Impersonation-as-a-Service: Characterizing the EmergingCriminal Infrastructure for User Impersonation at Scale

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

22 Citations (Scopus)


In this paper we provide evidence of an emerging criminal infrastructure enabling impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to systematically collect and enforce user profiles (consisting of user credentials, cookies, device and behavioural fingerprints, and other metadata) to circumvent risk-based authentication system and effectively bypass multi-factor authentication mechanisms. We present the IMPaaS model and evaluate its implementation by analysing the operation of a large, invite-only, Russian IMPaaS platform providing user profiles for more than 260,000 Internet users worldwide. Our findings suggest that the IMPaaS model is growing, and provides the mechanisms needed to systematically evade authentication controls across multiple platforms, while providing attackers with a reliable, up-to-date, and semi-automated environment enabling target selection and user impersonation against Internet users as scale.
Original languageEnglish
Title of host publicationCCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Number of pages16
ISBN (Electronic)9781450370899
Publication statusPublished - 30 Oct 2020


  • impersonation attacks
  • impersonation-as-a-service
  • threat modeling
  • user profiling


Dive into the research topics of 'Impersonation-as-a-Service: Characterizing the EmergingCriminal Infrastructure for User Impersonation at Scale'. Together they form a unique fingerprint.

Cite this