underground
play

Underground Chrysovalantis Christodoulou World Wid ide Web - PowerPoint PPT Presentation

Nov 26, 2022 •271 likes •708 views

The Underground Chrysovalantis Christodoulou World Wid ide Web 28/04/2020 12:06 PM CS682-The Undergraound 2 Trafficking Fraudulent Accounts: The Role le of f the Underground Market in in Twitter Spam and Abuse Kurt Thomas Damon

  1. The Underground Chrysovalantis Christodoulou

  2. World Wid ide Web 28/04/2020 12:06 PM CS682-The Undergraound 2

  3. Trafficking Fraudulent Accounts: The Role le of f the Underground Market in in Twitter Spam and Abuse Kurt Thomas† Damon McCoy‡ Chris Grier† ∗ Alek Kolcz Vern Paxson† ∗ † University of California, Berkeley ‡ George Mason University ∗ International Computer Science Institute Twitter {kthomas, grier, vern}@cs.berkeley.edu, mccoy@cs.gmu.edu, ark@twitter.com 28/04/2020 12:06 PM CS682-The Underground 3

  4. Overview ❑ What are the most popular websites? - Facebook, Google, Twitter, Instagram, etc. ➔ Perfect Target for abuse (Fraud Advertising, Fake News, etc.) ❑ Need for Fraudulent, Spam accounts “Twitter has shut down up to 70 million fake and suspicious accounts- BBC 2018” 28/04/2020 12:06 PM CS682-The Underground 4

  5. Contributions 1. Study the organization of the Underground market by monitoring 27 merchants profiting from the sale of Twitter accounts 2. Study merchants’ techniques for bypassing registration defenses and how barriers affect the accounts’ price 3. Implement a classifier to identify fraudulent accounts 4. Study the impact of the classifier on Twitter spam 28/04/2020 12:06 PM CS682-The Underground 5

  6. Methodology Purchasing from Analyze the Market Tracking merchants Merchants selling Twitter accounts 28/04/2020 12:06 PM CS682-The Underground 6

  7. Id Identify fy Merchants ❑ Total Number of identified Merchants: 27 48 Hours Merchants Distribution Support 14 12 12 10 10 8 6 5 4 2 0 Own Website BlackHat Forums Freelance sites Own Website BlackHat Forums Freelance sites 28/04/2020 12:06 PM CS682-The Underground 7

  8. Purchasing fr from Merchants ❑ 144 orders -> 120K accounts ~ $5000 ❑ Bi-weekly basis from June 2012 – April 2013 ❑ Price Range: $1-20 ❑ Payment Methods: 28/04/2020 12:06 PM CS682-The Underground 8

  9. Periods-Prices Table 1: List of the merchants we track, the months monitored, total purchases performed (#), accounts purchased, and the price per 100 accounts. Source of solicitations include blackhat forums†, Fiverr, and Freelancer and web storefronts‡ 28/04/2020 12:06 PM CS682-The Underground 9

  10. Analysis ❑ Price: $0.04 Median account price ❑ Delivery: 1 day Median time before accounts arrive ❑ Fraud: 13% Accounts resold (Access after sale) ➔ Excellent Service 28/04/2020 12:06 PM CS682-The Underground 10

  11. Analysis (c (cont.) Few changes on Prices due to high availability 28/04/2020 12:06 PM CS682-The Underground 11

  12. Analysis – Price Comparison ❑ Prices from buyaccs.com Web Services Price Per Thousand Hotmail.com (resale*) $2 Hotmail.com $4 Yahoo $6 Twitter $20 Google (PVA)** $100 Facebook (PVA)** $100 * Resale accounts indicates account that was previously used **PVA - Phone Verified Account 28/04/2020 12:06 PM CS682-The Underground 12

  13. Existing Defenses ❑ IP Blacklisting, throttling ❑ Email challenge-response ❑ CAPTCHAs ❑ Phone verification Merchants can circumvent those approaches 28/04/2020 12:06 PM CS682-The Underground 13

  14. IP IP Blacklisting - Bypass ❑ Purchase accounts with unique registration IP: 79% Registration Origin Popularity India 8.50% Ukraine 7.23% Usually low- cost services Turkey 5.93% Thailand 5.40% Mexico 4.61% Other 68.33% 28/04/2020 12:06 PM CS682-The Underground 14

