When software developers need to share source code quickly and easily, they turn to pastebins. Since pastebins also allow anonymous posts, it is no wonder that they are exploited to facilitate the sharing of data breach dumps and other content of which the intent is malicious. That is why pastebins are a crucial source of threat intelligence data and a necessary part of any exfiltration-based cyber protection strategy.
How Paste Bins Work
There are a number of pastebins to choose from, but Pastebin.com was the first. Launched in 2002 the site was developed to facilitate the sharing of plain text snippets in a line-oriented medium within Internet Relay Chat (IRC) chat rooms where blocks of computer data interfered with the flow of conversation. Sites like Pastebin.com help promote sharing and collaboration between team members, as well as the wider development community.
Today, while new chat applications have changed the way people chat online from the early days of IRC, pastebins continue to remain useful. In most cases, internet messaging chat programs will insert bogus characters or convert the code. By the time you copy the code from the chat window, you end up with unexecutable, useless code. Pastebins solve those problems.
Pastebins gained significant attention within the security community in late 2014 after the publicized Morgan Stanley data breach. A financial adviser that had been with the firm since 2008 acquired the data for about 10 percent of its 3.5 million wealth management customers, including transactional information. You can guess the punchline: the data wound up for sale on Pastebin.com.
Since the Morgan Stanley breach, pastebins are monitored for threat intelligence information in order to combat a range of attacks including but not limited to:
- Breach Dumps: A hacker can use pastebins to post data that has been exfiltrated from an organization or person. The goal is usually to harm or embarrass the victim. The data can be posted publicly or the attacker could offer the breached data for sale, along with a few samples.
- Accidental Insider Oversharing: Sometimes developers or administrators within an organization, using a pastebin to collaborate with peers, might post revealing and confidential data, such as internal network info, vulnerable scripts and server configurations or even passwords. This information can be valuable for hackers looking to gain entry into those systems.
- Defamation: Pastebins are anonymous and largely unmoderated. This makes them a good place for business rival, unhappy customers or employees to post critical information, regardless of how truth. Pastebins could be used to perpetrate an easy SEO attack by posting harmful information repeatedly to multiple paste bins.
- Attack Preparation: Although attackers are certainly more likely to plan attacks via private channels such as email, IRC, and restricted forums, there is the possibility that information regarding upcoming attacks will find its way to pastebins.
Book a demo to learn more about paste sites including Pastebin, and how to proactively gather data breach intelligence from Internet data sources.