underground
play

Underground Chrysovalantis Christodoulou World Wid ide Web - PowerPoint PPT Presentation

Nov 26, 2022 •271 likes •708 views

The Underground Chrysovalantis Christodoulou World Wid ide Web 28/04/2020 12:06 PM CS682-The Undergraound 2 Trafficking Fraudulent Accounts: The Role le of f the Underground Market in in Twitter Spam and Abuse Kurt Thomas Damon

  1. The Underground Chrysovalantis Christodoulou

  2. World Wid ide Web 28/04/2020 12:06 PM CS682-The Undergraound 2

  3. Trafficking Fraudulent Accounts: The Role le of f the Underground Market in in Twitter Spam and Abuse Kurt Thomas† Damon McCoy‡ Chris Grier† ∗ Alek Kolcz Vern Paxson† ∗ † University of California, Berkeley ‡ George Mason University ∗ International Computer Science Institute Twitter {kthomas, grier, vern}@cs.berkeley.edu, mccoy@cs.gmu.edu, ark@twitter.com 28/04/2020 12:06 PM CS682-The Underground 3

  4. Overview ❑ What are the most popular websites? - Facebook, Google, Twitter, Instagram, etc. ➔ Perfect Target for abuse (Fraud Advertising, Fake News, etc.) ❑ Need for Fraudulent, Spam accounts “Twitter has shut down up to 70 million fake and suspicious accounts- BBC 2018” 28/04/2020 12:06 PM CS682-The Underground 4

  5. Contributions 1. Study the organization of the Underground market by monitoring 27 merchants profiting from the sale of Twitter accounts 2. Study merchants’ techniques for bypassing registration defenses and how barriers affect the accounts’ price 3. Implement a classifier to identify fraudulent accounts 4. Study the impact of the classifier on Twitter spam 28/04/2020 12:06 PM CS682-The Underground 5

  6. Methodology Purchasing from Analyze the Market Tracking merchants Merchants selling Twitter accounts 28/04/2020 12:06 PM CS682-The Underground 6

  7. Id Identify fy Merchants ❑ Total Number of identified Merchants: 27 48 Hours Merchants Distribution Support 14 12 12 10 10 8 6 5 4 2 0 Own Website BlackHat Forums Freelance sites Own Website BlackHat Forums Freelance sites 28/04/2020 12:06 PM CS682-The Underground 7

  8. Purchasing fr from Merchants ❑ 144 orders -> 120K accounts ~ $5000 ❑ Bi-weekly basis from June 2012 – April 2013 ❑ Price Range: $1-20 ❑ Payment Methods: 28/04/2020 12:06 PM CS682-The Underground 8

  9. Periods-Prices Table 1: List of the merchants we track, the months monitored, total purchases performed (#), accounts purchased, and the price per 100 accounts. Source of solicitations include blackhat forums†, Fiverr, and Freelancer and web storefronts‡ 28/04/2020 12:06 PM CS682-The Underground 9

  10. Analysis ❑ Price: $0.04 Median account price ❑ Delivery: 1 day Median time before accounts arrive ❑ Fraud: 13% Accounts resold (Access after sale) ➔ Excellent Service 28/04/2020 12:06 PM CS682-The Underground 10

  11. Analysis (c (cont.) Few changes on Prices due to high availability 28/04/2020 12:06 PM CS682-The Underground 11

  12. Analysis – Price Comparison ❑ Prices from buyaccs.com Web Services Price Per Thousand Hotmail.com (resale*) $2 Hotmail.com $4 Yahoo $6 Twitter $20 Google (PVA)** $100 Facebook (PVA)** $100 * Resale accounts indicates account that was previously used **PVA - Phone Verified Account 28/04/2020 12:06 PM CS682-The Underground 12

  13. Existing Defenses ❑ IP Blacklisting, throttling ❑ Email challenge-response ❑ CAPTCHAs ❑ Phone verification Merchants can circumvent those approaches 28/04/2020 12:06 PM CS682-The Underground 13

  14. IP IP Blacklisting - Bypass ❑ Purchase accounts with unique registration IP: 79% Registration Origin Popularity India 8.50% Ukraine 7.23% Usually low- cost services Turkey 5.93% Thailand 5.40% Mexico 4.61% Other 68.33% 28/04/2020 12:06 PM CS682-The Underground 14

