skip to main content

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 11:00 PM ET on Friday, December 13 until 2:00 AM ET on Saturday, December 14 due to maintenance. We apologize for the inconvenience.


Title: Understanding cybercriminals through analysis of penetration testing group dynamics
Cyberattacks are a major threat in the modern era, yet there is a lack of information on how cybercrime groups think and operate. This paper aims to better understand cyber adversaries by analyzing penetration testing teams during the 2018 and 2019 National Collegiate Penetration Testing Competition, in which groups of students performed similar actions as cybercriminals, attempting to identify and exploit system vulnerabilities. Using penetration testing teams as an ethical proxy for cybercrime groups allows the researchers to study group dynamics as well as factors impacting the rationality of cybercriminals. Themes identified in manually coded interview transcripts are compared to the existing literature on cybercrime groups. Similar to what is established in the prior research, themes emerged in the interviews on the group structure and dynamics of each team, featuring elements of leadership, division of labor, the role of each team member, the presence of partners and subgroups, communication within the team, and interpersonal team member relationships. Other apparent factors that specifically impacted the bounded, or limited, rationality of the team members included setbacks and problem solving, the competition environment, stress, and issues with morale. This comparison of penetration testing groups with cybercrime groups allows for the development of a better understanding of the operations and rational thinking of a criminal organization, which may lead to a better understanding of how to prevent or defend against cyberattacks, such as by improving response times of the security team or by increasing the difficulty of penetrating the technical environment  more » « less
Award ID(s):
1742747
PAR ID:
10309909
Author(s) / Creator(s):
Date Published:
Journal Name:
IEEE Cyber Science Conference
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Driven by views of teams as dynamic systems with permeable boundaries, scholars are increasingly seeking to better understand how team membership changes (i.e., team members joining and/or leaving) shape the functioning and performance of organizational teams. However, empirical studies of team membership change appear to be progressing in three largely independent directions as researchers consider: (a) how newcomers impact and are impacted by the teams they join; (b) how teams adapt to member departures; or (c) how teams function under conditions of high membership fluidity, with little theoretical integration or consensus across these three areas. To accelerate an integrative stream of research on team membership change, we advance a conceptual framework which depicts each team membership change as a discrete team-level “event” which shapes team functioning to the extent to which it is “novel,” “disruptive,” and “critical” for the team. We use this framework to guide our review and synthesis of empirical studies of team membership change published over the past 20 years. Our review reveals numerous factors, across conceptual levels of the organization, that determine the strength (i.e., novelty, disruptiveness, criticality) of a team membership change event and, consequently, its impact on team functioning and performance. In closing, we provide propositions for future research that integrate a multilevel, event-based perspective of team membership change and demonstrate how team membership change events may impact organizational systems over time and across levels of observation.

