Michelle – CSCC46 2020 Course Blog

Game Theory and Bystander Effect

An interesting game theory that displays the bystander effect is the Volunteer’s Dilemma. This game models a scenario where there are two or more players. A player in the game can make a small sacrifice to benefit everybody, or do nothing and hope that someone else will make that sacrifice for them. When nobody does anything, there is a negative consequence for everyone.

The payoff matrix for each player could look like this:

An example of volunteer’s dilemma. In reality the numbers can vary.

It is obvious that there is no pure strategy Nash equilibrium. However, there is a mixed strategy equilibrium which indicates that the probability of one person making a small sacrifice will decrease as the amount of players that participate in the game increases. Analyzing this game model explains the bystander effect in real life where people are less likely to make a sacrifice or help in a situation when there are other people around.

Volunteer’s Dilemma has occurred in real life situations such as the murder of Kitty Genovese in 1964. There were 38 witnesses that saw or heard the murder but chose to ignore it and not contact the authorities. This murder got a lot of attention and led to the discovery of the bystander effect and also this game theory.

Four meerkats - four thoughts Posters and Prints | Posterlounge.co.uk

Another example of the dilemma can also be found in wildlife within a group of meerkats. When a group of meerkats is searching for food, there is a small group that is assigned to act as guards and keep watch of the area. That group is supposed to let out a warning call for the rest of the meerkats when they spot danger in the wild. However, doing so can put themselves at risk. It is obvious how the volunteer’s dilemma occurs within the group of meerkats that act as guards. Any of the meerkats letting out a warning call would result in everyone being informed of the dangers, and all of the guarding meerkats choosing to do nothing and run away would result in all the other meerkats to be caught by surprise.

In conclusion, game theory can be used to model and explain a lot of results and actions taking during real life situations similar to Volunteer’s Dilemma and also Prisoner’s Dilemma covered in lecture.

Sources:
http://people.virginia.edu/~cah2k/vg_paper.pdf

https://www.psychologytoday.com/ca/blog/media-spotlight/201604/exploring-the-volunteers-dilemma

http://greenteapress.com/complexity/html/thinkcomplexity015.html

Using Graph Theory to Hack Corporations

In order for hackers to attack a corporation, they must first find a method to gain access to the corporation’s LAN. This can be done by phishing certain individuals within the organization and getting access to their workstation. However, that individual may not have enough privilege in the organization and their account cannot access the information sought after by the hacker. At this point, they must make use of the account they acquired in order to try to hack into an account with higher privileges.

To find accounts with higher privileges, a viable method is identity snowball attack or derivative local admin attack. This method uses the account they have acquired, and scan for other users on the network. Afterwards, a random user is picked as the pivot and the process continues until the desired domain admin account with all the necessary rights is found. The problem with this method is that it is possible to arrive at dead ends where the account does not give any further access. In this case, it is necessary to go back to the previous user, scan the network, and repeat the process again. So the problem with this method was that it takes a lot of time and especially larger organizations.

In this diagram, the red highlighted computer with no person is the initial account obtained through phishing or other means. The computer scans the network for other users and randomly chooses the next target. It goes up, and to the right. However, the top right user does not have any further access, so the hacker must go back to the previous user, and randomly choose again until they arrive at DA, which signifies as domain admin.

There is a much better way to perform such attacks using graph theory. It would be wise to construct a graph that illustrates the relationships between the users, their admin rights, and group delegations. An application called BloodHound was developed to do so. A graph can be constructed, giving the user an understanding to the network structure, and then algorithms from graph theory such as Dijkstra’s can be used to calculate the shortest attack path. Using the graph constructed, BloodHound‘s application allows for Cypher queries to be run in order to determine a user’s admin rights, group memberships and more. As a result, a lot of blind guessing-and-checking is omitted and a lot of time is saved for hackers.

Cypher queries that can be run on BloodHound

In conclusion, graph theory allows for hackers to represent the relations between users under a network in a meaningful way that allows them to model their organization’s network and plan their attack path according to the traversal of the graph. This method is much quicker compared to identity snowball attack. Additionally, this realization introduced efficient Attack Path Automation such as ANGRYPUPPY and GoFetch. These projects takes the results outputted from BloodHound and automates the attack, making hacking much easier and efficient.

Source: https://neo4j.com/blog/bloodhound-how-graphs-changed-the-way-hackers-attack/
ANGRYPUPPY: https://github.com/vysecurity/ANGRYPUPPY
GoFetch: https://github.com/GoFetchAD/GoFetch