dialing back phone verified account abuse
play

DIALING BACK PHONE VERIFIED ACCOUNT ABUSE Kurt Thomas, Dmytro - PowerPoint PPT Presentation

Mar 03, 2024 •280 likes •700 views

DIALING BACK PHONE VERIFIED ACCOUNT ABUSE Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier (Databricks), Damon McCoy (GMU) Keys to the kingdom Security & Abuse Research Blackmarket for bulk accounts Security

  1. DIALING BACK PHONE VERIFIED ACCOUNT ABUSE Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier (Databricks), Damon McCoy (GMU)

  2. Keys to the kingdom Security & Abuse Research

  3. Blackmarket for bulk accounts Security & Abuse Research

  4. Existing protections CAPTCHAs Email verification IP reputation Phone verification Security & Abuse Research

  5. Existing protections OCR: 50% accuracy, $30/mo CAPTCHAs Human solver: >95% accuracy, $0.70 per 1K Mail.ru: $5 per 1K accounts Email verification Yahoo: $8 per 1K accounts IP reputation Proxies: 15K - 30K IPs for $250/mo Phone verification ? Security & Abuse Research

  6. Phone verified accounts (PVA) 10-100x more expensive Security & Abuse Research

  7. Yet we see a steady stream of abusive PVA Security & Abuse Research

  8. Our work Deep dive into phone verified abuse Marketplace for accounts Origin of phone numbers Registration techniques Strengthen resource bottleneck for cheap phones Security & Abuse Research

  9. 1 ACCOUNT BLACKMARKET Security & Abuse Research

  10. Advertisements for accounts Web storefronts Forums Freelance Listings Security & Abuse Research

  11. Blackmarket as an oracle Identify 14 merchants, track public pricing Purchase 2,217 Google PVA from 7 merchants Price: $85-500 Authenticity: 100% working PVA Delivery rate: 24-48 hours Disabled in 1 month: 68% Security & Abuse Research

  12. Prices range $85-500 $600 $450 $300 $150 $0 Price per 1K accounts, multiple merchants Security & Abuse Research

  13. Price reflects quality $600 $450 $300 $150 $0 Original value of accounts Value lost to disabling Security & Abuse Research

  14. Pricing trends over 8 months Prices over $150 remain stable $150 Price per 1K accounts $125 30-40% drop in price of Google PVA $100 $85 $50 Does price reflect failure in defenses? Security & Abuse Research

  15. 2 PHONE ORIGIN Security & Abuse Research

  16. Datasets Google PVA, disabled for abuse: 300,000 Purchases reveal sample is representative For each account: Associated carrier, country information Geolocation of signup IP CAPTCHA solution attempts Security & Abuse Research

  17. Phone country of origin Weekly % of abusive PVA Top origins 60% United States 27% India 22% 40% Indonesia 12% Nigeria 4% 20% South Africa 4% Bangladesh 4% 0% Security & Abuse Research

  18. VOIP largest abuse source Rank Carrier Country Popularity 1 Bandwidth.com US 19.9% 24% of PVA 2 PT ID 7.3% verified over VOIP 3 IN Bharti 5.3% 4 IN Vodafone 4.0% Includes: 5 MTN NG 3.0% 6 Idea IN 2.8% Google Voice 7 ID Telekomunikasi 2.2% Pinger TextPlus 8 IN Aircel 2.1% Enflick … … … … GoTextMe 18 Level 3 US 0.86% 19 ZA Cell 0.84% 20 US Telengy 0.81% Security & Abuse Research

  20. Phone for price of a CAPTCHA Not Verified Security & Abuse Research

  21. Strategy in practice [now defunct] Free SMS Service New phone per CAPTCHA Security & Abuse Research

  22. Strategy in practice [now defunct] Google Voice Free SMS Service New phone per Claim 5 forwarding CAPTCHA numbers Security & Abuse Research

  23. Strategy in practice [now defunct] Google Voice Google Account Free SMS Service New phone per Claim 5 forwarding Register 5 accounts CAPTCHA numbers per phone number 25 accounts per CAPTCHA 60-80% of all disabled PVA between Oct-Jan Security & Abuse Research

  24. Where do non-VOIP phones originate? Same locations as human CAPTCHA farms. Socio-economic disparity creates an abuse vector. Security & Abuse Research

  25. $140–420 per 1K SIMs

  26. $140–420 per 1K SIMs

  27. Buyers bid on SMS endpoints: ~$0.20/SMS Sellers list phone numbers, respond with code.

  28. 3 REGISTRATION STRATEGIES Security & Abuse Research

  29. How do older protections perform? CAPTCHAs Email verification IP reputation Phone verification Security & Abuse Research

