Difference between revisions of "Cyberhunt Capture the Flag"

From das_wiki
Jump to: navigation, search
Line 25: Line 25:
 
   <li>'''How it works?'''
 
   <li>'''How it works?'''
 
     <ul>
 
     <ul>
       <li>Use a screenshot of the email to show how it works</li>
+
       <li>[[File:EmailTemp.png|600px]]</li>
 
     </ul>
 
     </ul>
 
   </li>
 
   </li>

Revision as of 13:11, 4 December 2019

Welcome to Cyberhunt, the privacy capture the flag competition!

Overview

    In a generation where technology is essential to our daily living, do we really think about how secure our assets are? Our project provides a unique approach to cyber security and privacy. Instead of a typical approach of feeding mass amounts of information to users, our project allows users to be more immersed in the world of cyber security and privacy. Our simulations will give the user an offensive/ hacker-like approach which in-turn will educate them on effective defensive cyber security techniques. In order to beat the hacker, you have to think like a hacker.

    Our goal is to educate and raise awareness on the importance of Cyber Security. Technology in the information age is a double edged sword. The more we immerse ourselves in technology, the more people will exploit technology for their own personal agenda. We aim to mitigate this exploitation of technology by educating people on how to defend their information against cyber-attacks

Challenge 1: Link Shim Attack


Congratulations! You just became a victim of a link shimming attack.

  • What is a link shim attack?
    • It is 'the practice of obfuscating URLs in emails for tracking purposes, to track which links you click on. Link shimming, and link tracking more generally, is commonly used on the web by search engines and social media companies.' Attackers can also use it to take information that was not approved by the victim.
  • How it works?
    • EmailTemp.png
  • How to prevent it?
    • Before you click a link in an email, you can hover over the link to see that it is different from the text. Copy and paste the link into your address bar to make sure that you are going to the right address.


Challenge 2: Linkage Attack

What is a Linkage Attack?

  • A linkage attack is a method cyber criminals use to identify individuals using a data set by combining information from one data set with another. These cyber criminals use pieces of information named Quasi-identifiers. Quasi-identifiers are pieces of information that are not meaningful alone. However, when they are combined with other Quasi-identifiers they can create a picture that can identify an individual.Examples of Quasi-identifiers are, postal code, date of birth, salary, transaction history, etc.
  • Alone each of these Quasi-identifiers is not specific enough to identify an individual. However, when combined the likelihood of identifying an individual is much higher. Linkage attacks are one of the most commonly used cyber-attacks because seemingly non harmful data is often enough to identify an individual.

In our demonstration we want the user to experience what it’s like to conduct a linkage attack.

  • In our challenge the user will be simulating a linkage attack by collecting information on individuals based off of data provided on social media platforms (Instagram, Snapchat)

Scenario

  • The Boyfriend, ((Will), which is who you are in this simulation), believes his Girlfriend has been acting weird lately. His suspicions lead him to believe his girlfriend has been cheating on him. So he decides to conduct a linkage attack using snapchat and Instagram as sources. You are the boyfriend. Use the information provided in snapchat and Instagram to find out who your girlfriend is cheating on you with (Stacey is your GF). You will use snapchat to narrow down your suspects. Then you will use Instagram to find a relationship between Stacy (the girlfriend), suspect friends, and a suspect finsta profile. With this information you will be able to decipher the owner of the finsta profile. Which will link you to the person your girlfriend is cheating on you with.
  • The user will use the data sets provided to conduct a linkage attack to figure out who his girlfriend is cheating on him with.

Snapchat Emoji key

SnapchatTable.png

Snapchat Screenshot

SnapchatScreenshot.png

Instagram Data Table

InstagramDataTable.png

Step-by-Step instructions

  1. Examine the emojis on the snapchat screenshot and the names associated with them. The smiling face means that the snapchat profile are best friends. The grimacing face means that your profile and that snapchat profile have the same #1 best friend.
  2. Go to instagram and look at the people that Tony and Mike follow.
  3. Look for the finsta account that only Tony, Mike, Stacy, and Tina follow and try to follow it.
  4. Look through Mike and Tony’s pictures and find what the finsta accounts likes.
    • Notice that Stacy likes the same pictures
  5. Fill out the table to help you understand and follow along easier.
  6. When you fill out the table, you will be able to make a confident conclusion on who the finsta belongs to.