A short tutorial by Authentic8 researchers shows how you can use information found on Pastebin to locate individuals who are offering leaked or stolen data for sale.
What is Pastebin? Pastebin.com has been called the “clipboard of the web.” It’s a place to paste anything - plaintext documents, logs, source code, etc. - for anyone to view.
As useful as Pastebin is for sharing and collaborating online, it also has a dark side. The Register called it “The remote backdoor server for the cheap and lazy.” The service has become infamous as a repository of leaked or stolen databases, Proof of Concept (PoC) exploit code, combo lists, doxing victim dossiers, and credit card numbers - all on sale or even offered for free.
Publishing information on Pastebin requires no login, and it’s been popularized throughout the hacker community through the use of internet relay chat (IRC). While the Pastebin team is serious about removing sensitive information, it has reached its limits. With millions of active pastes, moderating the service has become an overwhelming task.
This means that threat intelligence professionals need to keep an eye on the service. They should know what to do next if and when their employer or client is affected by a data dump on Pastebin. The Authentic8 Flash Report How Pastebin Can Help with Research provides quick hands-on guidance.
For security researchers, Pastebin often serves as the first stop to look for leaked or stolen information or malicious code samples from data breaches or new exploits. The flash report created by the Authentic8 threat intelligence team helps with this task, which has become more difficult since Pastebin removed its search function recently.
Our manual provides a workaround. Threat hunting specialists often have to pick their way through uploaded “showcase” samples with links that promise more. Those links point to anywhere from Torrent sites, like The Pirate Bay, to a variety of darknet .onion marketplaces, where stolen data can be purchased.
Is your team new to Pastebin research and where it may lead you? We recommend following the example of experienced professional threat intelligence researchers in the public and private sectors.
Many use Silo for Research for Pastebin searches and to examine the sites and files they encounter. Web isolation with Silo enables them to prevent malware exposure and attribution, and facilitates team collaboration during their hunt.
Learn how to leverage Pastebin for yours here.
Authentic8 Team is a group of cybersecurity enthusiasts, investigation sleuths, top-notch engineers, news junkies, policy wonks and all-around fervent writers hell-bent on bringing you the best darn blog in the industry.
Researchers can use information they find on Pastebin to locate hackers who are offering leaked data for sale
Authentic8 engineers curated a list of the 21 most widely used OSINT research tools for cybersecurity researchers, analysts and other security professionals
Silo for Research (Toolbox) is a secure and anonymous web browsing solution that enables users to conduct research across the open, deep and dark web.
Want to learn more about the Silo Web Isolation Platform? Have a general inquiry about Authentic8? We’d love to chat! Click one of the buttons below to get in touch with our representatives.
