Releases of usernames and passwords, referred to as credential dumps, have become an increasingly popular shared resource over the past decade, especially within underground communities. The sharing of compromised credentials by cybercriminals is done in order to demonstrate technical capability, increase reputation, and to augment one's legitimacy within criminal communities. There has been minimal research demonstrating standardized methods for identifying the distribution of credential dumps or the origin(s) of where a dump first surfaced. There has also been a lack of research related to the open source intelligence that can be obtained through tracing the distribution of dumps across the Internet. This research presents a method called REAPER which demonstrates how to leverage unique data points within credential dumps to identify its distribution, while also providing an in-depth look into the intelligence that can be gained by observing the criminal activities associated with the credentials dumped.
[1]
Cormac Herley,et al.
Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy
,
2009,
WEIS.
[2]
Binit Pradhanang.
Woah!! Have I been pwned? Check if your email has been compromised in a data breach
,
2016
.
[3]
Nigel Shadbolt,et al.
Why forums?: an empirical analysis into the facilitating factors of carding forums
,
2013,
WebSci.
[4]
Stefan Savage,et al.
An analysis of underground forums
,
2011,
IMC '11.
[5]
Damon McCoy,et al.
Honor among thieves: A common's analysis of cybercrime economies
,
2013,
2013 APWG eCrime Researchers Summit.