A1 Check Yo Self Before You Wreck Yo Self: The New Wave Of Account Checkers And Underground Rewards Fraud presented at ThreatIntelligence 2016

by Ben Brown,

Summary : There's a new wave of account checker gangs and a coinciding explosion in the underground market for goods involving hacked rewards accounts. These groups use automated tools and botnets to roll through credentials leaked from other websites in an attempt to exploit the habit of using the same login credentials across multiple sites. Let's dive into how these new account checker attacks work and how they are cashing out their ill-gotten gains. I'll run through some my real-world and recent incident response events involving these criminal cretins and my subsequent research into the darknet markets that allow them to profit off of their purloined points, vouchers, and miles.