Skip to main content
SpringerLink
Log in

All Your Accounts Are Belong to Us

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2017)

  • 1635 Accesses

Abstract

Over the last several years, there have been a number of high profile and well-publicized data breaches. These breaches led to the theft of personal, financial, and health information from users who are often only notified of such breaches well after they occur and the damage has already been done. Cyber criminals use account cracking tools, which are software programs that help miscreants gain access to users’ online accounts, to perform credential stuffing attacks against the credentials exposed by these breaches.

In this paper, we study underground forums where intelligence related to popular account cracking tools is exchanged and investigate miscreants’ motivations to use such tools to break into accounts. We also study six free and paid cracking tools used to steal user accounts and develop machine learning classifiers capable of detecting network packets generated by them. Organizations maintaining user accounts can utilize our classifiers to identify traffic related to cracking tools and defend against their attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 143.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Although it is possible that some of those could be referring to different Sentries, such as the original Sentry [46], which is the predecessor of Sentry MBA [19], a manual analysis of 25 threads revealed that all of them were about Sentry MBA.

  2. 2.

    In this Section we are looking at the users who posted at least one message in the config file subforums since we are unable to get the data on those who do not post any messages.

References

  1. Sentry MBA (2016). https://sentry.mba/tool?id=1. Accessed 28 May 2017

  2. Abreu, L.P.B.: Morphing Web Pages to Preclude Web Page Tampering Threats (2016)

    Google Scholar 

  3. Afroz, S., Garg, V., McCoy, D., Greenstadt, R.: Honor among thieves: a common’s analysis of cybercrime economies. In: Proceedings of the eCrime Researchers Summit (eCRS). IEEE (2013)

    Google Scholar 

  4. Agarwal, S.: The Half-Day Attack: From Compromise to Cash with Sentry MBA (2016). https://goo.gl/Yb08S9. Accessed 01 June 2017

  5. Allodi, L., Corradin, M., Massacci, F.: Then and now: on the maturity of the cybercrime markets (the lesson that black-hat marketeers learned). IEEE Trans. Emerg. Top. Comput. 1, 1 (2015)

    Google Scholar 

  6. Allodi, L., Shim, W., Massacci, F.: Quantitative assessment of risk reduction with cybercrime black market monitoring. In: Proceedings of the Security and Privacy Workshops (SPW). IEEE (2013)

    Google Scholar 

  7. Anderson, R., et al.: Measuring the cost of cybercrime. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 265–300. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_12

    Chapter  Google Scholar 

  8. Ben-Meir, E.: Sentry MBA: A Tale of the Most Popular Credential Stuffing Attack Tool (2017). https://goo.gl/bFDn1b. Accessed 01 June 2017

  9. Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K., Kalita, J.K.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. 57(4), 537–556 (2014)

    Article  Google Scholar 

  10. Bleau, H.: Credential Checking Services Soar in Popularity on Dark Web (2016). https://goo.gl/yq3Vxf. Accessed 01 June 2017

  11. Buddah: Vertex 1.0.4 (2016). https://goo.gl/yORQUV. Accessed 28 May 2017

  12. Burgess, M., Temperton, J.: The security flaws at the heart of the Panama Papers (2016). https://goo.gl/b49RaQ. Accessed 28 Oct 2016

  13. Christin, N.: Traveling the Silk Road: a measurement analysis of a large anonymous online marketplace. In: Proceedings of the International Conference on World Wide Web (WWW). ACM (2013)

    Google Scholar 

  14. ConfigMasta: AIOHNB tool v 2.7.8 [Full version] (2016). https://goo.gl/PjYLl2. Accessed 28 May 2017

  15. Cymru, T.: The underground economy: priceless. Technical report, Login: 31(6) (2006)

    Google Scholar 

  16. DavePS: voidproducts (2016). https://goo.gl/GaIKik. Accessed 28 May 2017

  17. Davey, M.: Red Cross Blood Service data breach: personal details of 550,000 blood donors leaked (2016). https://goo.gl/ls3ZJM. Accessed 28 Oct 2016

  18. Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput, Netw. 44(5), 643–666 (2004)

    Article  Google Scholar 

  19. Drašar, M.: Behavioral detection of distributed dictionary attacks. Ph.D. thesis, Masaryk University, Brno, Czech Republic (2015)

    Google Scholar 

  20. Fallmann, H., Wondracek, G., Platzer, C.: Covertly probing underground economy marketplaces. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 101–110. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14215-4_6

    Chapter  Google Scholar 

  21. Fiegerman, S.: Yahoo says 500 million accounts stolen (2016). https://goo.gl/EjJfTt. Accessed 28 Oct 2016

  22. Foundation, W.: Wireshark - Go deep (2017). https://www.wireshark.org/. Accessed 20 May 2017

  23. Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In: Proceedings of the Conference on Computer and Communications Security (CCS). ACM (2007)

    Google Scholar 

  24. Garg, V., Afroz, S., Overdorf, R., Greenstadt, R.: Computer-supported cooperative crime. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 32–43. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_3

