COGNITIVE HACKING AND THE VALUE OF INFORMATION

1. COGNITIVE HACKING AND THE VALUE OF INFORMATION George Cybenko Annarita Giani Paul Thompson Thayer School of Engineering and Institute for Security Technology Studies Dartmouth College Hanover, NH

2. Overview • Definition • Comparison with related concepts • Examples • Information Theory Model • Applications • Countermeasures • Future work

3. Definition COGNITIVE HACKING A networked information system attack that relies on changing human users' perceptions and corresponding behaviors in order to be successful. Key elements: • Requires the use of an information system - not true for all social engineering • Requires a user to change some behavior- not true for all hacking Exploits our growing reliance on networked information sources

4. Related concepts MITNICK ATTACK PKI POLICY Hosts perimeter defense backups encryption Coffee Email exchange asking for a password • Propaganda • Advertising • Social Engineering • Semantic Hacking • Computer Security • Information Warfare Fire cryptology HAMMER INTRUSION DETECTION Virus authentication protocols VULNERABILITY SCANNERS AUDITING FIREWALLS honeypots Social Engineering TCP WRAPPERS Smurf attacks Cognitive Hacking Warm PHYSICAL ATTACKS AUTONOMOUS ATTACKS COGNITIVE ATTACKS Telephone call to ask for a SSN Web page hacking Misinformation Web defacement Spoofing

5. Types Hacking with the Goal of Modifying User Behavior 1. NEI Webworld pump and dump 2. Jonathan Lebed case 3. Fast-trades.com website pump and dump 4. PayPal.com 5. EMULEX 6. Non-financial fraud-search engine optimization 7. Non-financial fraud - CartoonNetwork.com 8. Bogus virus patch report 9. Usenet perception management 10. Hamas site 11. Ariel Sharon site 12. New York Times site 13. Yahoo site 14. Afghanistan related web sites 15. Fluffi Bunni declares Jihad 16. CNN site 17. WTO site

6. Example (1) On 7 October 2001. “Singer Britney Spears Killed in Car Accident”. Due to a bug in CNN’s software, when people at the spoofed site clicked on the “E-mail This” link, the real CNN system distributed a real CNN e-mail to recipients with a link to the spoofed page. With each click at the bogus site, the real site’s tally of most popular stories was incremented for the bogus story. Allegedly this hoax was started by a researcher who sent the spoofed story to three users of AOL’s Instant Messenger chat software. Within 12 hours more than 150,000 people had viewed the spoofed page.

7. Example (2) THE-REV | SPLURGE Sm0ked crew is back and better than ever! “Well, admin I’m sorry to say by you have just got sm0ked by splurge. Don’t be scared though, everything will be all right, first fire your current security advisor . . .” In February 2001 the New York Times web site was defaced by a hacker identified as “splurge” from a group called “Sm0ked Crew”, which had a few days previously defaced sites belonging to Hewlett-Packard, Compaq, and Intel.

8. Models of Cognitive Hacking - Information Theory • Horse race • Stock portfolio • Theory of the firm Possible Frameworks A cognitive hacker might lure an indecisive gambler (investor) to invest money on false prospects. In this case it would be useful to understand how sensitive the function W is to p and o and tamper with the datain order to convince a gambler that it is: a. worth playing b. playing a certain way

9. Horse race model A horse race is a system defined by the following ingredients (see [Cover and Thomas - “Elements of Information Theory” ]): • there are n horses in a race. • each horse i is assigned a probability pi of winning the race • each horse i is assigned an odds signifying that a gambler that bet bi dollars on horse i would win bioi dollars in case of victory (and suffer a total loss in case of defeat). • W is the “doubling rate”, that is, after k plays, the expected value of the gambler’s assets are 2Wk

10. Horse race model analysis O1= 1 O1= 5 O1= 500 p p p ANALYSIS

11. Apply the model to the Emulex exploit • Mark Jakob, shorted 3,000 shares of Emulex stock for $72 and $92 • Price rose to $100 • Jakob lost almost $100,000 He retaliated with a cognitive hack • Sends false press release to Internet Wire Inc. • Claims Emulex Corporation being investigated by the SEC • Claims company was forced to restate 1998 and 1999 earnings. He manipulated earning $236,000 ~ successful new product release imminent ~ the company is under investigation

12. Stock Portfolio Analysis • Better model for cognitive hacking, e.g., for the Emulex example • Not yet developed – future work

13. Theory of the Firm • Market analysis and assumption of perfect, costless information inadequate to describe firms • More efficient, automated information flow lowers both transaction and organization costs • Information systems susceptible to cognitive hacking

14. Possible Countermeasures • Single source • Authentication of source • Information "trajectory" modeling • Ulam games • Multiple Sources • Source Reliability via Collaborative Filtering and Reliability reporting • Byzantine Generals Models • Detection of Collusion by Information Sources • Linguistic Analysis , e.g. Determination of common authorship

15. Future work • Working with Securities and Exchange Commission– Office of Internet Enforcement • Development of Software toolsto: • Detect misinformation • Detect common authorship