Measuring the Use of Stolen Accounts by Cybercriminals

Cybercriminals compromise user credentials and later access their accounts with the goal of performing additional activities (e.g., sending spam or harvesting sensitive information). In this project we set up believable fake accounts (honeypots) and have criminals access them, with the goal of better understanding their modus operandi and their motivations.


What Happens After You Are Pwnd: Understanding The Use of Leaked Account Credentials In The Wild

Jeremiah Onaolapo, Enrico Mariconti, and Gianluca Stringhini.
IMC, 2016.

Under and over the surface: a comparison of the use of leaked account credentials in the Dark and Surface Web

Dario Adriano Bermudez Villalva, Jeremiah Onaolapo, Mirco Musolesi, and Gianluca Stringhini.
Journal of Crime Science, 2018.

Honey Sheets: What Happens to Leaked Google Spreadsheets?

Martin Lazarov, Jeremiah Onaolapo, and Gianluca Stringhini.
CSET, 2016.

BABELTOWER: How Language Affects Criminal Activity in Stolen Webmail Accounts

Emeric Bernard-Jones, Jeremiah Onaolapo, and Gianluca Stringhini.


Source code for the honeypot infrastructure


Data from the IMC 2016 paper