    Chapter  Google Scholar 

  25. H3God: \(>>\) MULTIHACKER \(<<\)\(||\) HACK FB/IG/TWITTER/REDDIT/SKYPE + MORE ACCOUNTS - 8 HACKERS IN 1 (2016). https://goo.gl/WvRu1Z. Accessed 28 May 2017

  26. Herley, C., Florêncio, D.: Nobody sells gold for the price of silver: dishonesty, uncertainty and the underground economy. In: Moore, T., Pym, D., Ioannidis, C. (eds.) Economics of Information Security and Privacy, pp. 33–53. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-6967-5_3

    Chapter  Google Scholar 

  27. Holt, T.J.: Examining the forces shaping cybercrime markets online. Soc. Sci. Comput. Rev. 31(2), 165–177 (2013)

    Article  Google Scholar 

  28. Holt, T.J.: Exploring the social organisation and structure of stolen data markets. Global Crime 14(2–3), 155–174 (2013)

    Article  Google Scholar 

  29. Holt, T.J., Lampke, E.: Exploring stolen data markets online: products and market forces. Crim. Justice Stud. 23(1), 33–50 (2010)

    Article  Google Scholar 

  30. ImadTheMAD: Introduction: What is Account Hitman? (2011). https://goo.gl/i1dZhj. Accessed 28 May 2017

  31. Kumar, P.A.R., Selvakumar, S.: Distributed denial of service attack detection using an ensemble of neural classifier. Comput. Commun. 34(11), 1328–1341 (2011)

    Article  Google Scholar 

  32. Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proceedings of the USENIX Security Symposium (1998)

    Google Scholar 

  33. Leontiadis, N.: Structuring disincentives for online criminals. Ph.D. thesis, Carnegie Mellon University Pittsburgh, PA (2014)

    Google Scholar 

  34. Li, W., Chen, H.: Identifying top sellers in underground economy using deep learning-based sentiment analysis. In: Proceedings of the Intelligence and Security Informatics Conference (JISIC), pp. 64–67. IEEE (2014)

    Google Scholar 

  35. Mann, D., Sutton, M.: NETCRIME more change in the organization of thieving. Br. J. Criminol. 38(2), 201–229 (1998)

    Article  Google Scholar 

  36. McCoy, D., Pitsillidis, A., Jordan, G., Weaver, N., Kreibich, C., Krebs, B., Voelker, G.M., Savage, S., Levchenko, K.: PharmaLeaks: understanding the business of online pharmaceutical affiliate programs. In: Proceedings of the USENIX Security Symposium (2012)

    Google Scholar 

  37. Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G.M.: An analysis of underground forums. In: Proceedings of the SIGCOMM Internet Measurement Conference (IMC). ACM (2011)

    Google Scholar 

  38. Nadji, Y., Antonakakis, M., Perdisci, R., Lee, W.: Connected colors: unveiling the structure of criminal networks. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 390–410. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41284-4_20

    Chapter  Google Scholar 

  39. Nakashima, E.: Russian government hackers penetrated DNC, stole opposition research on Trump (2016). https://goo.gl/IKkgjt. Accessed 28 Oct 2016

  40. Ollmann, G.: Stopping automated attack tools. Whitepaper-NGS software insight security research (2005)

    Google Scholar 

  41. Pleasant, R.: Ubuntu Forums data breach exposes 2 million users (2016). https://goo.gl/IZJc0b. Accessed 28 Oct 2016

  42. Radianti, J.: A study of a social behavior inside the online black markets. In: Proceedings of the International Conference on Emerging Security Information Systems and Technologies (SECURWARE). IEEE (2010)

    Google Scholar 

  43. Ritthoff, O., Klinkenberg, R., Fischer, S., Mierswa, I., Felske, S.: Yale: yet another learning environment. In: Proceedings of the Tagungsband der GI-Workshop-Woche Lernen - Lehren - Wissen - Adaptivitat (LLWA) (2001)

    Google Scholar 

  44. Sang-Hun, C.: North Korea Stole Data of Millions of Online Consumers, South Says (2016). https://goo.gl/Ul7dmo. Accessed 28 Oct 2016

  45. sentinel.deny.de: Sentry Readme (2003). http://sentinel.deny.de/ReadmeSentry.txt, https://goo.gl/eiTdBL. Accessed 01 June 2017

  46. sentinel.deny.de: Sentry (2016). http://sentinel.deny.de/sentry.php, https://goo.gl/Dw2l3k. Accessed 01 June 2017

  47. Shadows, D.: Protect Your Customer and Employee Accounts: 7 Ways To Mitigate the Growing Risks of Account Takeovers (2017). https://goo.gl/xrfhaO. Accessed 01 June 2017

  48. Shin, Y., Gupta, M., Myers, S.: The nuts and bolts of a forum spam automator. In: Proceedings of the Conference on Large-scale Exploits and Emergent Threats (LEET). USENIX Association (2011)

