Abstract
Investigating the emerging black market of retail email account hacking services.
- Anise, O., and Lady, K. State of the auth: Experiences and perceptions of multi-factor authentication. Duo Security, 2017; https://duo.sc/2kmOBid.Google Scholar
- Cohen, W.W. Enron email dataset, 2015; https://www.cs.cmu.edu/~enron/.Google Scholar
- Coonce, S. The most expensive lesson of my life: Details of SIM port hack, 2019; http://bit.ly/2lGSD4Y.Google Scholar
- Google. Protect users with the Advanced Protection Program; https://support.google.com/a/answer/9010419.Google Scholar
- Google. Protect your business with 2-Step Verification; https://support.google.com/a/answer/175197.Google Scholar
- Google. Verify a user's identity with extra security; https://support.google.com/a/answer/6002699.Google Scholar
- Honan, M. How Apple and Amazon security flaws led to my epic hacking. Wired; https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/.Google Scholar
- Liu, S., Foster, I., Savage, S., Voelker, G.M., Saul, L.K. Who is .com? Learning to parse WHOIS records. In Proceedings of the ACM Internet Measurement Conf., 2015, 369--380; https://dl.acm.org/citation.cfm?id=2815675.2815693.Google Scholar
- Matishak, M. How Podesta became a cybersecurity poster child. Politico 2016; https://politi.co/2m4fNmd.Google Scholar
- Mirian, A., DeBlasio, J., Savage, S., Voelker, G.M., Thomas, K. Hack for hire: Exploring the emerging market for account hijacking. In Proceedings of the World Wide Web Conf., 2019, 1279--1289; https://dl.acm.org/citation.cfm?id=3313489.Google ScholarDigital Library
- Onaolapo, J., Mariconti, E., Stringhini, G. What happens after you are pwnd: Understanding the use of leaked webmail credentials in the wild. In Proceedings of the ACM Internet Measurement Conf., 2016, 65--79; https://dl.acm.org/citation.cfm?id=2987475.Google ScholarDigital Library
- Thomas, K. et al. Framing dependencies introduced by underground commoditization. In Proceedings of the Workshop on the Economics of Information Security, 2015.Google Scholar
- Thomas, K. et al. Data breaches, phishing, or malware? Understanding the risks of stolen credentials. In Proceedings of the ACM Conf. Computer and Communications Security, 2017, 1421--1434; https://dl.acm.org/citation.cfm?id=3134067.Google Scholar
Index Terms
- Hack for hire
Recommendations
Hack for Hire: Investigating the emerging black market of retail email account hacking services
Machine Learning, SecurityHack-for-hire services charging $100-$400 per contract were found to produce sophisticated, persistent, and personalized attacks that were able to bypass 2FA via phishing. The demand for these services, however, appears to be limited to a niche market, ...
Hack for Hire: Exploring the Emerging Market for Account Hijacking
WWW '19: The World Wide Web ConferenceEmail accounts represent an enticing target for attackers, both for the information they contain and the root of trust they provide to other connected web services. While defense-in-depth approaches such as phishing detection, risk analysis, and two-...
Comments