Abstract
Over the last several years, there have been a number of high profile and well-publicized data breaches. These breaches led to the theft of personal, financial, and health information from users who are often only notified of such breaches well after they occur and the damage has already been done. Cyber criminals use account cracking tools, which are software programs that help miscreants gain access to users’ online accounts, to perform credential stuffing attacks against the credentials exposed by these breaches.
In this paper, we study underground forums where intelligence related to popular account cracking tools is exchanged and investigate miscreants’ motivations to use such tools to break into accounts. We also study six free and paid cracking tools used to steal user accounts and develop machine learning classifiers capable of detecting network packets generated by them. Organizations maintaining user accounts can utilize our classifiers to identify traffic related to cracking tools and defend against their attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
In this Section we are looking at the users who posted at least one message in the config file subforums since we are unable to get the data on those who do not post any messages.
References
Sentry MBA (2016). https://sentry.mba/tool?id=1. Accessed 28 May 2017
Abreu, L.P.B.: Morphing Web Pages to Preclude Web Page Tampering Threats (2016)
Afroz, S., Garg, V., McCoy, D., Greenstadt, R.: Honor among thieves: a common’s analysis of cybercrime economies. In: Proceedings of the eCrime Researchers Summit (eCRS). IEEE (2013)
Agarwal, S.: The Half-Day Attack: From Compromise to Cash with Sentry MBA (2016). https://goo.gl/Yb08S9. Accessed 01 June 2017
Allodi, L., Corradin, M., Massacci, F.: Then and now: on the maturity of the cybercrime markets (the lesson that black-hat marketeers learned). IEEE Trans. Emerg. Top. Comput. 1, 1 (2015)
Allodi, L., Shim, W., Massacci, F.: Quantitative assessment of risk reduction with cybercrime black market monitoring. In: Proceedings of the Security and Privacy Workshops (SPW). IEEE (2013)
Anderson, R., et al.: Measuring the cost of cybercrime. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 265–300. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_12
Ben-Meir, E.: Sentry MBA: A Tale of the Most Popular Credential Stuffing Attack Tool (2017). https://goo.gl/bFDn1b. Accessed 01 June 2017
Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K., Kalita, J.K.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. 57(4), 537–556 (2014)
Bleau, H.: Credential Checking Services Soar in Popularity on Dark Web (2016). https://goo.gl/yq3Vxf. Accessed 01 June 2017
Buddah: Vertex 1.0.4 (2016). https://goo.gl/yORQUV. Accessed 28 May 2017
Burgess, M., Temperton, J.: The security flaws at the heart of the Panama Papers (2016). https://goo.gl/b49RaQ. Accessed 28 Oct 2016
Christin, N.: Traveling the Silk Road: a measurement analysis of a large anonymous online marketplace. In: Proceedings of the International Conference on World Wide Web (WWW). ACM (2013)
ConfigMasta: AIOHNB tool v 2.7.8 [Full version] (2016). https://goo.gl/PjYLl2. Accessed 28 May 2017
Cymru, T.: The underground economy: priceless. Technical report, Login: 31(6) (2006)
DavePS: voidproducts (2016). https://goo.gl/GaIKik. Accessed 28 May 2017
Davey, M.: Red Cross Blood Service data breach: personal details of 550,000 blood donors leaked (2016). https://goo.gl/ls3ZJM. Accessed 28 Oct 2016
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput, Netw. 44(5), 643–666 (2004)
Drašar, M.: Behavioral detection of distributed dictionary attacks. Ph.D. thesis, Masaryk University, Brno, Czech Republic (2015)
Fallmann, H., Wondracek, G., Platzer, C.: Covertly probing underground economy marketplaces. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 101–110. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14215-4_6
