tracking the use of leaked consumer data
play

Tracking the Use of Leaked Consumer Data Tina Yeung & Dan - PowerPoint PPT Presentation

Sep 09, 2022 •229 likes •440 views

Tracking the Use of Leaked Consumer Data Tina Yeung & Dan Salsburg OTech | FTC Office of Technology Research & Investigation www.ftc.gov/OTech | research@ftc.gov #IDTheftFTC What Happens to Leaked Credentials? Research question: When

  1. Tracking the Use of Leaked Consumer Data Tina Yeung & Dan Salsburg OTech | FTC Office of Technology Research & Investigation www.ftc.gov/OTech | research@ftc.gov #IDTheftFTC

  2. What Happens to Leaked Credentials? Research question: When consumer credentials are made public, does anyone use them? Goal: Design and conduct a study that tracks the attempted use of stolen consumer credentials #IDTheftFTC

  3. Study of Credential Use 1. Create ~100 consumer accounts 2. Post account data publicly 3. Track use of data #IDTheftFTC

  4. Fake Customer Data 1. Name 2. Address 3. Phone number 4. Email address 5. Password 6. Payment mechanism Credit card number • Online payment account • Bitcoin wallet • #IDTheftFTC

  5. Posting of Fake Customer Data #IDTheftFTC

  6. Posting One vs. Posting Two • Same data, posted twice • Different format and time of day Posting 1: ~100 views Posting 2: ~550 views (Picked up by Twitter bot) #IDTheftFTC

  7. Monitoring of Data Usage • Monitored for about three weeks – Week before Posting 1 (Pre-study control) – Week after Posting 1 (Week 1) – Week after Posting 2 (Week 2) • Logged – Email account access attempts – Payment account access attempts – Credit card attempted charges – Texts and calls received by phone numbers #IDTheftFTC

  8. Time Before First Unauthorized Access Attempt Posting 1 Posting 2 1.5 hours 9 minutes #IDTheftFTC

  9. Total Unauthorized Access Attempts 1200 1108 1000 Number of Attempts 800 600 400 200 119 1 0 Pre-Study Week 1 Week 2 #IDTheftFTC

  10. Unauthorized Access Attempts by Account Type 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Email Services Credit Card Numbers Payment Accounts #IDTheftFTC

  11. Account Activity #IDTheftFTC

  12. Email Account Access Attempts by Week 500 466 450 400 Number of Attempts 350 300 250 200 150 100 47 50 1 0 Pre-Study Week 1 Week 2 #IDTheftFTC

  13. Email Access Attempts by Unique IP Addresses 30 Number of Unique IPs 25 20 15 10 5 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 … 44 Number of Attempts (Likely underestimates access attempts) #IDTheftFTC

  14. Geolocation of IPs Used in Access Attempts 50 # of Unique IP Addresses IP Addresses 45 Suspicious IP Addresses* 40 35 30 25 20 15 10 5 0 IP Country of Origin *IP addresses identified as suspicious by a freely available service #IDTheftFTC

  15. Credit Card Purchase Attempts • Max: $2,697.75, at a clothing website • Total amount within two weeks: $12,825.53 – Includes multiple payment attempts – Includes preauthorization charges • Noteworthy attempts: – Online dating service – Pizza place – Hotels #IDTheftFTC

  16. Amount Attempted per Charge 160 137 Identified preauthorizations 140 119 Charges Number of Charges 120 100 80 52 60 43 32 40 20 19 17 20 1 1 0 #IDTheftFTC

  17. Charge by Category 180 164 Number of Charges 160 140 120 100 79 80 59 60 39 36 40 23 12 9 8 7 20 3 1 1 0 #IDTheftFTC

  18. Additional Thoughts • If you post it, they will use it • Paste sites should be monitored by email and payment service providers • Two factor authentication provides some protection against stolen credentials • Merchants should consider refusing seriatim purchase attempts #IDTheftFTC

  19. Future work • Analysis of email spam, text spam, and phone calls received by fake consumer email accounts • Posting of consumer data in other ways that might attract different types of thieves Have relevant research? www.ftc.gov/OTech | research@ftc.gov #IDTheftFTC

  20. Contributors • Sheryl Roth • Nicole Davis • Phoebe Rouge • Aaron Kaufman • Joe Calandrino • Amber Howe • Aaron Alva • Biaunca Morris • Justin Brookman • Jonathan Aid • Phillip Miyo • Anne Blackman #IDTheftFTC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BEAs Use of Housing Related Data from the Consumer Data from the Consumer Expenditure Survey

BEAs Use of Housing Related Data from the Consumer Data from the Consumer Expenditure Survey

BEAs Use of Housing Related Data from the Consumer Data from the Consumer Expenditure Survey Presentation at the CE Data Users Forum On June 21,22 2010 at the BLS b A by Arnold J. Katz, ld J K NEA Research Staff of BEA www.bea.gov Disclaimer

256 views • 12 slides
Kernel dynamic memory allocation tracking and reduction Consumer Electronics Work Group Project

Kernel dynamic memory allocation tracking and reduction Consumer Electronics Work Group Project

