SURVEY OF SOCIAL ENGINEERS AND THE VALIDITY OF DEFENSIVE TECHNIQUES

ECU Author/Contributor (non-ECU co-authors, if there are any, appear on document)

Adrian D Austin (Creator)

Institution

East Carolina University (ECU )

Web Site: http://www.ecu.edu/lib/

Abstract: In the context of information technology, social engineering is a nexus of computers and humans. Defenders need to know how hackers and other deviant actors attempt to interact with users. Social engineers are sometimes the professionals who perform deviant behavior for a positive purpose to assist users in knowing what to look for when another actor performs a deviant act for fraudulent purposes.\n The purpose of this research was to ask questions of social engineers on both sides of the rule of law to determine if the current defensive techniques used to protect against deviant actors are having a positive effect on defense against said actors. The project utilized an Internet-based mixed methods survey sent to social engineers found using Reddit, a social media site.\n The project was begun with a series of questions devised to reduce the project’s scope further. The questions were left with open-ended sections to allow for further research later. The questions were then placed in a survey created in Redcap, a program designed for distributing surveys included on the Internet. The social media site Reddit was chosen to distribute the survey. This was due in part to the Reddit being one of the world’s top visited sites and the groups that were surveyed tended towards being more deviant than others based on the subject matter viewed. The survey was conducted for 2 months, and only 12 partial surveys were completed, at which point an interview was conducted with a person from the National Institute of Standards and Technology (NIST). Per the interview, it was determined that the main reason the survey did not succeed was due in part to the lack of being known in the community. Paraphrasing Stewart (2003), Borum (2010), and Karlins & Navarro (2008), a person known in the community of social engineers would have had a better chance of getting completed surveys. Much of this interpersonal trust would have come due to in-group status and the theory of trust transfer. The idea behind in-group status is that one would interact with the group to be surveyed\; the researcher would then be seen as part of the group and not an interloper. Trust transfer theory is a concept that has been used in the consumer market for a while. This idea is that if a party trusts another person or entity and the new person or entity is associated with something already trusted, some of the trust can be transferred to the new entity. Trust transfer theory and in-group status contributed to the potential responders not completing the survey. Future research on this topic should endeavor to obtain in-group status before continuing\; for a future researcher, this may take months to years to achieve.

Additional Information

Publication

Thesis

Language: English

Date: 2023

Subjects

Cyber-Security, Social Engineering

Email this document to