Credential Fraud Detection and Remediation in Media Consumption Services (2020)

By Steven Epstein, Synamedia

Accessing another’s credentials has always been a major goal of hackers or pirates. Typically, pirates would perform phishing or even spear phishing attacks on naïve or unsuspecting targeted individuals. In these attacks, the hacker would send a user a link to some embellished website mimicking a known banking, credit card or other financial site. It would request the unsuspecting user to enter their personal credentials. Once the credentials were entered and transferred to the pirate, the pirate could now perform bank transfers, embezzle money or even take over the victim’s account. These attacks were very costly to financial institutions and other highly secure websites, but not highly effective or scaleable. That’s because in order to be successful, phishing sites required much intelligence to send the proper link to the appropriate users and even so most users did not take the bait.

In the last five years however, a new more scaleable and effective method of accessing another’s credentials has become increasingly popular. This form of piracy, known as credential stuffing, is based on two historical realities:

  1. In the past 10 years, thousands of identity databases belonging to large websites, have been breached leading to the identity theft of tens of billions of credentials.
  2. Most people reuse the same credentials (username and password) on multiple sites as a convenient way of remembering them.

Given these two facts, new credential stuffing tools were created to enable a set of bots over proxies or VPNs to discover active breached credentials from a set of popular websites. The diagram below illustrates how credential stuffing attacks are performed.

A pirate purchases millions of username/password combinations (combos) extracted from breached websites, and configures a set of bots, proxies, desired websites and scripts describing login navigation details of each of these desired sites. The pirate then inputs all these artifacts into credential stuffing tools.

The tool then assigns bots to try all of these combos on each of the popular websites, using navigation instructions within scripts, and connect to them via separate proxies or VPNs. In order to go undetected, different IP addresses are used for each malicious attempt! The tool returns a subset of the list of credentials that are still active on each popular site. This attack is effective because most users tend to employ the same username/password combination across most of their websites.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

A Taxonomy of Fraud Experienced by Network Service Providers
By Kevin Taylor & Michael Khalilian, Comcast; Steve Goeringer, CableLabs; Eric Winter, Cox Communications
Fraud Prevention and Privacy Law: Emerging Conflicts Between Privacy Law and Fraud Prevention
By Will Bracker, Cox Communications; Steve Goeringer & Simon Krauss, CableLabs
Abuse And Fraud Detection In High-Speed-Data Networks
By Pat Darisme, NARUS Inc.
Automated Detection for Theft of OTT Services and Content
By Lucas Catranis, Brian Yuan & Dave Belt, Irdeto
Theft Of Service In High Speed Data Services: A Way To Deal With This Difficult Problem
By Jonathan Schmidt, PerfTech Bulletin Services
Deploying IP Video Services, Architectures and Technologies
By Eduardo M. Panciera Molanes, Adrian Grimaldi, Norberto Harmath, Gaston Diaz & Marcos Aberastury, Telecom S.A.
Security and Privacy IoT Vulnerabilities: The Danger of Too Many Entry Points
By Mangesh Bhamre, Plume Design, Inc.
Demand Side Management Considerations In Advanced Network Deployment
By Dean Ericson, Dan Carter, Media Management Services, Inc.
VoIP Services: PacketCable Delivers A Comprehensive System
By David McIntosh, Maria Stachelek, CableLabs
Hi-Ovis In New Media Era
By Masahiro Kawahata, Visual Information System Development Association
More Results >>