Kernel dynamic memory allocation tracking and reduction Consumer Electronics Work Group Project 2012 Ezequiel Garca Memory reduction and tracking Why do we care? Tiny embedded devices (but really tiny) Virtualization: might be

1.19k views • 52 slides
Data Concentrator SVD data multiplexer with FPGA-based tracking Tracking-Meeting Bayrischzell

Data Concentrator SVD data multiplexer with FPGA-based tracking Tracking-Meeting Bayrischzell

Data Concentrator SVD data multiplexer with FPGA-based tracking Tracking-Meeting Bayrischzell Jochen Dingfelder, Carlos Marias, Michael Schnell schnell@physik.uni-bonn.de University of Bonn July, 19th 2012 Michael Schnell (University of

1.11k views • 37 slides
IC OFF THE RECORD: Direct access to leaked information related to the surveillance activities of

IC OFF THE RECORD: Direct access to leaked information related to the surveillance activities of

NSA PRISM Slides - IC OFF THE RECORD 11.06.18 14:18 2013 LEAKS 2014 LEAKS 2015 LEAKS 2016 LEAKS 2017 LEAKS 2018 LEAKS IC OFF THE RECORD: Direct access to leaked information related to the

480 views • 18 slides
Tracking Chronic Data Over Time: Data Support! December 13, 2016 Welcome! Agenda &

Tracking Chronic Data Over Time: Data Support! December 13, 2016 Welcome! Agenda &

Tracking Chronic Data Over Time: Data Support! December 13, 2016 Welcome! Agenda & Presenters Agenda Overview of Data Needed to Track Aging In to Chronic Status CS Data Team Tracking Data Chronic Status

467 views • 46 slides
we protect it. We have your data. We protect it. But you hold the key. COMPANY CONSUMER PORTAL

we protect it. We have your data. We protect it. But you hold the key. COMPANY CONSUMER PORTAL

We have your data, and we protect it. We have your data. We protect it. But you hold the key. COMPANY CONSUMER PORTAL DATA SOURCES DATA SUBJECT TOUCH POINTS INGEST SHOW ME MULTI-POS ALL DATA MY DATA CENTRALIZED DATA ECOMMERCE CHANGE

719 views • 45 slides
Opinion Spam Analysis and Detection Leaked Confidential Information as Ground Truth Yu-Ren Chen,

Opinion Spam Analysis and Detection Leaked Confidential Information as Ground Truth Yu-Ren Chen,

Opinion Spam Analysis and Detection Leaked Confidential Information as Ground Truth Yu-Ren Chen, Hsin Hsi Chen National Taiwan University What Is Opinion Spam? spreading commercially advantageous opinions as regular users on the Internet

1.18k views • 70 slides
From Tracking Pixels to Tracking Predicates Leonidas J. Guibas Xerox PARC and Stanford

From Tracking Pixels to Tracking Predicates Leonidas J. Guibas Xerox PARC and Stanford

From Tracking Pixels to Tracking Predicates Leonidas J. Guibas Xerox PARC and Stanford University Sensing for Reasoning and Acting A system of collaborating sensors should provide data that can: Lead to high-level Clustering of enemy

276 views • 16 slides
1 Tracking and Recursive estimation Recursive estimation Real-time / interactive imperative.

1 Tracking and Recursive estimation Recursive estimation Real-time / interactive imperative.

6.891 Syllabus Computer Vision and Applications Prof. Trevor. Darrell Lecture 16: Tracking Density propagation Linear Dynamic models / Kalman filter Data association Multiple models Readings: F&P Ch 17 1 2 Tracking

509 views • 13 slides
Multi-Object Tracking Challenge CV3DST Lecture Exercises Multi-Object Tracking Multi-Object

Multi-Object Tracking Challenge CV3DST Lecture Exercises Multi-Object Tracking Multi-Object

Multi-Object Tracking Challenge CV3DST Lecture Exercises Multi-Object Tracking Multi-Object Tracking Origins SONAR, RADAR Given a raw stream of sensory data: Localize objects Estimate object identities over time

340 views • 16 slides
Competition, Consumer Trust and Consumer Choice Review: Data Workshop ICANN54 | 21 October 2015

Competition, Consumer Trust and Consumer Choice Review: Data Workshop ICANN54 | 21 October 2015

Competition, Consumer Trust and Consumer Choice Review: Data Workshop ICANN54 | 21 October 2015 CCT Review: Data Workshop CCT Review Overview: Margie Milam, ICANN CCT Metrics: Brian Aitchison, ICANN Phase 1 Assessment of the

806 views • 52 slides
STT TRACKING & PID STATUS 6 JUNE 2018 | PETER WINTZ OUTLINE System Overview Tracking

STT TRACKING & PID STATUS 6 JUNE 2018 | PETER WINTZ OUTLINE System Overview Tracking

STT TRACKING & PID STATUS 6 JUNE 2018 | PETER WINTZ OUTLINE System Overview Tracking & PID Methods & Results (Data) 6 June 18 Peter Wintz - STT Tracking & PID - CM 18/2 p. 2 CENTRAL STRAW TUBE TRACKER 4224 straws

492 views • 15 slides
1 Things to consider in tracking Density propogation What are the Tracking == Inference

1 Things to consider in tracking Density propogation What are the Tracking == Inference

6.869 Huttenlocher talk Computer Vision and Applications Prof. Bill Freeman Tracking Density propagation Linear Dynamic models / Kalman filter Data association Multiple models Readings: F&P Ch 17 1 2 Huttenlocher talk

264 views • 13 slides
Lifewatch tools Software 2 data Species observations > 40 M records Tracking data birds

Lifewatch tools Software 2 data Species observations > 40 M records Tracking data birds

Lifewatch tools Software 2 data Species observations > 40 M records Tracking data birds : 1pos / 10min T axonomy > 200.000 names Environmental data. BIG data Spatial data platforms OBIS species observations ->

550 views • 10 slides
Knockin on Trackers Door: Large-Scale Automatic Analysis of Web Tracking Iskander

Knockin on Trackers Door: Large-Scale Automatic Analysis of Web Tracking Iskander

Knockin on Trackers Door: Large-Scale Automatic Analysis of Web Tracking Iskander Sanchez-Rola, Igor Santos Web Tracking It is a common practice to gather user browsing data . Web Tracking Recent studies provided a better understanding of

568 views • 24 slides
Consumer IoT security What is consumer IoT? We have defined consumer IoT as products that are

Consumer IoT security What is consumer IoT? We have defined consumer IoT as products that are

DCMS Consultation: Regulatory proposals for Consumer IoT security What is consumer IoT? We have defined consumer IoT as products that are connected to the internet and/or home network. A non-exhaustive list of examples includes: Connected

437 views • 30 slides
QMC Designs on the Sphere Ian H. Sloan University of New South Wales, Sydney, Australia Uniform

QMC Designs on the Sphere Ian H. Sloan University of New South Wales, Sydney, Australia Uniform

QMC Designs on the Sphere Ian H. Sloan University of New South Wales, Sydney, Australia Uniform distribution and QMC Methods, RICAM 2013 Joint with J Brauchart, EB Saff and R Womersley QMC designs Definition. A sequence of point sets ( X N )

855 views • 62 slides
Brave New World of Patient Engagement , February 2018 Susan B. Frampton, PhD , President Great

Brave New World of Patient Engagement , February 2018 Susan B. Frampton, PhD , President Great

Consumer Trends in a Brave New World of Patient Engagement , February 2018 Susan B. Frampton, PhD , President Great Expectationsare we meeting them? Saturday Friday 7:27 a.m. 9:45 p.m. Saturday 7:10 a.m. Saturday 7:40 a.m. Saturday

604 views • 33 slides
I n n o v a t i n g i n A u t o m o t i v e I n f o t a i n m e n

I n n o v a t i n g i n A u t o m o t i v e I n f o t a i n m e n

I n n o v a t i n g i n A u t o m o t i v e I n f o t a i n m e n t w i t h Qt Qu i c k N o v e m b e r 2 0 1 2 E k e l u n d s g a t a n 4 , S E - 4 1 1 1 8 G t e

547 views • 37 slides
Connecting American Indian and Alaska Native Children to Health Coverage December 15, 2016

Connecting American Indian and Alaska Native Children to Health Coverage December 15, 2016

Connecting American Indian and Alaska Native Children to Health Coverage December 15, 2016 Agenda Overview and Introductions Strategies to Enroll American Indian and Alaska Native Families into Medicaid and CHIP Overview of

536 views • 53 slides
Landscape of Illinois Uninsured and Underinsured What do we know and what else do we want to

Landscape of Illinois Uninsured and Underinsured What do we know and what else do we want to

Landscape of Illinois Uninsured and Underinsured What do we know and what else do we want to know before 2014? Stephani Becker Project Director, Illinois Health Matters Health & Disability Advocates October 23, 2012 Presentation

592 views • 27 slides
Residential Market Review New Construction and Resale History J. Van Rose, Jr. MIRM President

Residential Market Review New Construction and Resale History J. Van Rose, Jr. MIRM President

15 Year Residential Market Review New Construction and Resale History J. Van Rose, Jr. MIRM President Rose & Womble Enterprises 2 50 0 0 Principal Owner of Rose & Womble Realty 2 0 0 0 0 150 0 0 Lifetime Teacher & Motivator 10

180 views • 5 slides
SPREADING THE WORD ABOUT SUMMER MEALS MAY 14, 2015 This webinar has been made possible through

SPREADING THE WORD ABOUT SUMMER MEALS MAY 14, 2015 This webinar has been made possible through

SPREADING THE WORD ABOUT SUMMER MEALS MAY 14, 2015 This webinar has been made possible through the generous support of the Arbys Foundation. 2 Speakers Lucy Melcher Bernadette Di Rita Associate Director, Advocacy Manager Advocacy

574 views • 19 slides
Intensity Frontier 2013 April, 2013. Argonne, Il.

Intensity Frontier 2013 April, 2013. Argonne, Il.

Intensity Frontier 2013 April, 2013. Argonne, Il. LLNL-PRES-563700 This work was performed under the auspices of the U.S. Department of Energy

448 views • 22 slides

More recommend