  15. Email Confirmation - Bypass ❑ 77% of accounts was verified by a unique email address ❑ Hotmail & Yahoo Prices: $6/per thousand Average Twitter Price Average Twitter Price without confirmation with confirmation $30 $47 28/04/2020 12:06 PM CS682-The Underground 16

  16. CAPTCHAs - Bypass ❑ ~ 35% of accounts they purchase solved CAPTCHA ❑ Increase the cost of accounts ❑ ~ 92% of the attempts fails But they don’t really care because it’s an automated process 28/04/2020 12:06 PM CS682-The Underground 17

  17. Detecting Fraudulent Accounts (C (Classifier) ❑ Purely based on registration signals ❑ Train on 120K purchased accounts Features: 1 2 3 Automatically generated naming regex Time of registration Sequence of registration events e.g. e.g. Name: Maria Andreou E N E 3 Screen name: mariaksda E 1 E 2 Timing = δ finish – δ start Email: MariaAasdlka912@hotmail.com Welcome Registration Screen Complete 28/04/2020 12:06 PM CS682-The Underground 18

  18. Classifier Performance 99.99% Precision: Percentage of identified accounts that are spam Recall: 95.08% Percentage of all detected spam accounts → Really good Performance 28/04/2020 12:06 PM CS682-The Underground 19

  19. Recall Over Time Need for continuously purchasing 28/04/2020 12:06 PM CS682-The Underground 20

  20. Im Impact on Twitter ❑ Apply the classifier to all register accounts between April 2012 – April 2013 ❑ Detect several million of spam accounts ❑ 27 Merchants was responsible for the 10-20% of all detected spam accounts 28/04/2020 12:06 PM CS682-The Underground 21

  21. Im Impact on Twitter (c (cont.) Estimated Revenue: $127-459K 28/04/2020 12:06 PM CS682-The Underground 22

  22. Disrupting the Market? ❑ Monitoring False Positives - Check how many user complaint about the suspension of their accounts - Achieved Precision: 99.9942% ❑ Monitoring Market immediately after the application of the detector All of the stock got suspended ... Not just mine .. It happened with Temporarily not selling Twitter.com all of the sellers .. Don’t know what accounts twitter has done ... buyaccountsnow.com buyaccs.com April 10, 2013 April 06, 2013 28/04/2020 12:06 PM CS682-The Underground 23

  23. Market Fallout & Recovery ry ❑ Immediately after application of the algorithm → 90% of accounts suspended ❑ 2 weeks after application of the algorithm → 50% of accounts suspended ❑ Market recovers relatively fast, but authors achieve to disrupt it 28/04/2020 12:06 PM CS682-The Underground 24

  24. Conclusions ❑ Buying accounts is relatively easy ❑ The market is responsible for the 10-20% of spam accounts on Twitter ❑ The market generates $127K-459K revenue per year ❑ The market bypass defenses but the cost of accounts get higher ❑ Proposed Machine Learning classifier achieve great, but temporal results ❑ Required stronger defenses after registration 28/04/2020 12:06 PM CS682-The Underground 25

  25. PharmaLeaks: Understanding the Business of f Online Pharmaceutical Affiliate Programs Damon McCoy, George Mason University; Andreas Pitsillidis and Grant Jordan, University of California, San Diego; Nicholas Weaver and Christian Kreibich, University of California, San Diego, and International Computer Science Institute; Brian Krebs, KrebsOnSecurity.com; Geoffrey M. Voelker, Stefan Savage, and Kirill Levchenko, University of California, San Diego

  26. Overview 2 1 Buy Services ( Commission ) Affiliate Marketer (Spammer) Spam Email Purchase/Delivery 3 Affiliate Program User (Customer) (Seller) 28/04/2020 12:06 PM CS682-The Underground 27

  27. Contributions ❑ The contribution of the paper is on its results Main Goal: Extensive study of the pharmacy affiliate programs, because they are a major sponsor of spam (email and web), in order to understand their main aspects, and ultimately, disrupt the whole market 28/04/2020 12:06 PM CS682-The Underground 28

