Check Yo Self Before You Wreck Yo Self: The New Wave Of Account Checkers And Underground Rewards Fraud

Presented at Hackfest 2016, Nov. 4, 2016, 1:30 p.m. (Unknown duration)

There's a new wave of account checker gangs and a coinciding explosion in the underground market for goods involving hacked rewards accounts. These groups use automated tools and botnets to roll through credentials leaked from other websites in an attempt to exploit the habit of using the same login credentials across multiple sites. Let's dive into how these new account checker attacks work and how they are cashing out their ill-gotten gains. I'll run through some my real-world and recent incident response events involving these criminal cretins and my subsequent research into the darknet markets that allow them to profit off of their purloined points, vouchers, and miles.


Presenters:

  • Benjamin Brown
    Benjamin Brown currently works on darknet research, threat intelligence, incident response, and adversarial resilience at Akamai Technologies. He has experience in the non-profit, academic, and corporate worlds as well as degrees in both Anthropology and International Studies. Research interests include darknet and deepweb ethnographic studies, novel and side-channel attack vectors, radio systems, the psychology and anthropology of information security, metacognitive techniques for intelligence analysis, threat actor profiling, and thinking about security as an ecology of complex systems.

Links:

Similar Presentations: