Sleeping Giants: The Sleeper Cell Problem Is Bigger Than You Think
All online services are fighting the battle against fraud. Promotions abuse, mass registration, fraudulent transactions, and fake reputation boosting are all prevalent attacks against online services who interact with consumers. In this talk, we describe in detail a phenomenon we call “sleeper cells” that allow these fraudulent accounts to appear like legitimate users and stay under the radar.
Unlike newly registered accounts, users with long active histories are desirable for many reasons, including stronger resilience against fraud detections and better sellable value. These dormant accounts --- which we refer to as “sleeper cells” --- are used for testing or carrying out the attack in stages, and lie in wait for months or even years until the time is right for an assault.
We present an analysis of sleeper cells based on over 500 billion events and 400 million user accounts from global online services over the past two years. More specifically, our study reveals the extent to which sleeper cells exist in modern online services, the length of their hibernation prior to launching attacks, and evidence of sleeper cells account trafficking.
Speaker Bio:
All online services are fighting the battle against fraud. Promotions abuse, mass registration, fraudulent transactions, and fake reputation boosting are all prevalent attacks against online services who interact with consumers. In this talk, we describe in detail a phenomenon we call “sleeper cells” that allow these fraudulent accounts to appear like legitimate users and stay under the radar.
Unlike newly registered accounts, users with long active histories are desirable for many reasons, including stronger resilience against fraud detections and better sellable value. These dormant accounts --- which we refer to as “sleeper cells” --- are used for testing or carrying out the attack in stages, and lie in wait for months or even years until the time is right for an assault.
We present an analysis of sleeper cells based on over 500 billion events and 400 million user accounts from global online services over the past two years. More specifically, our study reveals the extent to which sleeper cells exist in modern online services, the length of their hibernation prior to launching attacks, and evidence of sleeper cells account trafficking.
Speaker Bio:
Dr. Ting-Fang Yen is a research scientist at DataVisor, a startup that provides big data security analytics for consumer-facing online services. Her daily job involves analyzing customer data to understand online attacks and how they are orchestrated, and converting those insights into technical blogs, case studies, and customer reports. She was previously a threat scientist at E8 Security and principal research scientist at RSA, where she led projects analyzing enterprise log data to identify malicious insiders and intrusions. Ting-Fang received her M.S. and Ph.D. degrees in Electrical and Computer Engineering from Carnegie Mellon.