  30. CAPTCHA breaking 56% of registrations shown a CAPTCHA Correctly solved 96% of the time Indicative of human solvers Security & Abuse Research

  31. Minimizing IP re-use Restrict IP re-use over all time to < 20 accounts Security & Abuse Research

  32. Frequent phone re-use < 30% of phone numbers unique Can re-use phone numbers multiple times Security & Abuse Research

  33. Access to number is short lived Lifetime < 1hr compared to 1mo for benign Security & Abuse Research

  34. 4 DIALING BACK ABUSE Security & Abuse Research

  35. Frequently abused carriers Over 1,000 abused carriers Top 10 carriers contribute 50% of abusive PVA Security & Abuse Research

  36. Carrier reputation Most VOIP registrations abusive All other carriers serve predominantly good users Rank Carrier Country % Good 1 Bandwidth.com US 41% 2 PT ID 91% 3 IN Bharti 98% 4 Vodafone IN 98% 5 MTN NG 97% 6 Idea IN 98% 7 ID Telekomunikasi 99% 8 Aircel IN 98% Security & Abuse Research

  37. Pushing back on abusive carriers In January, we took action on carrier abuse: Blocked VOIP numbers acquired with CAPTCHA Restricted all other known VOIP numbers to single use Restricted some Indian, Indonesian telcos to single use Security & Abuse Research

  38. Impact on pricing Price per 1K accounts Price returns back to pre-VOIP levels Security & Abuse Research

  39. How did merchants react? In April, purchase a new set of 2,478 PVA Only 12% were Bandwidth.com, compared to 80% before Some previously unseen VOIP services Merchants hit max registration limit Need finer grain phone reputation signals Security & Abuse Research

  40. Summary Thriving account black market Use purchasing as an oracle into criminal capabilities Use pricing as an early warning of failing defenses Phone verification requires reputation support Security & Abuse Research

  41. THANKS! kurtthomas@google.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Children aged 0-5 account for 48% of all children involved. 30% of abuse begins during

1 Children aged 0-5 account for 48% of all children involved. 30% of abuse begins during

From Domestic Violence and Abuse Needs Assessment for Children and Young People in Norfolk. Norfolk Public Health, Stuart Keeble, Public Health Registrar , December 2014 1 Children aged 0-5 account for 48% of all children involved. 30% of abuse

144 views • 12 slides
Back To The Future Going Back In Time To Abuse Androids JIT 1 $ whoami Benjamin

Back To The Future Going Back In Time To Abuse Androids JIT 1 $ whoami Benjamin

Back To The Future Going Back In Time To Abuse Androids JIT 1 $ whoami Benjamin Watson Director of Security Research @VerSprite Security Android @rotlogix 2 Agenda Inspiration and Overview Android 4.4.4 JIT

751 views • 72 slides
WIRELESS INDUSTRY FIGHTS BACK AGAINST PREPAID PHONE TRAFFICKING Cell phone trafficking operations

WIRELESS INDUSTRY FIGHTS BACK AGAINST PREPAID PHONE TRAFFICKING Cell phone trafficking operations

WIRELESS INDUSTRY FIGHTS BACK AGAINST PREPAID PHONE TRAFFICKING Cell phone trafficking operations siphon millions of dollars from the wireless industry and its customers every year. Until recently, little could be done to fight back, but a

387 views • 3 slides
Domestic Violence The Cycle Abuse: Guilt: Excuses Normal Behavior Fantasy/ Honey-moon phase

Domestic Violence The Cycle Abuse: Guilt: Excuses Normal Behavior Fantasy/ Honey-moon phase

Domestic Violence The Cycle Abuse: Guilt: Excuses Normal Behavior Fantasy/ Honey-moon phase Tension build-up/ set-up Back to abuse Abuse abuse is psychological and physical it can leave deep and lasting scars No one should live in fear of the

470 views • 17 slides
BotGraph: Large Scale Spamming Botnet Detection Web-account abuse attack recent spamming technic

BotGraph: Large Scale Spamming Botnet Detection Web-account abuse attack recent spamming technic

BotGraph: Large Scale Spamming Botnet Detection Web-account abuse attack recent spamming technic New different approche for sending spam Basing on reputation of email providers Difficult to detect signup detection monitoring users' activity

157 views • 15 slides
MY Federal Student Aid ACCOUNT How To Create An FSA ID Items Needed to Create an Account 1.