  15. Email Confirmation - Bypass ❑ 77% of accounts was verified by a unique email address ❑ Hotmail & Yahoo Prices: $6/per thousand Average Twitter Price Average Twitter Price without confirmation with confirmation $30 $47 28/04/2020 12:06 PM CS682-The Underground 16

  16. CAPTCHAs - Bypass ❑ ~ 35% of accounts they purchase solved CAPTCHA ❑ Increase the cost of accounts ❑ ~ 92% of the attempts fails But they don’t really care because it’s an automated process 28/04/2020 12:06 PM CS682-The Underground 17

  17. Detecting Fraudulent Accounts (C (Classifier) ❑ Purely based on registration signals ❑ Train on 120K purchased accounts Features: 1 2 3 Automatically generated naming regex Time of registration Sequence of registration events e.g. e.g. Name: Maria Andreou E N E 3 Screen name: mariaksda E 1 E 2 Timing = δ finish – δ start Email: MariaAasdlka912@hotmail.com Welcome Registration Screen Complete 28/04/2020 12:06 PM CS682-The Underground 18

  18. Classifier Performance 99.99% Precision: Percentage of identified accounts that are spam Recall: 95.08% Percentage of all detected spam accounts → Really good Performance 28/04/2020 12:06 PM CS682-The Underground 19

  19. Recall Over Time Need for continuously purchasing 28/04/2020 12:06 PM CS682-The Underground 20

  20. Im Impact on Twitter ❑ Apply the classifier to all register accounts between April 2012 – April 2013 ❑ Detect several million of spam accounts ❑ 27 Merchants was responsible for the 10-20% of all detected spam accounts 28/04/2020 12:06 PM CS682-The Underground 21

  21. Im Impact on Twitter (c (cont.) Estimated Revenue: $127-459K 28/04/2020 12:06 PM CS682-The Underground 22

  22. Disrupting the Market? ❑ Monitoring False Positives - Check how many user complaint about the suspension of their accounts - Achieved Precision: 99.9942% ❑ Monitoring Market immediately after the application of the detector All of the stock got suspended ... Not just mine .. It happened with Temporarily not selling Twitter.com all of the sellers .. Don’t know what accounts twitter has done ... buyaccountsnow.com buyaccs.com April 10, 2013 April 06, 2013 28/04/2020 12:06 PM CS682-The Underground 23

  23. Market Fallout & Recovery ry ❑ Immediately after application of the algorithm → 90% of accounts suspended ❑ 2 weeks after application of the algorithm → 50% of accounts suspended ❑ Market recovers relatively fast, but authors achieve to disrupt it 28/04/2020 12:06 PM CS682-The Underground 24

  24. Conclusions ❑ Buying accounts is relatively easy ❑ The market is responsible for the 10-20% of spam accounts on Twitter ❑ The market generates $127K-459K revenue per year ❑ The market bypass defenses but the cost of accounts get higher ❑ Proposed Machine Learning classifier achieve great, but temporal results ❑ Required stronger defenses after registration 28/04/2020 12:06 PM CS682-The Underground 25

  25. PharmaLeaks: Understanding the Business of f Online Pharmaceutical Affiliate Programs Damon McCoy, George Mason University; Andreas Pitsillidis and Grant Jordan, University of California, San Diego; Nicholas Weaver and Christian Kreibich, University of California, San Diego, and International Computer Science Institute; Brian Krebs, KrebsOnSecurity.com; Geoffrey M. Voelker, Stefan Savage, and Kirill Levchenko, University of California, San Diego

  26. Overview 2 1 Buy Services ( Commission ) Affiliate Marketer (Spammer) Spam Email Purchase/Delivery 3 Affiliate Program User (Customer) (Seller) 28/04/2020 12:06 PM CS682-The Underground 27

  27. Contributions ❑ The contribution of the paper is on its results Main Goal: Extensive study of the pharmacy affiliate programs, because they are a major sponsor of spam (email and web), in order to understand their main aspects, and ultimately, disrupt the whole market 28/04/2020 12:06 PM CS682-The Underground 28

