understanding the use of stolen account credentials by
play

Understanding the use of stolen account credentials by - PowerPoint PPT Presentation

Dec 20, 2023 •154 likes •325 views

Understanding the use of stolen account credentials by cybercriminals Gianluca Stringhini University College London Abuse on online services [NDSS2017] [NDSS2013] [ACSAC2010] Malware Spam [AsiaCCS2017] [TDSC2016] [USENIX2011]

  1. Understanding the use of stolen account credentials by cybercriminals Gianluca Stringhini University College London

  2. Abuse on online services [NDSS2017] [NDSS2013] [ACSAC2010] Malware Spam [AsiaCCS2017] [TDSC2016] [USENIX2011] [CSET2016] [IMC2016] Information stealing [DIMVA2015] [USENIX2015] Fraud [CCS2015] [IMC2013] [WWW2017] [ICWSM2017] Reputation manipulation Hate/Bullying [WOSN2012] [WebSci2017] Understanding the use of stolen account credentials by cybercriminals 2

  3. Compromised accounts Credentials to online accounts get stolen by cybercriminals • Phishing • Data breaches • Information-stealing malware Question: How are stolen credentials used by criminals in the wild? These credentials are then misused for profit (anecdotes) • Steal sensitive information • Send spam • Sell the credentials on the black market Understanding the use of stolen account credentials by cybercriminals 3

  4. How can we answer this question? No data available: we aren’t Google, Facebook etc.  From the outside, we can only see spam In 2014, a paper by Google shed some light on these topics, but their focus was narrow and they left many questions unanswered We decided to collect data ourselves and to enable the research community to better understand the ecosystem of stolen account credentials Understanding the use of stolen account credentials by cybercriminals 4

  5. Gmail “honey” accounts Google allows to enhance the functionality of accounts by setting up Google App Scripts We can use this functionality to set up honeypots! • Monitor which emails are opened • Monitor which emails are sent • Monitor durations of accesses, OS, browser • Monitor locations of accesses We can then leak credentials and have criminals use them Understanding the use of stolen account credentials by cybercriminals 5

  6. Our system (publicly available) We asked Google to monitor the accounts on their side too Understanding the use of stolen account credentials by cybercriminals 6

  7. How does the outlet of a leak influence criminal activity? [IMC2016] Corporate webmail honey accounts (100 accounts) • Belonging to a fictitious company • Populated using the Enron dataset We leaked the credentials through three outlets • Paste sites • Underground forums • Information stealing malware We monitored activity to the accounts for 7 months, receiving 329 accesses Understanding the use of stolen account credentials by cybercriminals 7

  8. Types of accesses Curious – just check if accounts are real Gold Diggers – look for sensitive information • Use the information • Set a price tag Spammers – send spam Hijackers – change the password locking the owner out Understanding the use of stolen account credentials by cybercriminals 8

  9. Influence of leak outlet on activity Accesses of credentials leaked through malware are the “stealthiest” Understanding the use of stolen account credentials by cybercriminals 9

  10. Some accesses are stealthier than others Understanding the use of stolen account credentials by cybercriminals 10

  11. What are “gold-diggers” looking for? Mostly financial or account information Popular words are: • Seller • Account • Payment • Bitcoin Understanding the use of stolen account credentials by cybercriminals 11

  12. Timeline of account accesses Understanding the use of stolen account credentials by cybercriminals 12

  13. How does information on the location of the account owner influence accesses? [IMC2016] Understanding the use of stolen account credentials by cybercriminals 13

  14. How does the language of an account influence criminal activity? [arxiv] We created 30 accounts in three different languages • 10 English accounts • 10 Greek accounts • 10 Romanian accounts We hid fake email invoices for banking institutions in each account Summary of findings: • Criminals are more likely to find the hidden sensitive information in the Greek accounts • Criminals spend more time on Greek accounts Possible explanation: if criminals do not understand the language of an account, they use automated translation tools Understanding the use of stolen account credentials by cybercriminals 14

  15. How does leaking credentials on the Dark Web affect criminal activity? [under submission] We replicated the surface Web experiment on the Dark Web (paste sites and forums) Some preliminary results: • Dark Web accesses receive many more accesses than surface Web ones • Dark Web accesses show a higher degree of sophistication Understanding the use of stolen account credentials by cybercriminals 15

  16. Conclusion • We released a honeypot system that allows you to design your own experiments to better understand the modus operandi of cybercriminals • We shed some light on the way that stolen Gmail accounts are used in the wild • We also developed a honeypot version for Google Spreadsheets Understanding the use of stolen account credentials by cybercriminals 16

  17. References: [1] J. Onaolapo, E. Mariconti, G. Stringhini. What Happens After You are Pwnd: Undertsanding the Use of Stolen Webmail Credentials in the Wild . In IMC 2016 [2] M. Lazarov, J. Onaolapo, G. Stringhini. Honey Sheets: What Happens to Leaked Google Spreadsheets? In USENIX CSET 2016 [3] E. Bernard-Jones, J. Onaolapo, G. Stringhini. Email Babel: Does Language Affect Criminal Activity in Compromised Webmail Accounts? On Arxiv. Questions? g.stringhini@ucl.ac.uk Code available at: @gianluca_string https://bitbucket.org/gianluca_students/gmail-honeypot

