Abstract
In recent years, attackers have easily gained considerable information on companies and individuals using open source intelligence (OSINT), thereby increasing the threat of targeted attacks. In light of such a situation, modeling the synergistic effect of OSINT and targeted attacks will be an effective measure against these attacks. In this paper, we formulate a state transition model that defines the process by which attackers gather a target’s information by using OSINT tools. Then we categorize the targeted e-mails that the attackers can generate in each state. The results of the analysis can be used by the victims to estimate the extent of attacks from the contents of the targeted e-mails, and to take appropriate measures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Each OSINT tool has its own characteristics, and “input information” for the OSINT tool and “collectable information” obtained as output from the input information are partially different for each tool. Due to space limitations, the list of “input information” and “collectable information” of each OSINT tool is omitted.
- 2.
When we actually tried OSINT activities, it was rare (only when the customer management database is in an open state etc., due to misconfiguration etc.,); the case where the address could be acquired by the OSINT tool. Therefore, excluding addresses in this analysis is reasonable, also from the meaning that the address is not “information that can be easily acquired by the OSINT tool.”
- 3.
In the case of a large-scale organization, there may be people with the same first and last name, but here we consider an organization of moderate scale.
References
Acquisti, A., Gross, R., Stutzman, F.: Face recognition and privacy in the age of augmented reality. J. Priv. Confidentiality 6, 1–20 (2014)
Rainie, L., Kiesler, S., Kang, R., Madden, M., Duggan, M., Brown, S., Dabbish, L.: Anonymity, privacy, and security online. Pew Research Center (2013)
Ball, L.D., Ewan, G., Coull, N.J.: Undermining-social engineering using open source intelligence gathering. In: Proceedings of 4th International Conference on Knowledge Discovery and Information Retrieval (KDIR), pp. 275–280. SciTePress-Science and Technology Publications (2012)
Best, C.: OSINT, the internet and privacy. In: EISIC, p. 4 (2012)
INFOSEC: Top Five Open Source Intelligence (OSINT) Tools. https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/. Accessed 30 July 2018
IntelTechniques.com: Buscador OSINT VM. https://inteltechniques.com/buscador/index.html. Accessed 3 Aug 2018
Chen, S., Fitzsimons, G.M., Andersen, S.M.: Automaticity in close relationships. In: Social Psychology and the Unconscious: The Automaticity of Higher Mental Processes, pp. 133–172 (2007)
Japan Pension Service: Investigation Result Report on Information Leakage Cases due to Unauthorized Access (in Japanese). https://www.nenkin.go.jp/files/kuUK4cuR6MEN2.pdf. Accessed 7 Aug 2018
Edwards, M., Larson, R., Green, B., Rashid, A., Baron, A.: Panning for gold: automatically analysing online social engineering attack surfaces. Comput. Secur. 69, 18–34 (2017)
Silic, M., Back, A.: The dark side of social networking sites: understanding phishing risks. Comput. Hum. Behav. 60, 35–43 (2016)
Singh, A., Thaware, V.: Wire Me Through Machine Learning. Black Hat, USA (2017)
Iwata, K., Nakamura, Y., Inamura, H., Takahashi, O.: An automatic training system against advanced persistent threat. In: 2017 Tenth International Conference on Mobile Computing and Ubiquitous Network (ICMU), pp. 1–2. IEEE (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Uehara, K. et al. (2020). Basic Study on Targeted E-mail Attack Method Using OSINT. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2019. Advances in Intelligent Systems and Computing, vol 926. Springer, Cham. https://doi.org/10.1007/978-3-030-15032-7_111
Download citation
DOI: https://doi.org/10.1007/978-3-030-15032-7_111
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15031-0
Online ISBN: 978-3-030-15032-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)