Demystifying the Underground Ecosystem of Account Registration Bots
Member services are a core part of most online systems. For example, member services in online social networks and video platforms make it possible to serve users customized content or track their footprint for a recommendation. However, there is a dark side to membership that lurks behind influencer marketing, coupon harvesting, and spreading fake news. All these activities rely heavily on owning masses of fake accounts, and to create new accounts efficiently, malicious registrants use automated registration bots with anti-human verification services that can easily bypass a website’s security strategies.
In this paper, we take the first step toward understanding the underground ecosystem of account registration bots, and in particular, the anti-human verification services they use. From a comprehensive analysis, we determined the three most popular types of anti-human verification services. We then conducted experiments on these services from an attacker’s perspective to verify their effectiveness. The results show that all can easily bypass the security strategies website providers put in place to prevent fake registrations, such as SMS verification, CAPTCHA and IP monitoring. We further estimated the market size of the underground registration ecosystem, placing it at about US $4.8M-128.1 million per year. Our study demonstrates the urgency with which we to think about the effectiveness of our registration security strategies and should prompt us to develop new strategies for better protection.
Wed 16 NovDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
14:00 - 15:30 | DependabilityIndustry Paper / Research Papers at SRC LT 51 Chair(s): Tao Yue Simula Research Laboratory | ||
14:00 15mTalk | Unite: An Adapter for Transforming Analysis Tools to Web Services via OSLC Industry Paper Ondřej Vašíček Brno University of Technology; Honeywell International, Jan Fiedor Brno University of Technology; Honeywell International, Tomáš Kratochvíla Honeywell International, Bohuslav Křena Brno University of Technology, Aleš Smrčka Brno University of Technology, Tomáš Vojnar Brno University of Technology DOI | ||
14:15 15mTalk | Discovering Feature Flag Interdependencies in Microsoft Office Industry Paper Michael Schröder TU Wien, Katja Kevic Microsoft, Dan Gopstein Microsoft, Brendan Murphy Microsoft, Jennifer Beckmann Microsoft DOI Pre-print Media Attached | ||
14:30 15mTalk | Demystifying the Underground Ecosystem of Account Registration Bots Research Papers Yuhao Gao University of Technology Sydney; Beijing University of Posts and Telecommunications, Guoai Xu Harbin Institute of Technology; Beijing University of Posts and Telecommunications, Li Li Monash University, Xiapu Luo Hong Kong Polytechnic University, Chenyu Wang Beijing University of Posts and Telecommunications, Yulei Sui University of New South Wales DOI | ||
14:45 15mResearch paper | Quantitative Relational Modelling with QAlloy Research Papers Pedro Silva University of Minho; INESC TEC, Jose Nuno Oliveira University of Minho; INESC TEC, Nuno Macedo University of Porto; INESC TEC, Alcino Cunha University of Minho; INESC TEC DOI Pre-print | ||
15:00 15mTalk | Using Graph Neural Networks for Program Termination Research Papers DOI | ||