Fiegerman, S.: Yahoo says 500 million accounts stolen (2016). https://goo.gl/EjJfTt. Accessed 28 Oct 2016
Foundation, W.: Wireshark - Go deep (2017). https://www.wireshark.org/. Accessed 20 May 2017
Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In: Proceedings of the Conference on Computer and Communications Security (CCS). ACM (2007)
Garg, V., Afroz, S., Overdorf, R., Greenstadt, R.: Computer-supported cooperative crime. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 32–43. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_3
H3God: \(>>\) MULTIHACKER \(<<\)\(||\) HACK FB/IG/TWITTER/REDDIT/SKYPE + MORE ACCOUNTS - 8 HACKERS IN 1 (2016). https://goo.gl/WvRu1Z. Accessed 28 May 2017
Herley, C., Florêncio, D.: Nobody sells gold for the price of silver: dishonesty, uncertainty and the underground economy. In: Moore, T., Pym, D., Ioannidis, C. (eds.) Economics of Information Security and Privacy, pp. 33–53. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-6967-5_3
Holt, T.J.: Examining the forces shaping cybercrime markets online. Soc. Sci. Comput. Rev. 31(2), 165–177 (2013)
Holt, T.J.: Exploring the social organisation and structure of stolen data markets. Global Crime 14(2–3), 155–174 (2013)
Holt, T.J., Lampke, E.: Exploring stolen data markets online: products and market forces. Crim. Justice Stud. 23(1), 33–50 (2010)
ImadTheMAD: Introduction: What is Account Hitman? (2011). https://goo.gl/i1dZhj. Accessed 28 May 2017
Kumar, P.A.R., Selvakumar, S.: Distributed denial of service attack detection using an ensemble of neural classifier. Comput. Commun. 34(11), 1328–1341 (2011)
Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proceedings of the USENIX Security Symposium (1998)
Leontiadis, N.: Structuring disincentives for online criminals. Ph.D. thesis, Carnegie Mellon University Pittsburgh, PA (2014)
Li, W., Chen, H.: Identifying top sellers in underground economy using deep learning-based sentiment analysis. In: Proceedings of the Intelligence and Security Informatics Conference (JISIC), pp. 64–67. IEEE (2014)
Mann, D., Sutton, M.: NETCRIME more change in the organization of thieving. Br. J. Criminol. 38(2), 201–229 (1998)
McCoy, D., Pitsillidis, A., Jordan, G., Weaver, N., Kreibich, C., Krebs, B., Voelker, G.M., Savage, S., Levchenko, K.: PharmaLeaks: understanding the business of online pharmaceutical affiliate programs. In: Proceedings of the USENIX Security Symposium (2012)
Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G.M.: An analysis of underground forums. In: Proceedings of the SIGCOMM Internet Measurement Conference (IMC). ACM (2011)
Nadji, Y., Antonakakis, M., Perdisci, R., Lee, W.: Connected colors: unveiling the structure of criminal networks. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 390–410. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41284-4_20
Nakashima, E.: Russian government hackers penetrated DNC, stole opposition research on Trump (2016). https://goo.gl/IKkgjt. Accessed 28 Oct 2016
Ollmann, G.: Stopping automated attack tools. Whitepaper-NGS software insight security research (2005)
Pleasant, R.: Ubuntu Forums data breach exposes 2 million users (2016). https://goo.gl/IZJc0b. Accessed 28 Oct 2016
Radianti, J.: A study of a social behavior inside the online black markets. In: Proceedings of the International Conference on Emerging Security Information Systems and Technologies (SECURWARE). IEEE (2010)
Ritthoff, O., Klinkenberg, R., Fischer, S., Mierswa, I., Felske, S.: Yale: yet another learning environment. In: Proceedings of the Tagungsband der GI-Workshop-Woche Lernen - Lehren - Wissen - Adaptivitat (LLWA) (2001)
Sang-Hun, C.: North Korea Stole Data of Millions of Online Consumers, South Says (2016). https://goo.gl/Ul7dmo. Accessed 28 Oct 2016
sentinel.deny.de: Sentry Readme (2003). http://sentinel.deny.de/ReadmeSentry.txt, https://goo.gl/eiTdBL. Accessed 01 June 2017
