Social Engineering Attacks on Government Opponents: Target Perspectives

Marczak, William R.; Paxson, Vern

doi:10.1515/popets-2017-0022

Cited by 13 publications

(15 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We find that the ability of humanitarian field workers to carry out their mandate hinges on numerous operational and legal factors such as developing capacity by training local workers, operating in local, untrusted facilities, and negotiating and maintaining bilateral agreements with local authorities. These factors tend to differ from other at-risk groups such as political dissidents [23], [22], [27], [15], [26] and journalists [29], [30], [24] whose activities can be carried out individually, or in small groups, with no or little support from authorities. As a result, whereas journalists generally depend on their own security practices and that of their sources, humanitarian workers must consider a multitude of other factors such as the engagement, acceptance, and trustworthiness of the local actors and infrastructure, the confidentiality of their physical location, and the specific Privileges and Immunities (P&I) recognized in their delegation's bilateral agreement.…”

Section: Resultsmentioning

confidence: 99%

“…Although this study shares similarities with recent work on computer security for political dissidents and journalists, humanitarian action differs in terms of organizational structure, data flows, and threat models. First, unlike political dissidents who often act individually or as part of small nongovernmental organizations (NGOs) [23], [22], [27], [15], [26], to be effective, humanitarian action needs considerable logistical support, generally from a large organization, which significantly complicates the security of the corresponding data flows. In this respect, humanitarian action is more akin to journalism for large media outlets.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On Enforcing the Digital Immunity of a Large Humanitarian Organization

Blond

Cuevas

Troncoso-Pastoriza

et al. 2018

2018 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Humanitarian action, the process of aiding individuals in situations of crises, poses unique information-security challenges due to natural or manmade disasters, the adverse environments in which it takes place, and the scale and multidisciplinary nature of the problems. Despite these challenges, humanitarian organizations are transitioning towards a strong reliance on the digitization of collected data and digital tools, which improves their effectiveness but also exposes them to computer-security threats. In this paper, we conduct a qualitative analysis of the computer-security challenges of the International Committee of the Red Cross (ICRC), a large humanitarian organization with over sixteen thousand employees, an international legal personality, which involves privileges and immunities, and over 150 years of experience with armed conflicts and other situations of violence worldwide. To investigate the computer security needs and practices of the ICRC from an operational, technical, legal, and managerial standpoint by considering individual, organizational, and governmental levels, we interviewed 27 field workers, IT staff, lawyers, and managers. Our results provide a first look at the unique security and privacy challenges that humanitarian organizations face when collecting, processing, transferring, and sharing data to enable humanitarian action for a multitude of sensitive activities. These results highlight, among other challenges, the trade-offs between operational security and requirements stemming from all stakeholders, the legal barriers for data sharing among jurisdictions; especially, the need to complement privileges and immunities with robust technological safeguards in order to avoid any leakages that might hinder access and potentially compromise the neutrality, impartiality, and independence of humanitarian action.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

On Enforcing the Digital Immunity of a Large Humanitarian Organization

Blond

Cuevas

Troncoso-Pastoriza

et al. 2018

2018 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…Studies outlined the complex nature of social engineering and enterprise security but have not fully explored the value each component could provide an organization. Moreover, the review of literature facilitates discussions on the characterization of a social engineer, explanations of the social engineering and design process, and what social engineers do (Marczak & Paxson, 2017). Even though Weaver, Furr, and Norton (Wardono et al, 2017) outlined a convenient historical perspective of engineering ethics, inconsistencies still exist pertaining to what social engineers do.…”

Section: Literature Reviewmentioning

confidence: 99%

The Effects Of Social Engineering On Enterprise Security

Jackson¹

2021

Scha

View full text Add to dashboard Cite

The focus of this research was to explore present control methods and solutions used throughout technology-based, healthcare-based, and manufacturing-based organizations in southwest Georgia to determine their effectiveness for reducing potential threats. Semi-structured interviews with open-ended questions are used to explore 30 information technology professionals' lived experiences with IT security policies and procedures. Two research questions guided the qualitative exploratory case study: How important is social engineering and enterprise security to the organization? and How are organizations evaluating and managing existing organizational solutions? Several themes emerged: (a) lack of education and inadequate information can affect the decision-making process, (b) response times from management is a key factor in reducing threats, (c) a sense of failure is always present, (d) failed IT policy management can increase organizational vulnerability, and (e) social engineering still has a negative stigma in the business environment. The findings suggest that although steps were made to change the perception of social engineering and enterprise security, additional work is needed to ensure employees are aware of how social engineering and enterprise security can affect their organization productivity. Key Words: Information systems, information technology, social engineering, enterprise security, control methods, policies, procedures, management

show abstract

“…Activists, journalists and lawyers have a need to use secure communication technology, specifically email, but often face obstacles in adoption [25]. E2EE messengers such as Signal [21] provide easier-to-use alternatives, but because these tools lack certain functionality, users continue to opt for less secure alternatives in order to work effectively [1,5,26,29,33].…”

Section: Introductionmentioning

confidence: 99%

The Motivated Can Encrypt (Even with PGP)

Borradaile

Kretschmer

Gretes

et al. 2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Existing end-to-end-encrypted (E2EE) email systems, mainly PGP, have long been evaluated in controlled lab settings. While these studies have exposed usability obstacles for the average user and offer design improvements, there exist users with an immediate need for private communication, who must cope with existing software and its limitations. We seek to understand whether individuals motivated by concrete privacy threats, such as those vulnerable to state surveil-lance, can overcome usability issues to adopt complex E2EE tools for long-term use. We surveyed regional activists, as surveillance of social movements is well-documented. Our study group includes individuals from 9 social movement groups in the US who had elected to participate in a workshop on using Thunder-bird+Enigmail for email encryption. These workshops tool place prior to mid-2017, via a partnership with a non-profit which supports social movement groups. Six to 40 months after their PGP email encryption training, more than half of the study participants were continuing to use PGP email encryption despite intervening widespread deployment of simple E2EE messaging apps such as Signal. We study the interplay of usability with social factors such as motivation and the risks that individuals undertake through their activism. We find that while usability is an important factor, it is not enough to explain long term use. For example, we find that riskiness of one’s activism is negatively correlated with long-term PGP use. This study represents the first long-term study, and the first in-the-wild study, of PGP email encryption adoption.

show abstract

Social Engineering Attacks on Government Opponents: Target Perspectives

Cited by 13 publications

References 3 publications

On Enforcing the Digital Immunity of a Large Humanitarian Organization

On Enforcing the Digital Immunity of a Large Humanitarian Organization

The Effects Of Social Engineering On Enterprise Security

The Motivated Can Encrypt (Even with PGP)

Contact Info

Product

Resources

About