Social engineering warfare as a tactic of information warfare
DOI:
https://doi.org/10.46941/2024.2.3Keywords:
information warfare, information operations, social engineering, cyber warfare, TTP.Abstract
Information warfare encompasses a set of tactics and techniques used to spread disinformation. Adversaries use these strategies to run information operations to manipulate individuals, groups, and society. Owing to the current widespread information warfare, studying the phenomenon to identify effective and efficient means of combating information operations is very important. One prerequisite for the efficient and effective suppression of information operations is an awareness of the tactics and techniques of information warfare. Identifying these tactics and techniques will take some time because of the large number of options at the disposal of those who spread disinformation. This study contributes to this endeavour by analysing social engineering as a technique of information operations. Treating social engineering as a technique of information warfare is a novel approach because social engineering is usually associated with cyber security and is rarely discussed in conjunction with information warfare. We show that social engineering can be used in information operations without requiring significant adaptations. We also argue that social engineering should be treated as a distinct domain and activity, separate from both cyber security and information warfare. While both cyber security and information warfare can use social engineering in their operations, they remain distinct activities that require unique knowledge and skillsets.
References
Bullée, J. W., Montoya, L., Pieters, W., Junger, M., and Hartel, P. (2018) ‘On the anatomy of social engineering attacks - A literature-based dissection of successful attacks’, Journal of investigative psychology and offender profiling, 15(1), pp. 20-45; https://doi.org/10.1002/jip.1482.
Cialdini, R. B. (2003) Influence. At Work.
Cordey, S. (2019) Cyber Influence Operations: An Overview and Comparative Analysis. Zurich: ETH Zurich.
Courea, E. (2024) Far-right disorder had ‘clear’ Russian involvement, says ex-MI6 spy. [Online]. Available at: https://www.theguardian.com/politics/article/2024/aug/11/far-right-disorder-had-clear-russian-involvement-says-ex-mi6-spy (Accessed: 20 August 2024).
EU Council puts SBK ART on sanctions list. Retrieved from Fortenova Group – News. [Online]. Available at: https://fortenova.hr/en/news/eu-council-puts-sbk-art-on-sanctions-list/ (Accessed: 21 December 2022).
Fortenova Group on false accusations of Nikola Grmoja and Zvonimir Troskot, MPs, representatives of Most political party. [Online]. Available at: https://fortenova.hr/en/news/fortenova-group-on-false-accusations-of-nikola-grmoja-and-zvonimir-troskot-mps-representatives-of-most-political-party/ (Accessed: 8 January 2024).
Groš, S. (2024) Information Warfare Tactics and Technics. in K. Zombory and J. E. Szilágyi (eds.), Shielding Europe with the Common Security and Defence Policy: The EU Legal Framework for the Development of an Innovative European Defence Industry in Times of a Changing Global Security Environment, Budapest: Studies of the Central European Professors' Network, CEA Publishing. https://doi.org/10.54237/profnet.2024.zkjeszcodef_16
Hatfield, J. M. (2018) ‘Social engineering in cybersecurity: The evolution of a concept’, Computers & Security, 73, pp. 102-113.
Grmoja optužio Peruška da je oštetio Fortenovu u korist Vujnovca. Fortenova: Nije. [Online]. Available at: https://www.index.hr/vijesti/clanak/grmoja-optuzio-peruska-da-je-ostetio-fortenovu-u-korist-vujnovca-fortenova-nije/2527220.aspx (Accessed: 16 August 2024).
Lindsay, M., Grewar, C. (2024) Social media misinformation 'fanned riot flames' [Online]. Available at: https://www.bbc.com/news/articles/c70jz2r4lp0o (Accessed: 9 August 2024).
Mitnick, K. D., Simon, W. L. (2005) The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers (2nd ed.). Wiley.
Mitnick, K. D., William, S. L. (2003) The art of deception: Controlling the human element of security. John Wiley & Sons.
Mouton, F., Leenena, L., Venter, H. (2016) ‘Social engineering attack examples, templates and scenarios’ Computers & Security, 59, pp. 186-209.
Oppenheim, M. (2024) Woman named as first to share false Southport suspect rumour before riots says mistake ‘destroyed’ her. [Online]. Available at: https://www.independent.co.uk/news/uk/home-news/riots-southport-stabbings-suspect-bonnie-spofforth-b2593226.html (Accessed: 9 August 2024).
Oxford Learner's Dictionaries. Social engineering. [Online]. Available at: https://www.oxfordlearnersdictionaries.com/definition/english/socialengineering?q=social+engineering (Accessed: 9 August 2024).
Palmertz, B. (2021) Influence operations and the modern information environment. in M. Welssmann, N. Nilsson, B. Palmertz, P. Thunholm, Hybrid Warfare: Security and Asymmetric Conflict in International Relations. London: Bloomsbury Collections. pp. 113-131; https://doi.org/10.5040/9781788317795.0014.
Explainer: Why are there riots in the UK and who is behind them? [Online]. Available at: https://www.reuters.com/world/uk/why-are-there-riots-uk-who-is-behind-them-2024-08-07/ (Accessed: 8 August 2024).
Steinmetz, K. F., Pimentel, A., and Goe, R. (2021) ‘Performing Social Engineering: A Qualitative Study of Information Security Deceptions’ Computers in Human Behavior, 124; https://doi.org/10.1016/j.chb.2021.106930.
Stoica, A. (2021) ‘Social engineering as the new deception game’, Romanian Journal of Information Technology and Automatic Control, 31(3), pp. 57-68; https://doi.org/10.33436/v31i3y202105.
Wardle, C., Derakhshan, H. (2017). Information disorder: Toward an interdisciplinary framework for research and policymaking (Vol. 27). Strasbourg: Council of Europe.
Weedon, J., Nuland, W., Stamos, A. (2017) Information operations and Facebook. [Online]. Available at: https://fbnewsroomus.files.wordpress.com/2017/04/facebook-and-information-operations-v1.pdf (Accessed: 8 August 2024).
Yamat, R., Whitehurst, L. (2024) Ex-FBI informant charged with lying about Bidens had Russian intelligence contacts, prosecutors say. [Online]. Available at: https://apnews.com/article/hunter-biden-fbi-informant-joe-biden (Accessed: 30 July 2024).
Yasin, A., Rubia, F., Liu, L., Wang, J., Ali, R., Wei, Z. (2021) ‘Understanding and deciphering of social engineering attack scenarios‘, Security and Privacy, 4(4); https://doi.org/10.1002/spy2.161.
Zouguang, W., Hongsong, Z., Limin, S. (2021) ‘Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities and attack methods’, IEEE Access, pp. 11895-11910; https://doi.org/10.1109/ACCESS.2021.3051633.