MY Federal Student Aid ACCOUNT How To Create An FSA ID Items Needed to Create an Account 1.

MY Federal Student Aid ACCOUNT How To Create An FSA ID Items Needed to Create an Account 1. Social Security number 2. Your own mobile phone number 3. And/or email address 2 Go to: StudentAid.gov 3 Create Your FSA ID Accounts Add numbers

468 views • 5 slides
Divine Child Abuse??? Ransom: to buy back slaves Gregory of Nyssa (375 - ?) Adam &amp;

Divine Child Abuse??? Ransom: to buy back slaves Gregory of Nyssa (375 - ?) Adam &amp;

Sermon Divine Child Abuse??? Ransom: to buy back slaves Gregory of Nyssa (375 - ?) Adam &amp; Eve sold humanity to Satan. God baited Satan with Jesus, whom death couldnt hold. St Anselm of Canterbury SaNsfacNon: Gods 1033 -

382 views • 12 slides
befuddled.org cointagion.com Why you should love bitcoin: As a buyer As a seller How to

befuddled.org cointagion.com Why you should love bitcoin: As a buyer As a seller How to

befuddled.org cointagion.com Why you should love bitcoin: As a buyer As a seller How to accept payments 1. Incorporate your business to receive a DUNS number 2. Get a corporate account at your bank 3. Get you account verified by a

646 views • 40 slides
Welcome to the Six-Figure Account Manager Crash Course 3 Strategies to Wrestle Back Your Time,

Welcome to the Six-Figure Account Manager Crash Course 3 Strategies to Wrestle Back Your Time,

Welcome to the Six-Figure Account Manager Crash Course 3 Strategies to Wrestle Back Your Time, and Grow Your Accounts Win More Customers, Presented by Dan Englander Who is Dan Englander? How I started Here is your proposal, sir!

1.35k views • 100 slides
Sign In Directions Please take out cell phone If you do not have a cell phone, there is a

Sign In Directions Please take out cell phone If you do not have a cell phone, there is a

Sign In Directions Please take out cell phone If you do not have a cell phone, there is a sign up sheet in the back. Send text message to: 37607 Type in message area: Joemac30 Wait for the brief response Type in your

891 views • 68 slides
1. Introduction Goal: to develop a comprehensive account of (i) the selection of irrealis

1. Introduction Goal: to develop a comprehensive account of (i) the selection of irrealis

Workshop on the division of labour between phonology and morphology &amp; Fourth Network Meeting Meertens Instituut Amsterdam, January 16, 2009 Infixation, blocking, and back-copying in Muna: an OT-account of allomorphy selection and

376 views • 11 slides
Abuse of Dominant Position Case of Albanian Mobile Phone Market Servete GRUDA, Prof. Doctor

Abuse of Dominant Position Case of Albanian Mobile Phone Market Servete GRUDA, Prof. Doctor

Abuse of Dominant Position Case of Albanian Mobile Phone Market Servete GRUDA, Prof. Doctor Deputy Chairwoman of Albanian Competition Commission Gazmir MANI, MSc Inspector, Dominant Position Sector, Albanian Competition Authority 3 rd June

703 views • 17 slides
Mobile Device Architecture CS 4720 Mobile Application Development CS 4720 The Way Back Time

Mobile Device Architecture CS 4720 Mobile Application Development CS 4720 The Way Back Time

Mobile Device Architecture CS 4720 Mobile Application Development CS 4720 The Way Back Time When a phone was a phone Plus a story! CS 4720 2 Oh yes this was a phone The Motorola DynaTAC 8000X 1983 13 x 1.75 x

544 views • 35 slides
Bring Them Back! Reverse Scholarship Model In Practice AUDIO PROBLEMS? LISTEN ON YOUR PHONE :

Bring Them Back! Reverse Scholarship Model In Practice AUDIO PROBLEMS? LISTEN ON YOUR PHONE :

Bring Them Back! Reverse Scholarship Model In Practice AUDIO PROBLEMS? LISTEN ON YOUR PHONE : (866) 740-1260 | CODE: 8315693 Welcome! JILL GORDON Director of Learning jgordon@inphilanthropy.org Before We Get Started All participants

528 views • 36 slides
Understanding the use of stolen account credentials by cybercriminals Gianluca Stringhini

Understanding the use of stolen account credentials by cybercriminals Gianluca Stringhini

Understanding the use of stolen account credentials by cybercriminals Gianluca Stringhini University College London Abuse on online services [NDSS2017] [NDSS2013] [ACSAC2010] Malware Spam [AsiaCCS2017] [TDSC2016] [USENIX2011]

325 views • 17 slides
How do I recognize child abuse? Physical Abuse 1. Physical Neglect 2. 3. Sexual Abuse 4.

