Use Pastebin to store stolen data
Pastebin is a popular site for storing and sharing text. Although for the most part it is used to distribute legitimate data, it appears that it is often used as a repository for stolen information (network configuration details, authentication records). Various hacker groups and individual hackers spread their loot with this service. In recent weeks, the LulzSec grouping has been particularly notable.
To find out what information is available on Pastebin, take a look at the Trending Pastes Page :
What makes Pastebin a hacker community? And why are there compromised records persistently appearing? To understand these questions, I asked the question on Twitter: “Why did this, and not any other resource, become a popular platform for placing stolen data?” The received answers emphasized the main features of Pastebin:
And Jipe pointed me to the article by Matt Brian Pastebin: Pastebin: How the popular shared code service became the main gathering place for hackers.
Most of all, in the article by Matt, I was interested in the comment by Gerona Vader (Jeroen Vader), owner of Pastebin, regarding the use of the site for storing stolen data. He said:
“Pastebin is a website that millions use every month, and some of them post confidential information here. We use a good monitoring system for such manifestations that works around the clock. ”
Geron explained that "if a report arrives that the post contains confidential information, it can be immediately deleted."
It's enough? I can understand why the resource does not want to assume the responsibility of moderating content. However, identifying and tagging files that may contain sensitive information is not too difficult. For a start, Pastebin could simply look at the entries that make up the top of the Trending Pastes page.
')
Pastebin could also automatically carry out a signature analysis of the data to be placed in order to keep confidential information. In fact, this was done by Jaime Blasco, who created the PastebinLeaks service, which automatically identifies the stolen data on Pastebin. The service is fairly accurate, and its findings, posted on Twitter, amaze:
The idea is no different from parsing social networks to identify the facts of the publication of these companies .
Exploring the technological, historical and sociological reasons for the popularity of Pastebin for placing stolen data is a very interesting activity. Perhaps more importantly, we need to understand how companies can identify whether their data has been published on Pastebin resources. Also, I hope that such sites will implement proactive monitoring and deal with possible data leaks before formally addressing this problem to them.
What is popular on Pastebin
To find out what information is available on Pastebin, take a look at the Trending Pastes Page :
- listings of addresses of subnets belonging to various organizations;
- dumps of compromised Facebook accounts along with email addresses and passwords;
- user databases of compromised websites, including email addresses, access privileges and password hashes;
- results of exporting user tables from compromised databases, including logins and passwords.
Why hackers like Pastebin
What makes Pastebin a hacker community? And why are there compromised records persistently appearing? To understand these questions, I asked the question on Twitter: “Why did this, and not any other resource, become a popular platform for placing stolen data?” The received answers emphasized the main features of Pastebin:
- the service is easy to use;
- the service can store large text files;
- no pre-moderation;
- publication does not require registration;
- the service goes back to IRC.
And Jipe pointed me to the article by Matt Brian Pastebin: Pastebin: How the popular shared code service became the main gathering place for hackers.
Work on removing records
Most of all, in the article by Matt, I was interested in the comment by Gerona Vader (Jeroen Vader), owner of Pastebin, regarding the use of the site for storing stolen data. He said:
“Pastebin is a website that millions use every month, and some of them post confidential information here. We use a good monitoring system for such manifestations that works around the clock. ”
Geron explained that "if a report arrives that the post contains confidential information, it can be immediately deleted."
It's enough? I can understand why the resource does not want to assume the responsibility of moderating content. However, identifying and tagging files that may contain sensitive information is not too difficult. For a start, Pastebin could simply look at the entries that make up the top of the Trending Pastes page.
')
Automatic search of stolen data on Pastebin
Pastebin could also automatically carry out a signature analysis of the data to be placed in order to keep confidential information. In fact, this was done by Jaime Blasco, who created the PastebinLeaks service, which automatically identifies the stolen data on Pastebin. The service is fairly accurate, and its findings, posted on Twitter, amaze:
The idea is no different from parsing social networks to identify the facts of the publication of these companies .
Exploring the technological, historical and sociological reasons for the popularity of Pastebin for placing stolen data is a very interesting activity. Perhaps more importantly, we need to understand how companies can identify whether their data has been published on Pastebin resources. Also, I hope that such sites will implement proactive monitoring and deal with possible data leaks before formally addressing this problem to them.
Source: https://habr.com/ru/post/123007/
All Articles