UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Credentials In The Wild

Onaolapo, J; Mariconti, E; Stringhini, G; (2016) What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Credentials In The Wild. In: Proceedings of the ACM Internet Measurement Conference 2016 (IMC 2016). (pp. pp. 65-79). Association for Computing Machinery (ACM): New York, NY, USA. Green open access

[thumbnail of paper.pdf]
Preview
Text
paper.pdf - Accepted version

Download (1MB) | Preview

Abstract

Cybercriminals steal access credentials to online accounts and then misuse them for their own profit, release them publicly, or sell them on the underground market. Despite the importance of this problem, the research community still lacks a comprehensive understanding of what these stolen accounts are used for. In this paper, we aim to shed light on the modus operandi of miscreants accessing stolen Gmail accounts. We developed an infrastructure that is able to monitor the activity performed by users on Gmail accounts, and leaked credentials to 100 accounts under our control through various means, such as having information-stealing malware capture them, leaking them on public paste sites, and posting them on underground forums. We then monitored the activity recorded on these accounts over a period of 7 months. Our observations allowed us to devise a taxonomy of malicious activity performed on stolen Gmail accounts, to identify differences in the behavior of cybercriminals that get access to stolen accounts through different means, and to identify systematic attempts to evade the protection systems in place at Gmail and blend in with the legitimate user activity. This paper gives the research community a better understanding of a so far understudied, yet critical aspect of the cybercrime economy.

Type: Proceedings paper
Title: What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Credentials In The Wild
Event: ACM Internet Measurement Conference 2016 (IMC 2016)
Location: Santa Monica, CA
Dates: 14 November 2016 - 16 November 2016
ISBN-13: 978-1-4503-4526-2
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/2987443.2987475
Publisher version: http://doi.org/10.1145/2987443.2987475
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/1505967
Downloads since deposit
1,024Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item