How do I recognize child abuse? Physical Abuse 1. Physical Neglect 2. 3. Sexual Abuse 4.

Child Abuse, Bullying and Strategies You Can Use to Protect Yourself How do I recognize child abuse? Physical Abuse 1. Physical Neglect 2. 3. Sexual Abuse 4. Emotional Maltreatment 1 Physical Abuse Physical indicators Behavioral indicators

737 views • 7 slides
Childrens Savings Accounts May 16, 2017 www.savingsforkids.org Welc lcome Monica Copeland

Childrens Savings Accounts May 16, 2017 www.savingsforkids.org Welc lcome Monica Copeland

Understanding the Account in Childrens Savings Accounts May 16, 2017 www.savingsforkids.org Welc lcome Monica Copeland Senior Program Manager Childrens Savings CFED www.savingsforkids.org Housekeepin ing This webinar is

760 views • 34 slides
Registration Tutorial First Steps 1. Make an account for yourself This only applies if you

Registration Tutorial First Steps 1. Make an account for yourself This only applies if you

Spring Grove Lacrosse Club Registration Tutorial First Steps 1. Make an account for yourself This only applies if you dont already have an account If you are on the mailing list, go to www.sglax.org , click on Sign in at the upper

423 views • 25 slides
ABLE Accounts: A Great Way to Save Money and Keep SSI and Other Benefits 1 Griffin Hammis

ABLE Accounts: A Great Way to Save Money and Keep SSI and Other Benefits 1 Griffin Hammis

ABLE Accounts: A Great Way to Save Money and Keep SSI and Other Benefits 1 Griffin Hammis Associates April 2020 Whats the Problem? 2 Some benefits - such as SSI, Medi-Cal and CalWORKS limit how much you can save. The limits

652 views • 40 slides
Financial Inclusion: A Case Study of the Covid Stimulus Payments Aaron Klein Fellow, Economic

Financial Inclusion: A Case Study of the Covid Stimulus Payments Aaron Klein Fellow, Economic

Financial Inclusion: A Case Study of the Covid Stimulus Payments Aaron Klein Fellow, Economic Studies, Brookings Institution @AaronDKlein Total stimulus payments recieved in weeks following the CARES Act 180,000,000 160,000,000 140,000,000

131 views • 10 slides
Ethereum and smart contracts Prof. Raluca Ada Popa Sept 12, 2018 Material based on the Ethereum

Ethereum and smart contracts Prof. Raluca Ada Popa Sept 12, 2018 Material based on the Ethereum

CS261: Security in Computer Systems Ethereum and smart contracts Prof. Raluca Ada Popa Sept 12, 2018 Material based on the Ethereum white paper Cryptocurrencies we cover in this class Four very di ff erent cryptocurrencies each introducing di

472 views • 16 slides
Globalizing Player Accounts with MySQL at Riot Games Tyler Turk Riot Games, Inc. About Me

Globalizing Player Accounts with MySQL at Riot Games Tyler Turk Riot Games, Inc. About Me

Globalizing Player Accounts with MySQL at Riot Games Tyler Turk Riot Games, Inc. About Me Senior Infrastructure Engineer Player Platform at Riot Games Father of three Similar talk at re:Invent last year 2 Accounts Team Responsible for

503 views • 34 slides
Linear and Exponential Growth (bill payments, bank savings, population growth, retirement

Linear and Exponential Growth (bill payments, bank savings, population growth, retirement

Linear and Exponential Growth (bill payments, bank savings, population growth, retirement savings, credit card payments) Instructor: Joanna Klukowska CORE-UA 109 (CORE-UA 109) Linear and Exponential Growth 1 / 34 Linear growth problems from

1.08k views • 89 slides
QP QPP Qu Quic ickin kinar ar Gett etting ing Pre repa pared red for or MIPS PS 20

QP QPP Qu Quic ickin kinar ar Gett etting ing Pre repa pared red for or MIPS PS 20

QP QPP Qu Quic ickin kinar ar Gett etting ing Pre repa pared red for or MIPS PS 20 2019 19 February 19, 2019 Presented by: Donna Cohen, Deputy Director Population Health Mary Simpson, HIT Specialist Georgia Marianne

551 views • 29 slides

More recommend