Hives and Honeypots: Understanding Malicious Activity In Online Accounts

3MT presented at the 2017 Defence and Security Doctoral Symposium.Account credentials are attractive to cybercriminals who often seek ways to monetise the valuable and sensitive data in online accounts that such credentials guard. However, it is unclear what exactly cybercriminals do with compromised accounts after gaining access. To protect users, it is important for researchers and law enforcement agencies to understand the modus operandi of these criminals. To this end, my research focuses on understanding how cybercriminals compromise and abuse online accounts, with a view to providing insights that will be useful in the development of mitigation techniques. I have developed an open-source infrastructure that is capable of monitoring the activity of cybercriminals that connect to webmail accounts. Similarly, I have studied what happens to compromised documents in the cloud. During the 3MT presentation, I plan to present an overview of my work so far, and also provide a brief glimpse into what comes next.