  28. Affiliate Programs ❑ Affiliate Programs operates as a normal business and thus they have the same needs: 1. Good relationship with marketers 2. Good relationship with suppliers (goods and shipping) 3. Easiness on Payment processing ➔ Let’s analyze these aspects! 28/04/2020 12:06 PM CS682-The Underground 29

  29. Methodology Customer Demographics Product Popularity Affiliates general operation Leaked Datasets Analyze Data Outcomes 28/04/2020 12:06 PM CS682-The Underground 30

  30. Leaked Datasets ❑ Numerous “leaked” sources of financial and operational data for 3 affiliate programs. - Leaked data was a result of competitive hacking “war” *SpamIt is a fork of GlavMed and probably they are operating with the same people 28/04/2020 12:06 PM CS682-The Underground 31

  31. Customer Demographics Orders Revenue Rate (%) Affiliate Repeated Country Program Customers United States 1,044,173 74.8 Revenue (%) Great Britain 88,823 6.4 27 GlavMed Canada 53,113 3.8 38 SpamIt Germany 39,353 2.8 RX-Promotion 9-23 Australia 31,918 2.3 France 29,581 2.1 Italy 15,406 1.1 Switzerland 10,478 0.8 Spain 9,578 0.7 Repeated Customers shows Sweden 7,717 0.6 satisfaction Other 65,277 4.6 28/04/2020 12:06 PM CS682-The Underground 32

  32. Product Demographics *Without ED products SpamIt 28/04/2020 12:06 PM CS682-The Underground 33

  33. Affiliates General Operation – Payments Lose relationship with payment method (VISA) 28/04/2020 12:06 PM CS682-The Underground 34

  34. Affiliates General Operation – Registrations Avg. new customers for: GlavMed/SmaIt = ~ 3,500/week RX-Promotion = ~ 1,500/week Market is growing 28/04/2020 12:06 PM CS682-The Underground 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

July 26 th , 2017 To: Landmarks Preservation Board From: Ron Taylor/Structural Engineer Re. Answers to the questions: Going underground is not practical or feasible The construction challenges of going underground are not unusual. Many museums

533 views • 6 slides
Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground

Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground

Bernard Sadoulet Dept. of Physics /LBNL UC Berkeley UC Institute for Nuclear and Particle Astrophysics and Cosmology (INPAC) Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground science Motivations

586 views • 43 slides
Kimballton Underground Research Facility www.phys.vt.edu/~kimballton US Deep Underground

Kimballton Underground Research Facility www.phys.vt.edu/~kimballton US Deep Underground

Kimballton Underground Research Facility www.phys.vt.edu/~kimballton US Deep Underground Laboratories Homestake Soudan (SURF) Kimballton WIPP Key KURF Features 1450 mwe shielding drive in access ample space hour from major

570 views • 25 slides
underground Planning and subterranean development Jonathan Bore Going underground...

underground Planning and subterranean development Jonathan Bore Going underground...

Going underground Planning and subterranean development Jonathan Bore Going underground... Background Why here? Why now? Pros and cons Number of applications Permitted development Impact during construction

282 views • 17 slides
Underground Poetry and Poems on the Underground Robert Crawshaw Lancaster University CLE

Underground Poetry and Poems on the Underground Robert Crawshaw Lancaster University CLE

Underground Poetry and Poems on the Underground Robert Crawshaw Lancaster University CLE conference 16-18 April 2015 Amy Mcallister Priority https://www.youtube.com/wa tch?v=dkNZmDzqoeQ

340 views • 7 slides
UNDERGROUND ECONOMIES GRAD SEC OCT 17 2017 TODAYS PAPERS UNDERGROUND ECONOMIES

UNDERGROUND ECONOMIES GRAD SEC OCT 17 2017 TODAYS PAPERS UNDERGROUND ECONOMIES

UNDERGROUND ECONOMIES GRAD SEC OCT 17 2017 TODAYS PAPERS UNDERGROUND ECONOMIES Economics drives both the attacks and the defenses What is for sale? Who sells it? How? Defenders: Antivirus vendors, firewall vendors, etc.