  28. Affiliate Programs ❑ Affiliate Programs operates as a normal business and thus they have the same needs: 1. Good relationship with marketers 2. Good relationship with suppliers (goods and shipping) 3. Easiness on Payment processing ➔ Let’s analyze these aspects! 28/04/2020 12:06 PM CS682-The Underground 29

  29. Methodology Customer Demographics Product Popularity Affiliates general operation Leaked Datasets Analyze Data Outcomes 28/04/2020 12:06 PM CS682-The Underground 30

  30. Leaked Datasets ❑ Numerous “leaked” sources of financial and operational data for 3 affiliate programs. - Leaked data was a result of competitive hacking “war” *SpamIt is a fork of GlavMed and probably they are operating with the same people 28/04/2020 12:06 PM CS682-The Underground 31

  31. Customer Demographics Orders Revenue Rate (%) Affiliate Repeated Country Program Customers United States 1,044,173 74.8 Revenue (%) Great Britain 88,823 6.4 27 GlavMed Canada 53,113 3.8 38 SpamIt Germany 39,353 2.8 RX-Promotion 9-23 Australia 31,918 2.3 France 29,581 2.1 Italy 15,406 1.1 Switzerland 10,478 0.8 Spain 9,578 0.7 Repeated Customers shows Sweden 7,717 0.6 satisfaction Other 65,277 4.6 28/04/2020 12:06 PM CS682-The Underground 32

  32. Product Demographics *Without ED products SpamIt 28/04/2020 12:06 PM CS682-The Underground 33

  33. Affiliates General Operation – Payments Lose relationship with payment method (VISA) 28/04/2020 12:06 PM CS682-The Underground 34

  34. Affiliates General Operation – Registrations Avg. new customers for: GlavMed/SmaIt = ~ 3,500/week RX-Promotion = ~ 1,500/week Market is growing 28/04/2020 12:06 PM CS682-The Underground 35

Recommend

The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

July 26 th , 2017 To: Landmarks Preservation Board From: Ron Taylor/Structural Engineer Re. Answers to the questions: Going underground is not practical or feasible The construction challenges of going underground are not unusual. Many museums

533 views • 6 slides
Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground

Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground

Bernard Sadoulet Dept. of Physics /LBNL UC Berkeley UC Institute for Nuclear and Particle Astrophysics and Cosmology (INPAC) Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground science Motivations

586 views • 43 slides
Kimballton Underground Research Facility www.phys.vt.edu/~kimballton US Deep Underground

Kimballton Underground Research Facility www.phys.vt.edu/~kimballton US Deep Underground

Kimballton Underground Research Facility www.phys.vt.edu/~kimballton US Deep Underground Laboratories Homestake Soudan (SURF) Kimballton WIPP Key KURF Features 1450 mwe shielding drive in access ample space hour from major

570 views • 25 slides
underground Planning and subterranean development Jonathan Bore Going underground...

underground Planning and subterranean development Jonathan Bore Going underground...

Going underground Planning and subterranean development Jonathan Bore Going underground... Background Why here? Why now? Pros and cons Number of applications Permitted development Impact during construction

282 views • 17 slides
Underground Poetry and Poems on the Underground Robert Crawshaw Lancaster University CLE

Underground Poetry and Poems on the Underground Robert Crawshaw Lancaster University CLE

Underground Poetry and Poems on the Underground Robert Crawshaw Lancaster University CLE conference 16-18 April 2015 Amy Mcallister Priority https://www.youtube.com/wa tch?v=dkNZmDzqoeQ

340 views • 7 slides
UNDERGROUND ECONOMIES GRAD SEC OCT 17 2017 TODAYS PAPERS UNDERGROUND ECONOMIES

UNDERGROUND ECONOMIES GRAD SEC OCT 17 2017 TODAYS PAPERS UNDERGROUND ECONOMIES

UNDERGROUND ECONOMIES GRAD SEC OCT 17 2017 TODAYS PAPERS UNDERGROUND ECONOMIES Economics drives both the attacks and the defenses What is for sale? Who sells it? How? Defenders: Antivirus vendors, firewall vendors, etc.

