UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Under and over the surface: a comparison of the use of leaked account credentials in the Dark and Surface Web

Bermudez Villalva, D; Onaolapo, J; Stringhini, G; Musolesi, M; (2018) Under and over the surface: a comparison of the use of leaked account credentials in the Dark and Surface Web. Crime Science , 7 , Article 17. 10.1186/s40163-018-0092-6. Green open access

[thumbnail of Under and over the surface published.pdf]
Preview
Text
Under and over the surface published.pdf - Published version

Download (1MB) | Preview

Abstract

The world has seen a dramatic increase in cybercrime, in both the Surface Web, which is the portion of content on the World Wide Web that may be indexed by popular engines, and lately in the Dark Web, a portion that is not indexed by conventional search engines and is accessed through network overlays such as the Tor network. For instance, theft of online service credentials is an emerging problem, especially in the Dark Web, where the average price for someone’s online identity is £820. Previous research studied the modus operandi of criminals that obtain stolen account credentials through Surface Web outlets. As part of an effort to understand how the same crime unfolds in the Surface Web and the Dark Web, this study seeks to compare the modus operandi of criminals acting on both by leaking Gmail honey accounts in Dark Web outlets. The results are compared to a previous similar experiment performed in the Surface Web. Simulating operating activity of criminals, we posted 100 Gmail account credentials on hidden services on the Dark Web and monitored the activity that they attracted using a honeypot infrastructure. More specifically, we analysed the data generated by the two experiments to find differences in the activity observed with the aim of understanding how leaked credentials are used in both Web environments. We observed that different types of malicious activity happen on honey accounts depending on the Web environment they are released on. Our results can provide the research community with insights into how stolen accounts are being manipulated in the wild for different Web environments.

Type: Article
Title: Under and over the surface: a comparison of the use of leaked account credentials in the Dark and Surface Web
Open access status: An open access version is available from UCL Discovery
DOI: 10.1186/s40163-018-0092-6
Publisher version: http://doi.org/10.1186/s40163-018-0092-6
Language: English
Additional information: Copyright © The Author(s) 2018. This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
Keywords: Cybercrime, Account compromise, Measurement
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/10069523
Downloads since deposit
43Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item