    Google Scholar 

  49. Shulman, A.: The underground credentials market. Comput. Fraud Secur. 2010(3), 5–8 (2010)

    Article  Google Scholar 

  50. Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: Proceedings of the Symposium on Security and Privacy (SP). IEEE (2010)

    Google Scholar 

  51. Sood, A.K., Enbody, R.J.: Crimeware-as-a-service a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Prot. 6(1), 28–38 (2013)

    Article  Google Scholar 

  52. Stone-Gross, B., Abman, R., Kemmerer, R.A., Kruegel, C., Steigerwald, D.G., Vigna, G.: The underground economy of fake antivirus software. In: Schneier, B. (ed.) Economics of Information Security and Privacy III, pp. 55–78. Springer, New York (2013). https://doi.org/10.1007/978-1-4614-1981-5_4

    Chapter  Google Scholar 

  53. Stringhini, G., Wang, G., Egele, M., Kruegel, C., Vigna, G., Zheng, H., Zhao, B.Y.: Follow the green: growth and dynamics in twitter follower markets. In: Proceedings of the Internet Measurement Conference (IMC). ACM (2013)

    Google Scholar 

  54. Thee, D.: Sentry MBA: A Tale of the Most Widely Used Credential Stuffing Attack Tool (2017). https://goo.gl/n8XY1U. Accessed 01 June 2017

  55. Thomas, K., McCoy, D., Grier, C., Kolcz, A., Paxson, V.: Trafficking fraudulent accounts: the role of the underground market in Twitter spam and abuse. In: Proceedings of the Conference on Security (SEC). USENIX Association (2013)

    Google Scholar 

  56. Wagner, J.: Reset Those Passwords - Again: Over 6 Million ClixSense Users Compromised by Data Breach (2016). https://goo.gl/YBnkOL. Accessed 28 Oct 2016

  57. Wang, X., Kohno, T., Blakley, B.: Polymorphism as a defense for automated attack of websites. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 513–530. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_30

    Chapter  Google Scholar 

  58. Williamson, W.: What Happens to Stolen Data After a Breach? (2014). https://goo.gl/0ByDhi. Accessed 30 May 2017

  59. Yip, M., Shadbolt, N., Tiropanis, T., Webber, C.: The digital underground economy: a social network approach to understanding cybercrime. In: Digital Futures 2012: The Third Annual Digital Economy All Hands Conference (2012)

    Google Scholar 

  60. Yip, M., Shadbolt, N., Webber, C.: Structural analysis of online criminal social networks. In: 2012 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 60–65. IEEE (2012)

    Google Scholar 

  61. Yip, M., Shadbolt, N., Webber, C.: Why forums?: an empirical analysis into the facilitating factors of carding forums. In: Proceedings of the Annual Web Science Conference (WebSci). ACM (2013)

    Google Scholar 

  62. Yip, M., Webber, C., Shadbolt, N.: Trust among cybercriminals? Carding forums, uncertainty and implications for policing. J. Polic. Soc. 23(4), 516–539 (2013)

    Article  Google Scholar 

  63. Zaidi, N.A., Cerquides, J., Carman, M.J., Webb, G.I.: Alleviating naive Bayes attribute independence assumption by attribute weighting. J. Mach. Learn. Res. 14(1), 1947–1988 (2013)

    MathSciNet  MATH  Google Scholar 

  64. Zavodchik, M.: Mitigating “Sentry MBA” - Credentials Stuffing Threat (2017). https://goo.gl/1JT0dQ. Accessed 01 June 2017

  65. Zhuge, J., Holz, T., Song, C., Guo, J., Han, X., Zou, W.: Studying malicious websites and the underground economy on the chinese web. In: Johnson, M.E. (ed.) Managing Information Risk and the Economics of Security, pp. 225–244. Springer, Boston (2009). https://doi.org/10.1007/978-0-387-09762-6_11

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indiana University, Bloomington, IN, 47405, USA

    Vlad Bulakh & Andrew J. Kaizer

  2. Edmodo Inc., San Mateo, CA, 94403, USA

    Minaxi Gupta

Authors
  1. Vlad Bulakh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrew J. Kaizer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Minaxi Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vlad Bulakh .

Editor information

Editors and Affiliations

  1. Wilfrid Laurier University, Waterloo, Ontario, Canada

    Xiaodong Lin

  2. University of New Brunswick, Fredericton, New Brunswick, Canada

    Ali Ghorbani

  3. University at Buffalo, Buffalo, New York, USA

    Kui Ren

  4. Pennsylvania State University, Philadelphia, Pennsylvania, USA

    Sencun Zhu

  5. Anhui Normal University, Wuhu, China

    Aiqing Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bulakh, V., Kaizer, A.J., Gupta, M. (2018). All Your Accounts Are Belong to Us. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 238. Springer, Cham. https://doi.org/10.1007/978-3-319-78813-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-78813-5_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-78812-8

  • Online ISBN: 978-3-319-78813-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation