Can we turn the tables on cyberattackers who use social engineering to obtain private information from unsuspecting victims? That is the goal of a new program being developed by computer scientists at HRL Laboratories, LLC.
“Our goal is to create defense systems against social engineering attackers,” said HRL researcher Tiffany Kim. “These hackers are not the typical ones we think of trying to break into computer systems surreptitiously. They research a potential victim’s social media presence, gather information, then approach the person with what looks like a legitimate social connection. That approach is often a phishing email that says the victim’s friend or family member is in trouble and needs money. The attacker uses information gleaned from his or her research to give the victim a false sense of security based on the attacker’s seeming familiarity. That can be leveraged to gain financial or other sensitive information, resulting in disaster.”
Kim and her team are creating a defense system that aims to exploit attackers’ methods by drawing them in with automated responses to their behavior. Then the system seeks to gather as much personal information on an attacker as possible, including identifying individual bad actors and any agencies that might be behind them.
The HRL system is called Continuously Habituating Elicitation Strategies for Social Engineering Attacks, CHESS. The CHESS project is part of a program from the Defense Advanced Research Projects Agency (DARPA) called Active Social Engineering Defense, or ASED, the goal of which is “to automatically identify, disrupt and investigate spear-phishing and social engineering attacks via bot-mediated communications.”
The CHESS system design aims to protect multiple victims that an attacker tends to target, across various media, including email, social media, and text messages. CHESS seeks to activate virtual bots that act on behalf of victims and control communications with the attacker across all media. Rather than relinquishing victims’ personal information as the attacker intended, the CHESS system aims to revert the information flow and lead the attacker to reveal his or her own information and intentions. CHESS aims to generate a set of optimal strategies to engage the attacker and elicit their information, while minimizing release of victims’ information.
Distribution Statement “A” – Approved for Public Release, Distribution Unlimited.
HRL Laboratories, LLC, Malibu, California (hrl.com) is a corporate research-and-development laboratory owned by The Boeing Company and General Motors specializing in research into sensors and materials, information and systems sciences, applied electromagnetics, and microelectronics. HRL provides custom research and development and performs additional R&D contract services for its LLC member companies, the U.S. government, and other commercial companies.
Media Inquiries: media[at]hrl.com, (310) 317-5000