June 29, 2011 at 15:44Using Pastebin to Store Stolen Data
- Transfer
Pastebin is a popular site for storing and sharing text. Although for the most part it is used to distribute legitimate data, it seems that it is often used as a repository for stolen information (network configuration details, authentication records). Various hacker groups and individual hackers distribute their prey with this service. In recent weeks, the LulzSec group has particularly distinguished itself in this.
To find out what information is available on Pastebin, take a look at the Trending Pastes Page :
How does Pastebin attract the hacker community? And why does the compromised record persistently appear there? To understand these questions, I asked on Twitter question : "Why is this, and not any other resource, has become a popular platform for accommodation stolen data?" The replies highlighted the main features of Pastebin:
And Jipe pointed me to an article by Matt Brian Pastebin: How a popular code-sharing site became the ultimate hacker hangout (Pastebin: As a popular service for sharing code, it became the main gathering place for hackers).
Most of all, in Matt's article, I was interested in the comment by Jeroen Vader, the owner of Pastebin, regarding the use of the site to store stolen data. He said:
“Pastebin is a site that millions use every month, and some of them post sensitive information here. We use a good monitoring system for such manifestations, which works around the clock. "
Geron explained that "if a report arrives that the post contains confidential information, then it can be deleted immediately."
It's enough? I can understand why the resource does not want to take on the responsibility of moderating content. However, identifying and tagging files that may contain sensitive information is not too difficult. For starters, Pastebin could just look at the entries that make up the top pages of Trending Pastes.
Pastebin could also automatically perform a signature analysis of the posted data for the content of confidential information. In fact, this was done by Jaime Blasco, who created the PastebinLeaks service , which automatically identifies the stolen data on Pastebin. The service is quite accurate, and its findings published on Twitter are astounding:
The idea is no different from parsing social networks to identify facts of publication of these companies .
Exploring the technological, historical, and sociological reasons behind the popularity of Pastebin for posting stolen data is a very interesting activity. Perhaps more importantly, we need to understand how companies can identify when their data is published on resources such as Pastebin. Also, I hope that such sites will implement proactive monitoring and deal with possible data leaks before formally addressing them with this problem.
What is popular on Pastebin
To find out what information is available on Pastebin, take a look at the Trending Pastes Page :
- listings of subnet addresses belonging to various organizations;
- dumps of compromised Facebook accounts along with email addresses and passwords;
- user databases of compromised websites, including email addresses, access privileges and password hashes;
- results of exporting user tables from compromised databases, including logins and passwords.
Why hackers like Pastebin
How does Pastebin attract the hacker community? And why does the compromised record persistently appear there? To understand these questions, I asked on Twitter question : "Why is this, and not any other resource, has become a popular platform for accommodation stolen data?" The replies highlighted the main features of Pastebin:
- the service is easy to use;
- the service can store large text files;
- no pre-moderation;
- publication does not require registration;
- the service is rooted in the IRC.
And Jipe pointed me to an article by Matt Brian Pastebin: How a popular code-sharing site became the ultimate hacker hangout (Pastebin: As a popular service for sharing code, it became the main gathering place for hackers).
Work on deleting records
Most of all, in Matt's article, I was interested in the comment by Jeroen Vader, the owner of Pastebin, regarding the use of the site to store stolen data. He said:
“Pastebin is a site that millions use every month, and some of them post sensitive information here. We use a good monitoring system for such manifestations, which works around the clock. "
Geron explained that "if a report arrives that the post contains confidential information, then it can be deleted immediately."
It's enough? I can understand why the resource does not want to take on the responsibility of moderating content. However, identifying and tagging files that may contain sensitive information is not too difficult. For starters, Pastebin could just look at the entries that make up the top pages of Trending Pastes.
Automatic search for stolen data on Pastebin
Pastebin could also automatically perform a signature analysis of the posted data for the content of confidential information. In fact, this was done by Jaime Blasco, who created the PastebinLeaks service , which automatically identifies the stolen data on Pastebin. The service is quite accurate, and its findings published on Twitter are astounding:
The idea is no different from parsing social networks to identify facts of publication of these companies .
Exploring the technological, historical, and sociological reasons behind the popularity of Pastebin for posting stolen data is a very interesting activity. Perhaps more importantly, we need to understand how companies can identify when their data is published on resources such as Pastebin. Also, I hope that such sites will implement proactive monitoring and deal with possible data leaks before formally addressing them with this problem.