The most expensive domain name thus far in history was stolen in 1995 by sending a fax to the domain registrar. The same attack worked again in 2013 to hijack the DNS of another website. A FAX. In 2013. In 2015, a teenage hacker collective obtained control of the CIA Director's email, partial credit card number etc. In 2016, the Director of National Intelligence and the Director of the Office of Science and Technology Policy were hacked by the same group in the same way. A quick search reveals an alarming number of such attacks where the initial attacks were widely publicized and the vulnerabilities hence previously known, with most requiring little effort and often no cost to patch. So where exactly is the status quo failing? And what exactly is this problem? Social engineering attack? Identity theft? Something else?
It will quickly be evident that the complexity of thought required for the modeling, analysis, and detection of these types of attacks, ironically, belies the simplicity in their perpetration. There cannot be an effective solution without a comprehensive problem description; conventional theories fail to capture this problem meaningfully. This talk addresses the problems in the status quo and illustrates a methodology to comprehensively address this problem. Some very interesting findings from penetration tests are also discussed.
Paruchuri recently graduated from Dartmouth College with a Master's degree in Computer Science, specializing in Information Security and Privacy. She also pursued relevant programs in business studies and law at the Tuck School of Business at Dartmouth and at the National Law School of India University respectively. She previously worked at the Global Research and Healthcare divisions of the General Electric Company (GE), the Aerospace Department of the Indian Institute of Science (IISc), Tecnológico de Monterrey Campus Ciudad de México (TEC), and the Institute for Security, Technology, and Society (ISTS) at Dartmouth College. Her research focuses on analyzing the complex interplay between technology, public policy, law, and business to meaningfully solve interdisciplinary socio-technical problems.