Ariana Mirian
Abstract
Investigating the emerging black market of retail email account hacking services.
- Anise, O., and Lady, K. State of the auth: Experiences and perceptions of multi-factor authentication. Duo Security, 2017; https://duo.sc/2kmOBid.Google Scholar
- Cohen, W.W. Enron email dataset, 2015; https://www.cs.cmu.edu/~enron/.Google Scholar
- Coonce, S. The most expensive lesson of my life: Details of SIM port hack, 2019; http://bit.ly/2lGSD4Y.Google Scholar
- Google. Protect users with the Advanced Protection Program; https://support.google.com/a/answer/9010419.Google Scholar
- Google. Protect your business with 2-Step Verification; https://support.google.com/a/answer/175197.Google Scholar
- Google. Verify a user's identity with extra security; https://support.google.com/a/answer/6002699.Google Scholar
- Honan, M. How Apple and Amazon security flaws led to my epic hacking. Wired; https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/.Google Scholar
- Liu, S., Foster, I., Savage, S., Voelker, G.M., Saul, L.K. Who is .com? Learning to parse WHOIS records. In Proceedings of the ACM Internet Measurement Conf., 2015, 369--380; https://dl.acm.org/citation.cfm?id=2815675.2815693.Google Scholar
- Matishak, M. How Podesta became a cybersecurity poster child. Politico 2016; https://politi.co/2m4fNmd.Google Scholar
- Mirian, A., DeBlasio, J., Savage, S., Voelker, G.M., Thomas, K. Hack for hire: Exploring the emerging market for account hijacking. In Proceedings of the World Wide Web Conf., 2019, 1279--1289; https://dl.acm.org/citation.cfm?id=3313489.Google ScholarDigital Library
- Onaolapo, J., Mariconti, E., Stringhini, G. What happens after you are pwnd: Understanding the use of leaked webmail credentials in the wild. In Proceedings of the ACM Internet Measurement Conf., 2016, 65--79; https://dl.acm.org/citation.cfm?id=2987475.Google ScholarDigital Library
- Thomas, K. et al. Framing dependencies introduced by underground commoditization. In Proceedings of the Workshop on the Economics of Information Security, 2015.Google Scholar
- Thomas, K. et al. Data breaches, phishing, or malware? Understanding the risks of stolen credentials. In Proceedings of the ACM Conf. Computer and Communications Security, 2017, 1421--1434; https://dl.acm.org/citation.cfm?id=3134067.Google Scholar
Index Terms
- Hack for hire
Recommendations
Hack for Hire: Investigating the emerging black market of retail email account hacking services
Machine Learning, SecurityHack-for-hire services charging $100-$400 per contract were found to produce sophisticated, persistent, and personalized attacks that were able to bypass 2FA via phishing. The demand for these services, however, appears to be limited to a niche market, ...
Hack for Hire: Exploring the Emerging Market for Account Hijacking
WWW '19: The World Wide Web ConferenceEmail accounts represent an enticing target for attackers, both for the information they contain and the root of trust they provide to other connected web services. While defense-in-depth approaches such as phishing detection, risk analysis, and two-...
Reviews
Amos O Olagunju
Attackers continue to seek account numbers and password information in order to compromise the bank and credit card accounts of customers. Understanding how hackers obtain user information can help enterprises install adequate security measures and save millions of dollars. But how should organizations identify black markets to minimize financial damage control In an effort to recommend effective security measures for today's interconnected worldwide online transaction industries, this insightful paper outlines the characteristics for identifying hired hackers in online business transactions. Mirian presents compelling online fraud data to chronicle how hijackers (1) use complex phishing attacks against enterprises lacking a universal 2nd factor (U2F) mechanism, and (2) search through internationally marketed media to identify victims. The author discusses the executed fraud investigations of numerous email account services, specifically Google accounts, to gain insights into the characteristics of hijacking attackers. Can keywords in different languages be used for hacking services How do hackers strategically use false positive user identities to select and buy merchandise How do hackers lure victims into phishing and dubious online activities Consequently, Mirian convincingly presents some strategies for identifying attacker behaviors and educating online shoppers. "It takes a thief to catch a thief" is an excellent caption for this great practice paper.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments