?

Analyzing and Countering Namespace Attacks Through Reverse Engineering of Human-Scale Security Protocols

Presented by Vineetha Paruchuri

Thursday, August 18, 2016
1:00 p.m.
ICSI Lecture Hall

Abstract:

The most expensive domain name thus far in history was stolen in 1995 by sending a fax to the domain registrar. The same attack worked again in 2013 to hijack the DNS of another website. In 2015, a teenage hacker collective obtained control of the CIA Director’s email, partial credit card number etc. In 2016, the same teenage hacker collective attacked the Director of National Intelligence and the Director of the Office of Science and Technology Policy using the same techniques.

A quick search reveals an alarming number of such attacks where the initial attacks were widely publicized and the vulnerabilities hence previously known, with most requiring little effort and often no cost to patch. So where exactly is the status quo failing? And what exactly is this problem? Social engineering attack? Identity theft? Personal Stalking? Something else?

It will quickly be evident that the complexity of thought required for the modeling, analysis, and detection of these types of attacks, ironically, belies the simplicity in their perpetration. There cannot be an effective solution without a comprehensive problem description, and we see that conventional theories fail to capture this problem meaningfully. This talk addresses the problems in the status quo and illustrates a methodology to comprehensively address this problem, including both a detailed analysis and the results of in-the-wild penetration tests.

Speaker Bio:

Paruchuri graduated from Dartmouth College with a Master's degree in Computer Science, specializing in Information Security and Privacy. She also pursued relevant programs in business studies and law at the Tuck School of Business at Dartmouth and at the National Law School of India University respectively. She previously worked at the Global Research and Healthcare divisions of the General Electric Company (GE), the Aerospace Department of the Indian Institute of Science (IISc), Tecnológico de Monterrey Campus Ciudad de México (TEC), and the Institute for Security, Technology, and Society (ISTS) at Dartmouth College. Her research focuses on analyzing the complex interplay between technology, public policy, law, and business to meaningfully solve interdisciplinary socio-technical problems.