It is an ordinary day working from home, and you are part of a team that regularly interacts over email. Since this is your main line of communication, the company trained you to spot phishing emails. You’ve learned to skip over emails that exhibit obvious phishing red flags: suspicious links, attachments, grammar errors, etc. You just received an email from your boss about a major project on which you play a critical role. The email is more demanding than usual, even impolite. Your boss has generally seemed more upset with you lately, so you approach them to express your concerns and clear the air. Your boss is not receptive to your feedback. This causes a rift that impacts your working relationship, compromising the effectiveness and productivity of the entire team. You have been a victim of an Ambient Tactical Deception (ATD) attack. We developed and tested a proof-of-concept social engineering attack targeting web-based email users. The attack is executed through a malicious browser extension that acts as a man-in-the-middle and reformats the textual content to alter the emotional tone of the email. The objective of ATD is not stealing credentials or data. ATD seeks to coerce a user to the attacker’s desired behavior via the subtle manipulation of trusted interpersonal relationships. It works on Facebook, Twitter, Reddit, you name it.
When: Friday, September 20, 2019, 1-2:00pm
Where: CDM Theater 708
Who: Filipo Sharevski, Assistant Professor, College of Computing and Digital Media at DePaul University
Speaker bio: Filipo Sharevski is a cybersecurity researcher and tactician who constructs and manipulates reality as it unfolds across the cyber-physical spaces and within power structures, particularly focused on social engineering, reality interventions, resistances, and low-intensity cyberwarfare. His academic work has been published internationally, including a book on cellular network forensics, cybersecurity curriculum under the Cybersecurity National Action Plan (CNAP), and academic articles in renewed cybersecurity journals and conferences. His research areas include: Ambient Tactical Deception; malicious user experience design; secure design, divergence and deception in human communication and interaction; psychological operations; cyberwarfare; behavioral security in cellular and cyber-physical systems. Dr. Sharevski holds a PhD in Interdisciplinary Cybersecurity from Purdue University, West Lafayette. He is currently an Assistant Professor in the College of Computing and Digital Media at DePaul University, where he co-founded and co-Directs Divergent Design Lab. He also leads the 5G De-Mobile Lab focused on behavioral security and forensics research in future cellular networks.