All your accounts are belong to us

Abstract

Over the last several years, there have been a number of high profile and well-publicized data breaches. These breaches led to the theft of personal, financial, and health information from users who are often only notified of such breaches well after they occur and the damage has already been done. Cyber criminals use account cracking tools, which are software programs that help miscreants gain access to users’ online accounts, to perform credential stuffing attacks against the credentials exposed by these breaches. In this paper, we study underground forums where intelligence related to popular account cracking tools is exchanged and investigate miscreants’ motivations to use such tools to break into accounts. We also study six free and paid cracking tools used to steal user accounts and develop machine learning classifiers capable of detecting network packets generated by them. Organizations maintaining user accounts can utilize our classifiers to identify traffic related to cracking tools and defend against their attacks.