Technical Tuesday – 6 December 2016 – Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter by John Seymour of ZeroFOX

Posted by on Dec 6, 2016 in Events Archive | No Comments

Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.

We present a recurrent neural network that learns to tweet phishing posts targeting specific users. The model is trained using spear phishing pen-testing data, and in order to make a click-through more likely, it is dynamically seeded with topics extracted from timeline posts of both the target and the users they retweet or follow. We augment the model with clustering to identify high value targets based on their level of social engagement such as their number of followers and retweets, and measure success using click-rates of IP-tracked links. Taken together, these techniques enable the world’s first automated end-to-end spear phishing campaign generator for Twitter.

Presented by: John Seymour of ZeroFOX

John Seymour is a Data Scientist at ZeroFOX, Inc. By night, he is also a Ph.D. student at University of Maryland, Baltimore County. At ZeroFOX, he drives development through internal data science and information security research. His Ph.D. dissertation topic is quantifying value in malware datasets. His Master’s thesis, on using quantum computers for malware classification, was presented at DEF CON 23. He has also spoken at BSides Charm, BSidesLV, BlackHat USA, DEF CON 24, and will be speaking at SecTor this October.