Worried that your organization might be the victim of a targeted attack or data breach? The proof may be right out in the open: posted for the world to see on Pastebin.com, LodgeIT, Pastie.org and other sites according to security expert Lenny Zeltser.
Writing on his blog, Zeltser said that companies interested in getting intelligence on attempts to hack their network should start paying visits to public file sharing sites like Pastebin.com, which has become the dumping ground of choice for ideologically motivated hacking crews like Anonymous and Lulzsec.
“Keeping an eye on these websites can help identify a breach related to you organization…They can also help during the reconnaissance phase of a penetration testing project, allowing the assessor to collect sensitive information about the target for follow-up attacks,” Zeltser writes on his blog.
What kinds of information should you look for? Zeltser says that, in addition to stolen credit card numbers and personally identifiable information (PII), file sharing sites can also hold snippets of stolen source code, configuration details of network devices as well as information on employees that might be used in social engineering attacks.
Staff or external penetration testers would do well to make the sites part of their standard investigation routine, Zeltser said.
Pastebin.com is one of the largest file sharing sites and was originally created as a resource for developers to share code and collaborate on projects. Its become much more: a virtual abandoned lot in which hackers deposit proof of their exploits, including stolen e-mail, user names and passwords and even source code. Lulzsec has famously used the site to post information that embarrasses those they target and was also the venue of choice for those responsible for the hack of certificate authority Comodo. However, Pastebin is just one file sharing site. Analysis of various file sharing sites by researcher Silas Cutler has found that different archives harbor different kinds of illicit data. Pastebay, for example, is often used by the group Anonymous and contains reams of IRC chats, personal information dumps and the like.