Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Basic Study on Targeted E-mail Attack Method Using OSINT

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 926))

Abstract

In recent years, attackers have easily gained considerable information on companies and individuals using open source intelligence (OSINT), thereby increasing the threat of targeted attacks. In light of such a situation, modeling the synergistic effect of OSINT and targeted attacks will be an effective measure against these attacks. In this paper, we formulate a state transition model that defines the process by which attackers gather a target’s information by using OSINT tools. Then we categorize the targeted e-mails that the attackers can generate in each state. The results of the analysis can be used by the victims to estimate the extent of attacks from the contents of the targeted e-mails, and to take appropriate measures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Each OSINT tool has its own characteristics, and “input information” for the OSINT tool and “collectable information” obtained as output from the input information are partially different for each tool. Due to space limitations, the list of “input information” and “collectable information” of each OSINT tool is omitted.

  2. 2.

    When we actually tried OSINT activities, it was rare (only when the customer management database is in an open state etc., due to misconfiguration etc.,); the case where the address could be acquired by the OSINT tool. Therefore, excluding addresses in this analysis is reasonable, also from the meaning that the address is not “information that can be easily acquired by the OSINT tool.”

  3. 3.

    In the case of a large-scale organization, there may be people with the same first and last name, but here we consider an organization of moderate scale.

References

  1. Acquisti, A., Gross, R., Stutzman, F.: Face recognition and privacy in the age of augmented reality. J. Priv. Confidentiality 6, 1–20 (2014)

    Google Scholar 

  2. Rainie, L., Kiesler, S., Kang, R., Madden, M., Duggan, M., Brown, S., Dabbish, L.: Anonymity, privacy, and security online. Pew Research Center (2013)

    Google Scholar 

  3. Ball, L.D., Ewan, G., Coull, N.J.: Undermining-social engineering using open source intelligence gathering. In: Proceedings of 4th International Conference on Knowledge Discovery and Information Retrieval (KDIR), pp. 275–280. SciTePress-Science and Technology Publications (2012)

    Google Scholar 

  4. Best, C.: OSINT, the internet and privacy. In: EISIC, p. 4 (2012)

    Google Scholar 

  5. INFOSEC: Top Five Open Source Intelligence (OSINT) Tools. https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/. Accessed 30 July 2018

  6. IntelTechniques.com: Buscador OSINT VM. https://inteltechniques.com/buscador/index.html. Accessed 3 Aug 2018

  7. Chen, S., Fitzsimons, G.M., Andersen, S.M.: Automaticity in close relationships. In: Social Psychology and the Unconscious: The Automaticity of Higher Mental Processes, pp. 133–172 (2007)

    Google Scholar 

  8. Japan Pension Service: Investigation Result Report on Information Leakage Cases due to Unauthorized Access (in Japanese). https://www.nenkin.go.jp/files/kuUK4cuR6MEN2.pdf. Accessed 7 Aug 2018

  9. Edwards, M., Larson, R., Green, B., Rashid, A., Baron, A.: Panning for gold: automatically analysing online social engineering attack surfaces. Comput. Secur. 69, 18–34 (2017)

    Article  Google Scholar 

  10. Silic, M., Back, A.: The dark side of social networking sites: understanding phishing risks. Comput. Hum. Behav. 60, 35–43 (2016)

    Article  Google Scholar 

  11. Singh, A., Thaware, V.: Wire Me Through Machine Learning. Black Hat, USA (2017)

    Google Scholar 

  12. Iwata, K., Nakamura, Y., Inamura, H., Takahashi, O.: An automatic training system against advanced persistent threat. In: 2017 Tenth International Conference on Mobile Computing and Ubiquitous Network (ICMU), pp. 1–2. IEEE (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Shizuoka University, 3-5-1 Johoku, Naka, Hamamatsu, Shizuoka, 432-8011, Japan

    Kota Uehara, Kohei Mukaiyama, Masahiro Fujita & Masakatsu Nishigaki

  2. Mitsubishi Electric Corporation, 5-1-1, Ofuna, Kamakura, Kanagawa, 247-8501, Japan

    Hiroki Nishikawa, Takumi Yamamoto & Kiyoto Kawauchi

Authors
  1. Kota Uehara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kohei Mukaiyama
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Masahiro Fujita
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hiroki Nishikawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Takumi Yamamoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Kiyoto Kawauchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Masakatsu Nishigaki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masakatsu Nishigaki .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

  2. Department of Advanced Sciences, Hosei University, Koganei-Shi, Tokyo, Japan

    Makoto Takizawa

  3. Department of Computer Science, Technical University of Catalonia, Barcelona, Barcelona, Spain

    Fatos Xhafa

  4. Faculty of Business Administration, Rissho University, Tokyo, Japan

    Tomoya Enokido

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Uehara, K. et al. (2020). Basic Study on Targeted E-mail Attack Method Using OSINT. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2019. Advances in Intelligent Systems and Computing, vol 926. Springer, Cham. https://doi.org/10.1007/978-3-030-15032-7_111

Download citation

Publish with us

Policies and ethics

Search

Navigation