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

China Credentials Verification Presented by: Catherine Liu Translator for International Promotion

China Credentials Verification Presented by: Catherine Liu Translator for International Promotion

International Admissions: Overcoming the challenges to understanding international credentials Interna'onal Admissions: Overcoming the challenges to understanding interna'onal creden'als China Credentials

273 views • 13 slides
CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun )

CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun )

CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun ) reference materials used to support applications for employment or graduate study BENEFITS OF CREATING A FILE Compile all of your resources in the Career

677 views • 21 slides
Page 1 Time Stolen by Network Stolen Time Solutions Receive Processing Move CPU-intensive

Page 1 Time Stolen by Network Stolen Time Solutions Receive Processing Move CPU-intensive

Outline of Talk Background Augmented CPU Open real-time systems Reservations Rez and HLS Stolen time Rez-C and Rez-FB John Regehr John A. Stankovic Design University of Virginia Performance More stolen time

164 views • 3 slides
15% > Black market fueling credential theft Quantifying risk of account takeover Protecting

15% > Black market fueling credential theft Quantifying risk of account takeover Protecting

15% > Black market fueling credential theft Quantifying risk of account takeover Protecting users 1.9B Credentials exposed 12M Estimated credentials **************************************************** Operating System Intel Recovery

1.04k views • 36 slides
Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research Credentials: Motivation ID cards Sometimes used for other uses E.g. prove youre over 21, or verify your address

659 views • 48 slides
The human understanding, on account of its own nature, readily supposes a greater order and

The human understanding, on account of its own nature, readily supposes a greater order and

The human understanding, on account of its own nature, readily supposes a greater order and uniformity in things than it finds. And ... it devises parallels and correspondences and relations which are not there. Francis Bacon, 1620

599 views • 39 slides
7Arrows credentials 10 years, 1 100 people, 120-million turnover Big enough to count, small

7Arrows credentials 10 years, 1 100 people, 120-million turnover Big enough to count, small

7Arrows credentials 10 years, 1 100 people, 120-million turnover Big enough to count, small enough to care Owned by CSG Holdings Ltd SASSETA accredited Deep understanding of community security Driven by people with

417 views • 15 slides
CREDENTIALING AND PRIVILEGING CVOs Credentials Verification Organizations Organization may

CREDENTIALING AND PRIVILEGING CVOs Credentials Verification Organizations Organization may

CREDENTIALING AND PRIVILEGING CVOs Credentials Verification Organizations Organization may elect to rely on a Credentials Verification Organization (CVO) to conduct primary source verification of an applicants credentials. * Prior to

467 views • 21 slides
The Evaluation of Immigrant Credentials Dietz, Esses, Joshi, Bonnet-Abu Ayyouh Issue: What role

The Evaluation of Immigrant Credentials Dietz, Esses, Joshi, Bonnet-Abu Ayyouh Issue: What role

The Evaluation of Immigrant Credentials Dietz, Esses, Joshi, Bonnet-Abu Ayyouh Issue: What role do three factors play in the evaluation of educational credentials: 1. Immigrant status 2. Accreditation (or not) of foreign credentials 3. Race

547 views • 15 slides
Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud

Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud

Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud Developer at SUSE cmurphy @_colleenm Overview Why we needed application credentials What are application credentials? (with demo!)

637 views • 25 slides
Stackable Credentials Why are they Necessary? Benefits employers, employees, applicants, and

Stackable Credentials Why are they Necessary? Benefits employers, employees, applicants, and

5/16/2017 WELCOME! Your Stackable Credentials webcast will start soon! Stackable Credentials Why are they Necessary? Benefits employers, employees, applicants, and students 1 5/16/2017 DETAILS FOR TODAY TEXTING VIA QUESTIONS BOX

195 views • 18 slides
ACCOUNT CODING Unit Course Project Fund Program Function Object XXX XXX XXXX XXX XXX

ACCOUNT CODING Unit Course Project Fund Program Function Object XXX XXX XXXX XXX XXX

ACCOUNT CODING Unit Course Project Fund Program Function Object XXX XXX XXXX XXX XXX XXXX XXXX Presented by Matt Roberson The Goals for Today After the training, you will have a better understanding of the new account codes that

439 views • 30 slides
LANDING ACCOUNT PROCEDURES. LANDING ACCOUNT The Landing Account is a report of all the cargo that

LANDING ACCOUNT PROCEDURES. LANDING ACCOUNT The Landing Account is a report of all the cargo that

LANDING ACCOUNT PROCEDURES. LANDING ACCOUNT The Landing Account is a report of all the cargo that was actually discharge from a vessel/aircraft. All Agents/Cargo Reporters are required under section 74(1) of the Customs Act to submit a landing

