Abstract
Hack-for-hire services charging $100-$400 per contract were found to produce sophisticated, persistent, and personalized attacks that were able to bypass 2FA via phishing. The demand for these services, however, appears to be limited to a niche market, as evidenced by the small number of discoverable services, an even smaller number of successful services, and the fact that these attackers target only about one in a million Google users.
- Anise, O., Lady, K. 2017. State of the auth: experiences and perceptions of multi-factor authentication. Duo Security; https://duo.com/blog/state-of-the-auth-experiences-and-perceptions-of-multi-factor-authentication.Google Scholar
- Cohen, W. W. 2015. Enron email dataset; https://www.cs.cmu.edu/~enron/.Google Scholar
- Coonce, S. 2019. The most expensive lesson of my life: details of SIM port hack; https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124.Google Scholar
- Google. Protect users with the Advanced Protection Program; https://support.google.com/a/answer/9010419.Google Scholar
- Google. Protect your business with 2-Step Verification; https://support.google.com/a/answer/175197.Google Scholar
- Google. Verify a user's identity with extra security; https://support.google.com/a/answer/6002699.Google Scholar
- Honan, M. 2012. How Apple and Amazon security flaws led to my epic hacking. Wired; https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/.Google Scholar
- Liu, S., Foster, I., Savage, S., Voelker, G. M., Saul, L. K. 2015. Who is .com? Learning to parse WHOIS records. In Proceedings of the ACM Internet Measurement Conference (IMC), 369-380; https://dl.acm.org/citation.cfm?id=2815675.2815693.Google Scholar
- Matishak, M. 2016. How Podesta became a cybersecurity poster child. Politico; https://www.politico.com/story/2016/10/john-podesta-cybersecurity-hacked-emails-230122.Google Scholar
- Mirian, A., DeBlasio, J., Savage, S., Voelker, G. M., Thomas, K. 2019. Hack for hire: exploring the emerging market for account hijacking. In Proceedings of the World Wide Web Conference (WWW), 1279-1289; https://dl.acm.org/citation.cfm?id=3313489.Google ScholarDigital Library
- Onaolapo, J., Mariconti, E., Stringhini, G. 2016. What happens after you are pwnd: understanding the use of leaked webmail credentials in the wild. In Proceedings of the ACM Internet Measurement Conference (IMC), 65-79; https://dl.acm.org/citation.cfm?id=2987475.Google ScholarDigital Library
- Thomas, K., Huang, D. Y., Wang, D., Bursztein, E., Grier, C., Holt, T., Kruegel, C., McCoy, D., Savage, S., Vigna G. 2015. Framing dependencies introduced by underground commoditization. In Proceedings of the Workshop on the Economics of Information Security (WEIS).Google Scholar
- Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., Markov, Y., Comanescu, O., Eranti, V., Moscicki, A., Margolis, D., Paxson, V., Bursztein, E. 2017. Data breaches, phishing, or malware?: understanding the risks of stolen credentials. In Proceedings of the ACM Conference on Computer and Communications Security, 1421-1434; https://dl.acm.org/citation.cfm?id=3134067.Google ScholarDigital Library
Index Terms
- Hack for Hire: Investigating the emerging black market of retail email account hacking services
Recommendations
Hack for Hire: Exploring the Emerging Market for Account Hijacking
WWW '19: The World Wide Web ConferenceEmail accounts represent an enticing target for attackers, both for the information they contain and the root of trust they provide to other connected web services. While defense-in-depth approaches such as phishing detection, risk analysis, and two-...
Teaching students to hack: ethical implications in teaching students to hack at the university level
InfoSecCD '06: Proceedings of the 3rd annual conference on Information security curriculum developmentHacking has become a widespread problem with the onset of the digital age and the nearly universal access to the internet and other digital media. It is important for individuals, corporations, and the government to protect themselves from being ...
Comments