Cognitive Hacking: Technological and Legal Issues

In this paper, we define a category of computer security exploits called "cognitive hacks." Loosely speaking, cognitive hacking refers to a computer or information system attack that relies on changing human users' perceptions and corresponding behaviors in order to be successful. This is in contrast to denial of service (DOS) and other kinds of well-known attacks that operate solely within the computer and network infrastructure. In this paper several cognitive hacking techniques are illustrated by example, legal issues related to cognitive hacking are discussed, and technologies for preventing and mitigating the effects of cognitive hacking attacks are proposed. Ultimately each individual is responsible for his or her use of technology and for decisions taken based on information gathered from the web. The primary concern here is with misinformation that cannot be easily detected. Who is responsible for a large loss incurred resulting from misinformation posted on the Web? Is this simply a matter of “buyer beware,” or can users be protected by technology or policy?