May 29, 2014
Astroturf Social Engineering
“The application of falsified sociological principles “a con game” to change specific behaviors or perceptions towards a wide scale audience that ultimately ends up exploiting a system or exposing sensitive information. “
What is Astroturfing?
The practice of masking the originator of multiple identities to change public perceptions in favor of one’s agenda. (e.g. political, advertising, religious or public relations)
What is Social Engineering?
Social engineering describes a non-technical kind of intrusion that relies heavily on human interaction and often involves gaining the confidence of an authorized user to break through normal security procedures confidence of an authorized user. Social engineers appeal to various human weaknesses of persuasion such as exploiting vanity, an appeal to authority, an appeal to greed, or just plain old-fashioned eavesdropping techniques.
Examples of Astroturf Social Engineering:
Falsified ‘spam’ and ‘news’ techniques are commonplace for attempting to influence and manipulate the stock market, especially in western societies. Imagine an anonymous individual which operates many twitter personas to spread the impression of widespread panic of falsified twitter posts and fake news of an impending exploit on cypher-currencies such as Bitcoins. The difference here involves one person acting on behalf of millions of fake accounts to give the perspective that the collective is panicking on a fake bitcoin exploit.
Another example would be one ‘herder’ responding with 1000 personas to comment on digital news articles directing users to goto the competitor or phishing site on falsified intentions. Perhaps the 1000 comments suggest that anyone who doesn’t give their social security number to linked company website opened you to increased tax. Users may think, wow 1000 users can’t be wrong, and follow the instructions!! The same thing could be used on forums or other online communities.
Astroturf Social Engineering is similar to a longlining attack which is defined as high volume, mass customized phishing techniques with just a few emails looking alike, but different in it’s approach.