REPORT DOCUMENTATION PAGE
Form Approved OMB No. 0704-0188
Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instruction,searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Sendcomments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, toWashington headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington DC 20503.
1. AGENCY USE ONLY
2. REPORT DATE
3. REPORT TYPE AND DATES COVERED
4. TITLE AND SUBTITLE:
Hacking Social Networks: Examining the Viability of Using Computer Network Attack Against Social Networks
Russell G. Schuhart II, LT, USN
5. FUNDING NUMBERS7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)
Naval Postgraduate SchoolMonterey, CA 93943-5000
8. PERFORMING ORGANIZATIONREPORT NUMBER9. SPONSORING /MONITORING AGENCY NAME(S) AND ADDRESS(ES)
10. SPONSORING/MONITORINGAGENCY REPORT NUMBER11. SUPPLEMENTARY NOTES
The views expressed in this thesis are those of the author and do not reflect the official policyor position of the Department of Defense or the U.S. Government.
12a. DISTRIBUTION / AVAILABILITY STATEMENT
Approved for public release; distribution is unlimited.
12b. DISTRIBUTION CODE
13. ABSTRACT (maximum 200 words)
Social Network Analysis (SNA) has been proposed as a tool to defeat transnational terrorist groups such asAl Qaeda. However, SNA is an descriptive tool that is a product of sociology and not an offensive tool used to attack a social network. SNA was not designed to destabilize covert networks that are difficult to observe and penetrate.This work presents a possible way to improve SNA’s performance against a covert social network by employing theComputer Network Attack (CNA) model. The CNA model is used by computer network security to represent thetraditional approach to hacking a computer network. Although not tested in this paper, it is argued that the CNAmodel should be able to improve the accuracy of SNA when applied to a covert social network by standardizing thedestabilization process and allowing for frequent challenges of operating assumptions.A history and overview of both computer networks and social networks is covered to allow for a comparisonof the two networks. The networks have enough similarities to allow the application of the CNA model without majormodification from its original form. Assumptions about the security of computer and social networks are examined toclarify how the CNA model can attack a social network. The model is examined for validity and the conclusion isthat the CNA model can incorporate SNA into a more methodical approach to achieve better results that using SNAalone. The final portion of the paper details a possible implementation of the CNA model and how it can be used aspart of an offensive effort to destabilize a covert social network.
15. NUMBER OFPAGES
14. SUBJECT TERMS
Social Networks, Social Network Analysis, Computer Networks, ComputerNetwork Attack, Hacking, Networks, Network Theory
16. PRICE CODE17. SECURITYCLASSIFICATION OFREPORT
18. SECURITYCLASSIFICATION OF THISPAGE
19. SECURITYCLASSIFICATION OFABSTRACT
20. LIMITATION OFABSTRACT
tandard Form 298 (Rev. 2-89)Prescribed by ANSI Std. 239-18