Reaper: An Automated, Scalable Solution For Mass Credential Harvesting And Osint

Releases of usernames and passwords, referred to as credential dumps, have become an increasingly popular shared resource over the past decade, especially within underground communities. The sharing of compromised credentials by cyber-criminals is done in order to demonstrate technical capability, increase reputation, and to augment one's legitimacy within criminal communities. There has been minimal research demonstrating standardized methods for identifying the distribution of credential dumps or the origin(s) of where a dump first surfaced. There has also been a lack of research related to the open source intelligence that can be obtained through tracing the distribution of dumps across the Internet. This research presents a method called REAPER which demonstrates how to leverage unique data points within credential dumps to identify its distribution, while also providing an in-depth look into the intelligence that can be gained by observing the criminal activities associated with the credentials dumped.