781 views • 42 slides
INVESTOR PRESENTATION GLOBAL UNDERGROUND MINING GLOBAL UNDERGROUND MINING PLATFORM PLATFORM

INVESTOR PRESENTATION GLOBAL UNDERGROUND MINING GLOBAL UNDERGROUND MINING PLATFORM PLATFORM

INVESTOR PRESENTATION GLOBAL UNDERGROUND MINING GLOBAL UNDERGROUND MINING PLATFORM PLATFORM Engineered Excellence 23 April 2014 AGENDA Safety Structure & Service Offering Client Base Contracting Arrangements 222

341 views • 19 slides
Underground Laboratories Underground Laboratories Eugenio Coccia INFN Laboratori Nazionali del

Underground Laboratories Underground Laboratories Eugenio Coccia INFN Laboratori Nazionali del

TAUP 2009 Rome July 1-5 2009 Underground Laboratories Underground Laboratories Eugenio Coccia INFN Laboratori Nazionali del Gran Sasso and Universit di Roma Tor Vergata coccia@lngs.infn.it Thanks to Alessandro Bettini, Fabrice Piquemal,

991 views • 87 slides
Backgrounds in underground laboratories Vitaly A. Kudryavtsev University of Sheffield

Backgrounds in underground laboratories Vitaly A. Kudryavtsev University of Sheffield

Backgrounds in underground laboratories Vitaly A. Kudryavtsev University of Sheffield Contributions from many others Outline (and some notes) Built on ILIAS work: background studies for underground experiments. This study is

650 views • 16 slides
Town of Palm Beach Underground Utilities Update PALM BEACH CIVIC ASSOCIATION COMMUNITY FORUM

Town of Palm Beach Underground Utilities Update PALM BEACH CIVIC ASSOCIATION COMMUNITY FORUM

Town of Palm Beach Underground Utilities Update PALM BEACH CIVIC ASSOCIATION COMMUNITY FORUM NOVEMBER 16, 2017 OVERHEAD VS UNDERGROUND BARRER ISLANDS, FPL REPORTS & HURRICANE IRMA THE TOWN OBTAINED DIRECT FEEDBACK FROM OTHER UNDERGROUND

340 views • 14 slides
Better Cities, Better Lives The contribution of Underground Space to Urban Development

Better Cities, Better Lives The contribution of Underground Space to Urban Development

Better Cities, Better Lives The contribution of Underground Space to Urban Development 26-10-2011 | Wuhan | ITA Technical Seminar - ISOCARP congress ITA-AITES International Tunnelling and Underground Space Association Founded in

550 views • 41 slides
The ANDES underground laboratory in Latin-America Jonathan Miller Fermilab - May 14, 2018 World

The ANDES underground laboratory in Latin-America Jonathan Miller Fermilab - May 14, 2018 World

The ANDES underground laboratory in Latin-America Jonathan Miller Fermilab - May 14, 2018 World map of underground laboratories 2 / 27 Updated world map of underground laboratories 3 / 27 The Agua Negra tunnel (Coquimbo - San Juan)

421 views • 27 slides
SNOLAB Construction Status and Experimental Program SNOLAB located 2 km underground in an

SNOLAB Construction Status and Experimental Program SNOLAB located 2 km underground in an

M. Chen Queens University SNOLAB Construction Status and Experimental Program SNOLAB located 2 km underground in an active nickel mine near Sudbury, Canada its an expansion of the underground facility on the same level as the SNO

469 views • 30 slides
Laboratory Underground Nuclear Astrophysics Study of the BBN reaction D( 4 He , ) 6 Li deep

Laboratory Underground Nuclear Astrophysics Study of the BBN reaction D( 4 He , ) 6 Li deep

Laboratory Underground Nuclear Astrophysics Study of the BBN reaction D( 4 He , ) 6 Li deep underground with LUNA Carlo Gustavino For the LUNA collaboration Big Bang Nucleosynthesis Primordial abundance of light elements 6 Li

667 views • 20 slides
Low pH concrete resistance Low pH concrete resistance against underground water against

Low pH concrete resistance Low pH concrete resistance against underground water against

