Sean McElroy scite author profile

Sean McElroy

2Publications

0Citation Statements Received

15Citation Statements Given

How they've been cited

How they cite others

Affiliations

Dakota State University

Publications

Order By: Most citations

Developing Privacy Incident Responses to Combat Information Warfare

McElroy

McKee

2023

iccws

View full text Add to dashboard Cite

Violations of privacy harm real people, and as nation-state actors grow their information warfare capabilities, civilians suffer these harms as part of coordinated and targeted actions on objectives. When privacy harms manifest, they allow threat actors to injure data subjects by weaponizing their information to harm individuals, communities, and societies. These attacks injure civilians as the confidence of legitimate authorities, institutions, and defences is eroded, and consequences may impact national security. Distinct from cybersecurity, privacy depends upon confidentiality, integrity, and availability but encompasses a unique set of concerns. Whereas security incident response has an established practice and research history, approaches to privacy incident response, such as unauthorized disclosure, are not well researched or documented in academic literature in the unique context of privacy. By mapping privacy harm to techniques and tactics, a cohesive framework emerges to distinguish tailored mitigation strategies for each. This paper proposes a conceptual model and classification framework for privacy-related harms, tactics, techniques, and mitigation strategies to address sophisticated privacy threat actors. Using this model and framework, contingency planners can develop privacy incident response strategies to defend against the privacy harms of information warfare.

show abstract

Learning from learning: detecting account takeovers by identifying forgetful users

McElroy¹

2021

Computer Fraud & Security

View full text Add to dashboard Cite

Credential-stuffing attacks are increasing in frequency, allowing threat actors to use data breaches from one source to perpetrate another. While multi-factor authentication remains a crucial preventative measure to protect against credential stuffing, the availability of credential data sets with contact information and the correlation with demographic data can allow threat actors to overcome it through interactive social engineering. Concurrently, alternative defence mechanisms such as network source profiling and device fingerprinting lose effectiveness as privacy-protecting technologies reduce the observable variability between legitimate and fraudulent user sessions. Sean A McElroy of Lumin Digital presents original research which suggests that by measuring a user's increasing familiarity with a web application over time, outliers in use may indicate account takeover fraud. Credential-stuffing attacks are increasing in frequency, allowing threat actors to use data breaches from one source to perpetrate another. While multi-factor authentication remains a crucial preventative measure to protect against credential stuffing, the availability of credential data sets with contact information and the correlation with demographic data can allow threat actors to overcome it through interactive social engineering. Concurrently, alternative defence mechanisms such as network source profiling and device fingerprinting lose effectiveness as privacy-protecting technologies reduce the observable variability between legitimate and fraudulent user sessions.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sean McElroy

Developing Privacy Incident Responses to Combat Information Warfare

Learning from learning: detecting account takeovers by identifying forgetful users

Contact Info

Product

Resources

About