176 views • 14 slides
Sources and Uses of the Clean Air Account and Texas Emissions Account and Texas Emissions

Sources and Uses of the Clean Air Account and Texas Emissions Account and Texas Emissions

LEGISLATIVE BUDGET BOARD Sources and Uses of the Clean Air Account and Texas Emissions Account and Texas Emissions Reduction Plan Account PRESENTED TO THE HOUSE TRANSPORTATION COMMITTEE SUBCOMMITTEE ON LONG-TERM INFRASTRUCTURE PLANNING

207 views • 19 slides
TDC Special Project Accounts Development Account Contingency Account Donations and

TDC Special Project Accounts Development Account Contingency Account Donations and

TDC Special Project Accounts Development Account Contingency Account Donations and Sponsorships Special Revenue account Currently permissible uses (per TDC plan in ordinance code) Development Account to acquire, construct,

501 views • 23 slides
A Survey on Untransferable Anonymous Credentials 1 Sebastian Pape, Databases and Interactive

A Survey on Untransferable Anonymous Credentials 1 Sebastian Pape, Databases and Interactive

FIDIS / IFIP Summerschool Workshop 2: Privacy Issues Sebastian Pape A Survey on Untransferable Anonymous Credentials 1 Sebastian Pape, Databases and Interactive Systems Research Group Overview Anonymous Credentials Approaches to

382 views • 23 slides
Knowledge is Power and Portable: An In-Depth Look at the Right to Data Portability K Royal ,

Knowledge is Power and Portable: An In-Depth Look at the Right to Data Portability K Royal ,

April 4, 2019 Knowledge is Power and Portable: An In-Depth Look at the Right to Data Portability K Royal , Director, Consulting, TrustArc Margaret Gloeckle , Privacy & Compliance Counsel, A+E Networks Debra Bromson , Assistant General

493 views • 35 slides
Predictive Mitigation of Timing Channels in Interactive Systems Danfeng Zhang , Aslan Askarov,

Predictive Mitigation of Timing Channels in Interactive Systems Danfeng Zhang , Aslan Askarov,

Predictive Mitigation of Timing Channels in Interactive Systems Danfeng Zhang , Aslan Askarov, Andrew C. Myers Cornell University CCS 2011 Timing Channels Hard to detect and prevent 10/20/2011 2 Timing Channels: Examples Cryptographic

664 views • 38 slides
Whats wrong with the world today? Joseph Bonneau (University of Cambridge) Whats in a Name?

Whats wrong with the world today? Joseph Bonneau (University of Cambridge) Whats in a Name?

N EW D IRECTIONS IN D IGITAL P ROTEST Joseph Bonneau jcb82@cl.cam.ac.uk Computer Laboratory Financial Crypto Rump Session Tenerife, Spain January 26, 2010 Joseph Bonneau (University of Cambridge) Whats in a Name? January 26, 2010 1 / 9

431 views • 24 slides
Effective Workplace Writing 1 Professional Writing How do you feel about this sentence? After

Effective Workplace Writing 1 Professional Writing How do you feel about this sentence? After

Professional Writing Effective Workplace Writing 1 Professional Writing How do you feel about this sentence? After establishing the efficacy of leveraging the capacities of the employee-management interface, management opportunities will be

567 views • 44 slides
Darwinism via Forensics People Make Dumb Decisions With Todays Technology Bill Dean, CCE

Darwinism via Forensics People Make Dumb Decisions With Todays Technology Bill Dean, CCE

Darwinism via Forensics People Make Dumb Decisions With Todays Technology Bill Dean, CCE Senior Manager, LBMC Information Security February 7, 2017 Todays Agenda Digital Forensics Basics How Does it work? Applicable Case Studies

646 views • 40 slides
Using Secure Internet and Technology to Support Education in Prison Agenda *** Webinar will be

Using Secure Internet and Technology to Support Education in Prison Agenda *** Webinar will be

November 7, 2019 Using Secure Internet and Technology to Support Education in Prison Agenda *** Webinar will be recorded *** Introduction from Vera Current State and Lessons Learned from North Carolina, Iowa, and Wisconsin Q&A

251 views • 21 slides
Derivatives of Exponential and Logarithmic Functions Michael Freeze MAT 151 UNC Wilmington

Derivatives of Exponential and Logarithmic Functions Michael Freeze MAT 151 UNC Wilmington

Derivatives of Exponential and Logarithmic Functions Michael Freeze MAT 151 UNC Wilmington Summer 2013 1 / 23 Section 4.4 :: Derivatives of Exponential Functions 2 / 23 Derivative of e x d dx ( e x ) = e x Example Find the derivative of y

586 views • 23 slides
Resurgence out of the (literal) box Aleksey Cherman INT, University of Washington work in

Resurgence out of the (literal) box Aleksey Cherman INT, University of Washington work in

Resurgence out of the (literal) box Aleksey Cherman INT, University of Washington work in progress with M. Unsal and D. Dorigoni Resurgence for QFT Belief: QFT observables are transseries in the couplings Generically, all series are separately

585 views • 35 slides

More recommend