781 views • 42 slides
INVESTOR PRESENTATION GLOBAL UNDERGROUND MINING GLOBAL UNDERGROUND MINING PLATFORM PLATFORM

INVESTOR PRESENTATION GLOBAL UNDERGROUND MINING GLOBAL UNDERGROUND MINING PLATFORM PLATFORM

INVESTOR PRESENTATION GLOBAL UNDERGROUND MINING GLOBAL UNDERGROUND MINING PLATFORM PLATFORM Engineered Excellence 23 April 2014 AGENDA Safety Structure & Service Offering Client Base Contracting Arrangements 222

341 views • 19 slides
Underground Laboratories Underground Laboratories Eugenio Coccia INFN Laboratori Nazionali del

Underground Laboratories Underground Laboratories Eugenio Coccia INFN Laboratori Nazionali del

TAUP 2009 Rome July 1-5 2009 Underground Laboratories Underground Laboratories Eugenio Coccia INFN Laboratori Nazionali del Gran Sasso and Universit di Roma Tor Vergata coccia@lngs.infn.it Thanks to Alessandro Bettini, Fabrice Piquemal,

991 views • 87 slides
Backgrounds in underground laboratories Vitaly A. Kudryavtsev University of Sheffield

Backgrounds in underground laboratories Vitaly A. Kudryavtsev University of Sheffield

Backgrounds in underground laboratories Vitaly A. Kudryavtsev University of Sheffield Contributions from many others Outline (and some notes) Built on ILIAS work: background studies for underground experiments. This study is

650 views • 16 slides
Town of Palm Beach Underground Utilities Update PALM BEACH CIVIC ASSOCIATION COMMUNITY FORUM

Town of Palm Beach Underground Utilities Update PALM BEACH CIVIC ASSOCIATION COMMUNITY FORUM

Town of Palm Beach Underground Utilities Update PALM BEACH CIVIC ASSOCIATION COMMUNITY FORUM NOVEMBER 16, 2017 OVERHEAD VS UNDERGROUND BARRER ISLANDS, FPL REPORTS & HURRICANE IRMA THE TOWN OBTAINED DIRECT FEEDBACK FROM OTHER UNDERGROUND

340 views • 14 slides
Better Cities, Better Lives The contribution of Underground Space to Urban Development

Better Cities, Better Lives The contribution of Underground Space to Urban Development

Better Cities, Better Lives The contribution of Underground Space to Urban Development 26-10-2011 | Wuhan | ITA Technical Seminar - ISOCARP congress ITA-AITES International Tunnelling and Underground Space Association Founded in

550 views • 41 slides
The ANDES underground laboratory in Latin-America Jonathan Miller Fermilab - May 14, 2018 World

The ANDES underground laboratory in Latin-America Jonathan Miller Fermilab - May 14, 2018 World

The ANDES underground laboratory in Latin-America Jonathan Miller Fermilab - May 14, 2018 World map of underground laboratories 2 / 27 Updated world map of underground laboratories 3 / 27 The Agua Negra tunnel (Coquimbo - San Juan)

421 views • 27 slides
SNOLAB Construction Status and Experimental Program SNOLAB located 2 km underground in an

SNOLAB Construction Status and Experimental Program SNOLAB located 2 km underground in an

M. Chen Queens University SNOLAB Construction Status and Experimental Program SNOLAB located 2 km underground in an active nickel mine near Sudbury, Canada its an expansion of the underground facility on the same level as the SNO

469 views • 30 slides
Laboratory Underground Nuclear Astrophysics Study of the BBN reaction D( 4 He , ) 6 Li deep

Laboratory Underground Nuclear Astrophysics Study of the BBN reaction D( 4 He , ) 6 Li deep

Laboratory Underground Nuclear Astrophysics Study of the BBN reaction D( 4 He , ) 6 Li deep underground with LUNA Carlo Gustavino For the LUNA collaboration Big Bang Nucleosynthesis Primordial abundance of light elements 6 Li

667 views • 20 slides
Low pH concrete resistance Low pH concrete resistance against underground water against

Low pH concrete resistance Low pH concrete resistance against underground water against

MECHANISMS AND MODELLING OF WASTE/CEMENT INTERACTIONS 2 nd International Workshop Low pH concrete resistance Low pH concrete resistance against underground water against underground water aggression aggression Jos Luis Garca Calvo 1 , Ana

