OkStupid and Plenty of Phish - Dating Bots for Social Engineering Attacks

Presented at ToorCon San Diego 18 (2016), Oct. 16, 2016, 12:30 p.m. (20 minutes)

OkStupid and Plenty of Phish will demonstrate how Artificial Intelligence (AI) chat bots deployed on common Internet dating services (OkCupid and Plenty of Fish) can be leveraged to distribute malware, conduct phishing attacks, and even infiltrate private corporate infrastructure. The presentation will begin by exposing an entire geek sub-culture of competitive bot-coding for the sake of defeating turing tests, through a combination of fuzzy string logic, heuristics, and machine learning algorithms. The discussion will then follow the speaker’s recent efforts to integrate these AI chat bots into a Python-toolkit aimed at weaponizing this capability for the sake of executing advanced automated social engineering attacks on internet dating sites and research pertaining to the most effective approaches for such attacks. This discussion will cover a broad range of topics pertaining to how such capabilities can be used for mischievous or malicious purposes. These topics include methods for identifying and targeting personnel of specific companies or government agencies on common dating platforms, the technical details related to the design and construction of chat bots, and techniques to reduce suspicion and optimize effectiveness of social engineering attacks.


  • Justin Hutchens / Gordo as Justin “Gordo” Hutchens
    Justin “Gordo” Hutchens has a Master’s degree in Information Systems and multiple information security certifications to include OSCP and GPEN. Gordo started his information security career in the US Air Force where he served 5 years doing cyber warfare, threat intelligence, and vulnerability management. He has since moved to consulting in the private sector and has focused his career towards attack simulations, penetration testing, and red team engagements. He frequently codes in Java, Python, and PowerShell and has been building automated web bots and violating terms of service for over a decade.


Similar Presentations: