Impersonation-as-a-Service: Characterizing the EmergingCriminal Infrastructure for User Impersonation at Scale

Michele Campobasso; Luca Allodi

doi:10.1145/3372297.3417892

Impersonation-as-a-Service: Characterizing the EmergingCriminal Infrastructure for User Impersonation at Scale

Michele Campobasso, Luca Allodi

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

30 Citaten (Scopus)

Samenvatting

In this paper we provide evidence of an emerging criminal infrastructure enabling impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to systematically collect and enforce user profiles (consisting of user credentials, cookies, device and behavioural fingerprints, and other metadata) to circumvent risk-based authentication system and effectively bypass multi-factor authentication mechanisms. We present the IMPaaS model and evaluate its implementation by analysing the operation of a large, invite-only, Russian IMPaaS platform providing user profiles for more than 260,000 Internet users worldwide. Our findings suggest that the IMPaaS model is growing, and provides the mechanisms needed to systematically evade authentication controls across multiple platforms, while providing attackers with a reliable, up-to-date, and semi-automated environment enabling target selection and user impersonation against Internet users as scale.

Originele taal-2	Engels
Titel	CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
Uitgeverij	Association for Computing Machinery, Inc
Pagina's	1665-1680
Aantal pagina's	16
ISBN van elektronische versie	9781450370899
DOI's	https://doi.org/10.1145/3372297.3417892
Status	Gepubliceerd - 30 okt. 2020

Duurzame ontwikkelingsdoelstellingen van de VN

Deze output draagt bij aan de volgende duurzame ontwikkelingsdoelstelling(en)

Toegang tot document

10.1145/3372297.3417892

Andere bestanden en links

Link to publication in Scopus

TU/e legt Russische handel in digitale 'fingerprints' bloot
Campobasso, M. & Allodi, L.
28/11/20
1 item van Media-aandacht
Pers / media: PR activiteiten
Omvangrijke criminele online handel in gebruikersprofielen
Campobasso, M. & Allodi, L.
4/11/20
1 item van Media-aandacht
Pers / media: PR activiteiten
Data duizenden Nederlanders op Russisch forum (bottom of page)
Campobasso, M. & Allodi, L.
31/10/20
1 item van Media-aandacht
Pers / media: PR activiteiten

30 Citaties
1 Conferentiebijdrage

THREAT/crawl: a Trainable, Highly-Reusable, and Extensible Automated Method and Tool to Crawl Criminal Underground Forums
Campobasso, M. & Allodi, L., 2022, Proceedings of the 2022 APWG Symposium on Electronic Crime Research, eCrime 2022. 14 blz.
Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

Open Access
2 Citaten (Scopus)

Citeer dit

@inproceedings{7d75e27091c64fc3b519f286908fb171,

title = "Impersonation-as-a-Service: Characterizing the EmergingCriminal Infrastructure for User Impersonation at Scale",

abstract = "In this paper we provide evidence of an emerging criminal infrastructure enabling impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to systematically collect and enforce user profiles (consisting of user credentials, cookies, device and behavioural fingerprints, and other metadata) to circumvent risk-based authentication system and effectively bypass multi-factor authentication mechanisms. We present the IMPaaS model and evaluate its implementation by analysing the operation of a large, invite-only, Russian IMPaaS platform providing user profiles for more than 260,000 Internet users worldwide. Our findings suggest that the IMPaaS model is growing, and provides the mechanisms needed to systematically evade authentication controls across multiple platforms, while providing attackers with a reliable, up-to-date, and semi-automated environment enabling target selection and user impersonation against Internet users as scale.",

keywords = "impersonation attacks, impersonation-as-a-service, threat modeling, user profiling",

author = "Michele Campobasso and Luca Allodi",

year = "2020",

month = oct,

day = "30",

doi = "10.1145/3372297.3417892",

language = "English",

pages = "1665--1680",

booktitle = "CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

address = "United States",

}

Impersonation-as-a-Service: Characterizing the EmergingCriminal Infrastructure for User Impersonation at Scale. / Campobasso, Michele ; Allodi, Luca.
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2020. blz. 1665-1680.

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - Impersonation-as-a-Service: Characterizing the EmergingCriminal Infrastructure for User Impersonation at Scale

AU - Campobasso, Michele

AU - Allodi, Luca

PY - 2020/10/30

Y1 - 2020/10/30

N2 - In this paper we provide evidence of an emerging criminal infrastructure enabling impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to systematically collect and enforce user profiles (consisting of user credentials, cookies, device and behavioural fingerprints, and other metadata) to circumvent risk-based authentication system and effectively bypass multi-factor authentication mechanisms. We present the IMPaaS model and evaluate its implementation by analysing the operation of a large, invite-only, Russian IMPaaS platform providing user profiles for more than 260,000 Internet users worldwide. Our findings suggest that the IMPaaS model is growing, and provides the mechanisms needed to systematically evade authentication controls across multiple platforms, while providing attackers with a reliable, up-to-date, and semi-automated environment enabling target selection and user impersonation against Internet users as scale.

AB - In this paper we provide evidence of an emerging criminal infrastructure enabling impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to systematically collect and enforce user profiles (consisting of user credentials, cookies, device and behavioural fingerprints, and other metadata) to circumvent risk-based authentication system and effectively bypass multi-factor authentication mechanisms. We present the IMPaaS model and evaluate its implementation by analysing the operation of a large, invite-only, Russian IMPaaS platform providing user profiles for more than 260,000 Internet users worldwide. Our findings suggest that the IMPaaS model is growing, and provides the mechanisms needed to systematically evade authentication controls across multiple platforms, while providing attackers with a reliable, up-to-date, and semi-automated environment enabling target selection and user impersonation against Internet users as scale.

KW - impersonation attacks

KW - impersonation-as-a-service

KW - threat modeling

KW - user profiling

UR - http://www.scopus.com/inward/record.url?scp=85096191391&partnerID=8YFLogxK

U2 - 10.1145/3372297.3417892

DO - 10.1145/3372297.3417892

M3 - Conference contribution

SP - 1665

EP - 1680

BT - CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

ER -

Impersonation-as-a-Service: Characterizing the EmergingCriminal Infrastructure for User Impersonation at Scale

Samenvatting

Duurzame ontwikkelingsdoelstellingen van de VN

Toegang tot document

Andere bestanden en links

Vingerafdruk

Pers/Media

TU/e legt Russische handel in digitale 'fingerprints' bloot

Omvangrijke criminele online handel in gebruikersprofielen

Data duizenden Nederlanders op Russisch forum (bottom of page)

Onderzoekersoutput

THREAT/crawl: a Trainable, Highly-Reusable, and Extensible Automated Method and Tool to Crawl Criminal Underground Forums

Citeer dit