     
    more » « less
  2. null (Ed.)
    As teams of people increasingly incorporate robot members, it is essential to consider how a robot's actions may influence the team's social dynamics and interactions. In this work, we investigated the effects of verbal support from a robot (e.g., “ good idea Salim ,” “ yeah ”) on human team members' interactions related to psychological safety and inclusion. We conducted a between-subjects experiment ( N = 39 groups, 117 participants) where the robot team member either (A) gave verbal support or (B) did not give verbal support to the human team members of a human-robot team comprised of 2 human ingroup members, 1 human outgroup member, and 1 robot. We found that targeted support from the robot (e.g., “ good idea George ”) had a positive effect on outgroup members, who increased their verbal participation after receiving targeted support from the robot. When comparing groups that did and did not have verbal support from the robot, we found that outgroup members received fewer verbal backchannels from ingroup members if their group had robot verbal support. These results suggest that verbal support from a robot may have some direct benefits to outgroup members but may also reduce the obligation ingroup members feel to support the verbal contributions of outgroup members. 
    more » « less
  3. This research paper investigates how individual change agents come together to form effective teams. Improving equity within academic engineering requires changes that are often too complex and too high-risk for a faculty member to pursue on their own. Teams offer the advantage of combining a diverse skill set of many individuals, as well as bringing together insider knowledge and external specialist expertise. However, in order for teams of academic change agents to function effectively, they must overcome the challenges of internal politics, power differentials, and group conflict. This analysis of team formation emerges from our participatory action research with recipients of the NSF Revolutionizing Engineering Departments (RED) grants. Through an NSF-funded collaboration between the University of Washington and Rose-Hulman Institute of Technoliogy, we work with the RED teams to research the process of change as they work to improve equity and inclusion within their institutions. Utilizing longitudinal qualitative data from focus group discussions with 16 teams at the beginning and midpoints of their projects, we examine the development of teams to transform engineering education. Drawing on theoretical frameworks from social movement theory, we highlight the importance of creating a unified team voice and developing a sense of group agency. Teams have a better chance of achieving their goals if members are able to create a unified voice—that is, a shared sense of purpose and vision for their team. We find that the development of a team’s unified voice begins with proposal writing. When members of RED teams did not collaboratively write the grant proposal, they found it necessary to devote more time to develop a sense of shared vision for their project. For many RED teams, the development of a unified voice was further strengthened through external messaging, as they articulated a “we” in opposition to a “they” who have different values or interests. Group agency develops as a result of team members perceiving their goals as attainable and their efforts, as both individuals and a group, as worthwhile. That is, group agency is dependent on both the credibility of the team as well as trust among team members. For some of the RED teams, the NSF requirement to include social scientists and education researchers on their teams gave the engineering team members new, increased exposure to these fields. RED teams found that creating mutual respect was foundational for working across disciplinary differences and developing group agency. 
    more » « less
  4. Penetration testing is a key practice toward engineering secure software. Malicious actors have many tactics at their disposal, and software engineers need to know what tactics attackers will prioritize in the first few hours of an attack. Projects like MITRE ATT&CK™ provide knowledge, but how do people actually deploy this knowledge in real situations? A penetration testing competition provides a realistic, controlled environment with which to measure and compare the efficacy of attackers. In this work, we examine the details of vulnerability discovery and attacker behavior with the goal of improving existing vulnerability assessment processes using data from the 2019 Collegiate Penetration Testing Competition (CPTC). We constructed 98 timelines of vulnerability discovery and exploits for 37 unique vulnerabilities discovered by 10 teams of penetration testers. We grouped related vulnerabilities together by mapping to Common Weakness Enumerations and MITRE ATT&CK™. We found that (1) vulnerabilities related to improper resource control (e.g., session fixation) are discovered faster and more often, as well as exploited faster, than vulnerabilities related to improper access control (e.g., weak password requirements), (2) there is a clear process followed by penetration testers of discovery/collection to lateral movement/pre-attack. Our methodology facilitates quicker analysis of vulnerabilities in future CPTC events. 
    more » « less
  5. Researchers of team behavior have long been interested in the essential components of effective teamwork. Much existing research focuses on examining correlations between team member traits, team processes, and team outcomes, such as collective intelligence or team performance. However, these approaches are insufficient for providing insight into the dynamic, causal mechanisms through which the components of teamwork interact with one another and impact the emergence of team outcomes. Advances in the field of animal behavior have enabled a precise understanding of the behavioral mechanisms that enable groups to perform feats that surpass the capabilities of the individuals that comprise them. In this manuscript, we highlight how studies of animal swarm intelligence can inform research on collective intelligence in human teams. By improving the ability to obtain precise, time-varying measurements of team behaviors and outcomes and building upon approaches used in studies of swarm intelligence to analyze and model individual and group-level behaviors, researchers can gain insight into the mechanisms underlying the emergence of collective intelligence. Such understanding could inspire targeted interventions to improve team effectiveness and support the development of a comparative framework of group-level intelligence in animal and human groups. 
    more » « less