602 views • 23 slides
Discovery of underground reservoir of argon with low level of 39 Ar TAUP 2007 - Sendai -

Discovery of underground reservoir of argon with low level of 39 Ar TAUP 2007 - Sendai -

Discovery of underground reservoir of argon with low level of 39 Ar TAUP 2007 - Sendai - September 11 2007 Cristiano Galbiati, on behalf of Outline Part of research program funded by NSF Motivation for exploration of underground

442 views • 18 slides
Azam Marketing Prem ium Advertiser Portfolio 2 0 1 3 This document provides a summary of the

Azam Marketing Prem ium Advertiser Portfolio 2 0 1 3 This document provides a summary of the

Azam Marketing Prem ium Advertiser Portfolio 2 0 1 3 This document provides a summary of the affiliate programs that Azam Marketing is currently managing. Each advertiser offers excellent opportunities for publishers to maximise their income.

412 views • 6 slides
The Real Time Pain Relief Rebate Center Program Real Time Pain Relief is an FDA Registered Over

The Real Time Pain Relief Rebate Center Program Real Time Pain Relief is an FDA Registered Over

The Real Time Pain Relief Rebate Center Program Real Time Pain Relief is an FDA Registered Over the Counter Topical Pain lotion RTPRs Rebate Center Program Is Designed to Create a Partnership between Local Business Owners and RTPR RTPR

433 views • 18 slides
Starting an Affj ffjliate Program and Finding Affj ffjliate Partners Presented by: Lene Gill

Starting an Affj ffjliate Program and Finding Affj ffjliate Partners Presented by: Lene Gill

Starting an Affj ffjliate Program and Finding Affj ffjliate Partners Presented by: Lene Gill Head of Business Development and Client Strategy at East 5th Avenue Who is East 5th Avenue? East 5th Avenue is a high-end boutique affjliate

208 views • 18 slides
Swap Dealer Definition: Who's In, Who's Out, and What's Next?

Swap Dealer Definition: Who's In, Who's Out, and What's Next?

Swap Dealer Definition: Who's In, Who's Out, and What's Next?

871 views • 33 slides
Marina Industry Our goal today Who we are What are our strategic goals Give you three

Marina Industry Our goal today Who we are What are our strategic goals Give you three

The Voice of the Marina Industry Our goal today Who we are What are our strategic goals Give you three reasons for joining AMIs affiliate program Answer your questions Who are we? Association of Marina Industries The

360 views • 17 slides
Q1 2020 Presentation May, 2020 1 Forward looking statement This presentation contains certain

Q1 2020 Presentation May, 2020 1 Forward looking statement This presentation contains certain

Q1 2020 Presentation May, 2020 1 Forward looking statement This presentation contains certain forward-looking statements and opinions. Forward-looking statements are statements that do not relate to historical facts and events and such

610 views • 22 slides
YOUNG LAWYERS ON CENTER STAGE CURRENT ISSUES RELATED TO YOUNG LAWYERS & VOLUNTARY BARS

YOUNG LAWYERS ON CENTER STAGE CURRENT ISSUES RELATED TO YOUNG LAWYERS & VOLUNTARY BARS

YOUNG LAWYERS ON CENTER STAGE CURRENT ISSUES RELATED TO YOUNG LAWYERS & VOLUNTARY BARS KATHERINE HURST MILLER AND ZACK ZUROWESTE THE FLORIDA BAR YOUNG LAWYERS DIVISION Our mission is to inspire and empower young lawyers to succeed, to

177 views • 15 slides
THE OGI ALL-IN-ONE BUSINESS MODEL Compensation Plan January 1st, 2020 THE COMPANY OGI

THE OGI ALL-IN-ONE BUSINESS MODEL Compensation Plan January 1st, 2020 THE COMPANY OGI

THE OGI ALL-IN-ONE BUSINESS MODEL Compensation Plan January 1st, 2020 THE COMPANY OGI (OurGlobalIdea) was founded in 2014 by creating an innovative platform that connects consumers and business owners in a mutually beneficial way. OGI's

642 views • 37 slides

More recommend