Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild

被引:39
作者
Bursztein, Elie [1 ]
Benko, Borbala [1 ]
Margolis, Daniel [1 ]
Pietraszek, Tadek [1 ]
Archer, Andy [1 ]
Aquino, Allan [1 ]
Pitsillidis, Andreas [2 ]
Savage, Stefan [2 ]
机构
[1] Google Inc, Menlo Pk, CA 94025 USA
[2] Univ Calif San Diego, San Diego, CA 92103 USA
来源
PROCEEDINGS OF THE 2014 ACM INTERNET MEASUREMENT CONFERENCE (IMC'14) | 2014年
关键词
D O I
10.1145/2663716.2663749
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Online accounts are inherently valuable resources-both for the data they contain and the reputation they accrue over time. Unsurprisingly, this value drives criminals to steal, or hijack, such accounts. In this paper we focus on manual account hijacking-account hijacking performed manually by humans instead of botnets. We describe the details of the hijacking workflow: the attack vectors, the exploitation phase, and post-hijacking remediation. Finally we share, as a large online company, which defense strategies we found effective to curb manual hijacking.
引用
收藏
页码:347 / 358
页数:12
相关论文
共 24 条
[1]  
[Anonymous], GLOB PHISH SURV TREN
[2]  
Aviv AJ., 2010, P 4 USENIX C OFF TEC, V10, P1
[3]  
Cialdini RB., 1993, INFLUENCE PSYCHOL PE
[4]  
FBI, 2013, TECHNICAL REPORT
[5]  
Gao H., 2010, SIGCOMM
[6]  
Garera S., 2007, WORM 07
[7]  
Grier C., 2010, P ACM C COMP COMM SE
[8]  
Hearn M., 2013, UPDATE OUR WAR ACCOU
[9]  
IOActive, REV AN ZEUS SPYEYE B
[10]   Social phishing [J].
Jagatic, Tom N. ;
Johnson, Nathaniel A. ;
Jakobsson, Markus ;
Menczer, Filippo .
COMMUNICATIONS OF THE ACM, 2007, 50 (10) :94-100
123