sentinel.deny.de: Sentry (2016). http://sentinel.deny.de/sentry.php, https://goo.gl/Dw2l3k. Accessed 01 June 2017
Shadows, D.: Protect Your Customer and Employee Accounts: 7 Ways To Mitigate the Growing Risks of Account Takeovers (2017). https://goo.gl/xrfhaO. Accessed 01 June 2017
Shin, Y., Gupta, M., Myers, S.: The nuts and bolts of a forum spam automator. In: Proceedings of the Conference on Large-scale Exploits and Emergent Threats (LEET). USENIX Association (2011)
Shulman, A.: The underground credentials market. Comput. Fraud Secur. 2010(3), 5–8 (2010)
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: Proceedings of the Symposium on Security and Privacy (SP). IEEE (2010)
Sood, A.K., Enbody, R.J.: Crimeware-as-a-service a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Prot. 6(1), 28–38 (2013)
Stone-Gross, B., Abman, R., Kemmerer, R.A., Kruegel, C., Steigerwald, D.G., Vigna, G.: The underground economy of fake antivirus software. In: Schneier, B. (ed.) Economics of Information Security and Privacy III, pp. 55–78. Springer, New York (2013). https://doi.org/10.1007/978-1-4614-1981-5_4
Stringhini, G., Wang, G., Egele, M., Kruegel, C., Vigna, G., Zheng, H., Zhao, B.Y.: Follow the green: growth and dynamics in twitter follower markets. In: Proceedings of the Internet Measurement Conference (IMC). ACM (2013)
Thee, D.: Sentry MBA: A Tale of the Most Widely Used Credential Stuffing Attack Tool (2017). https://goo.gl/n8XY1U. Accessed 01 June 2017
Thomas, K., McCoy, D., Grier, C., Kolcz, A., Paxson, V.: Trafficking fraudulent accounts: the role of the underground market in Twitter spam and abuse. In: Proceedings of the Conference on Security (SEC). USENIX Association (2013)
Wagner, J.: Reset Those Passwords - Again: Over 6 Million ClixSense Users Compromised by Data Breach (2016). https://goo.gl/YBnkOL. Accessed 28 Oct 2016
Wang, X., Kohno, T., Blakley, B.: Polymorphism as a defense for automated attack of websites. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 513–530. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_30
Williamson, W.: What Happens to Stolen Data After a Breach? (2014). https://goo.gl/0ByDhi. Accessed 30 May 2017
Yip, M., Shadbolt, N., Tiropanis, T., Webber, C.: The digital underground economy: a social network approach to understanding cybercrime. In: Digital Futures 2012: The Third Annual Digital Economy All Hands Conference (2012)
Yip, M., Shadbolt, N., Webber, C.: Structural analysis of online criminal social networks. In: 2012 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 60–65. IEEE (2012)
Yip, M., Shadbolt, N., Webber, C.: Why forums?: an empirical analysis into the facilitating factors of carding forums. In: Proceedings of the Annual Web Science Conference (WebSci). ACM (2013)
Yip, M., Webber, C., Shadbolt, N.: Trust among cybercriminals? Carding forums, uncertainty and implications for policing. J. Polic. Soc. 23(4), 516–539 (2013)
Zaidi, N.A., Cerquides, J., Carman, M.J., Webb, G.I.: Alleviating naive Bayes attribute independence assumption by attribute weighting. J. Mach. Learn. Res. 14(1), 1947–1988 (2013)
Zavodchik, M.: Mitigating “Sentry MBA” - Credentials Stuffing Threat (2017). https://goo.gl/1JT0dQ. Accessed 01 June 2017
Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., Zou, W.: Studying malicious websites and the underground economy on the chinese web. In: Johnson, M.E. (ed.) Managing Information Risk and the Economics of Security, pp. 225–244. Springer, Boston (2009). https://doi.org/10.1007/978-0-387-09762-6_11
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Bulakh, V., Kaizer, A.J., Gupta, M. (2018). All Your Accounts Are Belong to Us. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 238. Springer, Cham. https://doi.org/10.1007/978-3-319-78813-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-78813-5_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-78812-8
Online ISBN: 978-3-319-78813-5
eBook Packages: Computer ScienceComputer Science (R0)