MECHANISMS AND MODELLING OF WASTE/CEMENT INTERACTIONS 2 nd International Workshop Low pH concrete resistance Low pH concrete resistance against underground water against underground water aggression aggression Jos Luis Garca Calvo 1 , Ana

602 views • 23 slides
Discovery of underground reservoir of argon with low level of 39 Ar TAUP 2007 - Sendai -

Discovery of underground reservoir of argon with low level of 39 Ar TAUP 2007 - Sendai -

Discovery of underground reservoir of argon with low level of 39 Ar TAUP 2007 - Sendai - September 11 2007 Cristiano Galbiati, on behalf of Outline Part of research program funded by NSF Motivation for exploration of underground

442 views • 18 slides
A search for Neutrinoless Double Beta Decay, AMoRE, and a New Underground Facility Young

A search for Neutrinoless Double Beta Decay, AMoRE, and a New Underground Facility Young

A search for Neutrinoless Double Beta Decay, AMoRE, and a New Underground Facility Young Soo Yoon Center for Underground Physics Institute for Basic Science T2HKK International Workshop Seoul National University, Nov. 21-22, 2016

431 views • 31 slides
COSINE-100 experiment Hyun Su Lee Center for Underground Physics (CUP) Institute for Basic

COSINE-100 experiment Hyun Su Lee Center for Underground Physics (CUP) Institute for Basic

Dark matter search with NaI(Tl) crystals COSINE-100 experiment Hyun Su Lee Center for Underground Physics (CUP) Institute for Basic Science (IBS) On behalf of the COSINE-100 Collaboration Revealing the history of the universe with underground

923 views • 63 slides
Electric Underground Plan The Plan Overall goal is to put the entire distribution system

Electric Underground Plan The Plan Overall goal is to put the entire distribution system

Electric Underground Plan The Plan Overall goal is to put the entire distribution system underground City issues $18 million in bonds to fund Phase 1 This initial phase is comprised of two parts: 9.3 miles of mainline feeders

633 views • 37 slides
Science in underground laboratories The ANDES Initiative Xavier Bertou Centro At omico

Science in underground laboratories The ANDES Initiative Xavier Bertou Centro At omico

Science in underground laboratories The ANDES Initiative Xavier Bertou Centro At omico Bariloche CNEA/CONICET ISAPP school 2019 @ the Pierre Auger Observatory Why would one want to go underground? HAWC/LAGO, Sierra Negra, Mexico LAGO, M

821 views • 80 slides
Budapest 3D underground map Katalin Zsoldi PhD student Etvs Lornd University Budapest,

Budapest 3D underground map Katalin Zsoldi PhD student Etvs Lornd University Budapest,

26th International Cartograpic Conference, 2013 Dresden Budapest 3D underground map Katalin Zsoldi PhD student Etvs Lornd University Budapest, Hungary Why to create Budapest underground map? Budapest is a beutiful city with a lot

676 views • 18 slides
Waterproof lining in underground structures Alv Hanstvedt Technical Director Hydrovision 2012,

Waterproof lining in underground structures Alv Hanstvedt Technical Director Hydrovision 2012,

Waterproof lining in underground structures Alv Hanstvedt Technical Director Hydrovision 2012, New Dehli Content page: 1. Company 2. Products 3. Corrosion problem associated with humidity in underground env. 4. Solutions to avoid humidity

458 views • 27 slides
Advances in In-Situ Testing of Ventilation Control Devices for Underground Mines Greg Kay

Advances in In-Situ Testing of Ventilation Control Devices for Underground Mines Greg Kay

Advances in In-Situ Testing of Ventilation Control Devices for Underground Mines Greg Kay Aquacrete, Newcastle, NSW, Australia Michael Salu Parsons Brinckerhoff, Brisbane, QLD, Australia ABSTRACT: As underground mines increasingly face the

739 views • 6 slides
Thermo hydro mechanical coupling for underground waste storage simulations Clment Chavant -

Thermo hydro mechanical coupling for underground waste storage simulations Clment Chavant -

Thermo hydro mechanical coupling for underground waste storage simulations Clment Chavant - Sylvie Granet Romo Frenandes EDF R&D 1 december 20 , 2006 Journe Momas Outline Underground waste storage concepts Main

469 views • 26 slides

More recommend