Stolen account credentials: an empirical comparison of online dissemination on different platforms

Renushka Madarie, Stijn Ruiter, Wouter Steenbeek, Edward Kleemans

Research output: Contribution to JournalArticleAcademicpeer-review

Abstract

Account hijacking, i.e. illegitimately accessing someone else’s personal online account, is on the rise and affects not only financial accounts, but the full spectrum of online accounts. To gain more insight in the illicit act of online dissemination of stolen account credentials, we systematically examined how such credentials were offered on three different types of online platforms where stolen credentials were disseminated and how offers varied by platform. We used web scrapes of these platforms for our comparative analyses. Our results demonstrate variation by platform in the type of information on accounts and account holders offered, the average asking price for credentials, and rules and services following a transaction. We conclude with policy implications and suggestions for future research based on the criminal event perspective.
Original languageEnglish
JournalJOURNAL OF CRIME & JUSTICE
DOIs
Publication statusPublished - 13 Dec 2019

Keywords

  • Stolen account credentials
  • criminal event perspective
  • illicit online markets
  • web scrapes

Cite this

@article{08a1e5086a054e6d8fb296846e4fd1ff,
title = "Stolen account credentials: an empirical comparison of online dissemination on different platforms",
abstract = "Account hijacking, i.e. illegitimately accessing someone else’s personal online account, is on the rise and affects not only financial accounts, but the full spectrum of online accounts. To gain more insight in the illicit act of online dissemination of stolen account credentials, we systematically examined how such credentials were offered on three different types of online platforms where stolen credentials were disseminated and how offers varied by platform. We used web scrapes of these platforms for our comparative analyses. Our results demonstrate variation by platform in the type of information on accounts and account holders offered, the average asking price for credentials, and rules and services following a transaction. We conclude with policy implications and suggestions for future research based on the criminal event perspective.",
keywords = "Stolen account credentials, criminal event perspective, illicit online markets, web scrapes",
author = "Renushka Madarie and Stijn Ruiter and Wouter Steenbeek and Edward Kleemans",
year = "2019",
month = "12",
day = "13",
doi = "10.1080/0735648X.2019.1692418",
language = "English",
journal = "Journal of Crime and Justice",
issn = "2158-9119",

}

Stolen account credentials: an empirical comparison of online dissemination on different platforms. / Madarie, Renushka; Ruiter, Stijn; Steenbeek, Wouter; Kleemans, Edward.

In: JOURNAL OF CRIME & JUSTICE, 13.12.2019.

Research output: Contribution to JournalArticleAcademicpeer-review

TY - JOUR

T1 - Stolen account credentials: an empirical comparison of online dissemination on different platforms

AU - Madarie, Renushka

AU - Ruiter, Stijn

AU - Steenbeek, Wouter

AU - Kleemans, Edward

PY - 2019/12/13

Y1 - 2019/12/13

N2 - Account hijacking, i.e. illegitimately accessing someone else’s personal online account, is on the rise and affects not only financial accounts, but the full spectrum of online accounts. To gain more insight in the illicit act of online dissemination of stolen account credentials, we systematically examined how such credentials were offered on three different types of online platforms where stolen credentials were disseminated and how offers varied by platform. We used web scrapes of these platforms for our comparative analyses. Our results demonstrate variation by platform in the type of information on accounts and account holders offered, the average asking price for credentials, and rules and services following a transaction. We conclude with policy implications and suggestions for future research based on the criminal event perspective.

AB - Account hijacking, i.e. illegitimately accessing someone else’s personal online account, is on the rise and affects not only financial accounts, but the full spectrum of online accounts. To gain more insight in the illicit act of online dissemination of stolen account credentials, we systematically examined how such credentials were offered on three different types of online platforms where stolen credentials were disseminated and how offers varied by platform. We used web scrapes of these platforms for our comparative analyses. Our results demonstrate variation by platform in the type of information on accounts and account holders offered, the average asking price for credentials, and rules and services following a transaction. We conclude with policy implications and suggestions for future research based on the criminal event perspective.

KW - Stolen account credentials

KW - criminal event perspective

KW - illicit online markets

KW - web scrapes

U2 - 10.1080/0735648X.2019.1692418

DO - 10.1080/0735648X.2019.1692418

M3 - Article

JO - Journal of Crime and Justice

JF - Journal of Crime and Justice

SN - 2158-9119

ER -