My DokuWiki

User Tools

Site Tools

Trace:
leak_search

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
leak_search [2024/11/27 11:29]
kaduuwikiadmin 		leak_search [2025/05/21 09:38] (current)
kaduuwikiadmin
Line 29: Line 29:
   * Metadata: Additional information about a file or data set that helps to describe, organize, and manage the data more effectively (e.g., time, location, type).   * Metadata: Additional information about a file or data set that helps to describe, organize, and manage the data more effectively (e.g., time, location, type).
  
-==== How up to date is the data? ==== 
  
-The database is updated daily from our analystsWe use different [[how_do_we_find_the_data_in_kaduu|discovery methods]] (manual and automated). +==== How many forums do we cover? ==== 
 + 
 +The Ecosystem of Cybercriminal Forums and Channels 
 +The dark web and deep web contain a complex ecosystem of websites where various types of stolen data are exchanged. These platforms include: 
 + 
 +  * Hacker forums 
 +  * Credit card shops 
 +  * Stealer log markets 
 +  * Document forgery hubs 
 +  * Bank credential resale forums 
 +  * Telegram channels and groups 
 + 
 +These platforms vary in accessibility and intent. Some are public, but most require registration or even invitation. On these platforms, actors either sell or give away data, depending on its freshness, quality, and strategic value. 
 + 
 +**Why Some Data is Free and Others Are Sold** 
 + 
 +  * Free leaks: Often older data, reused credentials, public breaches, or given away to gain reputation. 
 +  * For-sale data: Usually fresh stealer logs, newly acquired credit card dumps, banking credentials, PII, checks, or synthetic identities. 
 + 
 +**Data Types Monitored** 
 +Kaduu focuses on the following categories: 
 + 
 +  * Leaked account credentials (email-password combos) 
 +  * Stealer logs (logins, browser sessions, cookies) 
 +  * Bank logins (online banking access) 
 +  * Credit card data (dumps, fullz) 
 +  * Checks and cash-out materials (US, EU, UK) 
 +  * Fake or stolen documents (passports, IDs, utility bills) 
 +  * Personal Identifiable Information (PII) (name, SSN, address, DOB) 
 + 
 +**Our Coverage as of February 2025** 
 + 
 +Kaduu monitors a broad range of sources across the darknet and deep web. We distinguish between automated crawling and manual investigations by our analyst team: 
 + 
 +  * For well-structured sites such as forums where credit card data is traded, or paste sites, we use automated scrapers that visit these platforms at predefined intervals. This process is fully automated, and the extracted data is stored directly in our database. 
 +  *  
 +  * Our analyst team manually visits a curated list of forums and Telegram channels on a daily basis to identify potential data leaks. After thorough inspection, any relevant findings are manually labeled and uploaded to our system for further analysis. 
 + 
 + 
 +The following statistics provide insight into our infrastructure: 
 + 
 +**1. Forums Specialized in Credit Cards, Accounts, and Checks** 
 + 
 +Total monitored: 154 
 + 
 +  * Require authentication: 151 
 +  * Tor-based (dark web): 64 
 +  * Clearnet (deep web): 90 
 + 
 +These forums are often highly specialized and structured. Our tools focus on extracting listings of items for sale such as credit card batches or fullz packages. 
 + 
 +**2. Hacker Forums** 
 + 
 +  * Total monitored: 303 
 +  * Visited manually daily: 41 
 +  * Crawled daily by tools: 23 
 +  * Occasionally visited: 239 
 + 
 +Manual visits target forums with irregular structures or where members share free leaks. This enables human analysts to filter, extract, and describe valuable data that might otherwise be missed. 
 + 
 +**3. Telegram Channels** 
 + 
 +  * Total monitored: 538 
 +  * Parsed daily by tools: 534 
 +  * Manually checked daily: 4 
 + 
 +Telegram has become a major hub for distributing stealer logs, combo lists, and free leaks. Parsing tools extract relevant messages and attachments. Manual visits focus on groups with obfuscated or irregular data drops. 
 + 
 +**4. Paste Sites** 
 + 
 +  * Total monitored: 34 
 +  * Parsed daily by tools: 34 
 +  * Manually checked daily: 0 
 + 
 +Paste sites are used to exchange information anonymously. We scrape them daily and save the data in our database. 
 + 
 +**Manual vs. Automated Monitoring** 
 + 
 +  * Manual Review: Crucial for detecting free leaks, irregular formats, and human interpretation. Analysts download and inspect content, match it against existing data, and classify it for clients. 
 +  * Automated Scraping: Ideal for structured data listings, especially in well-organized shops. These tools collect sale offers with metadata (e.g., date, price, type of data) and push them into the database for client search and alerting. 
 + 
 +==== How up to date and accurate is the data? ==== 
 + 
 +Our credential database is updated daily by a dedicated team of analysts who actively monitor and extract data from hacker forums, Telegram channels, and various darknet sources. The credentials available in our database search are those that have already been publicly leaked—often because hackers failed to sell them and instead chose to distribute them for free. 
 + 
 +If you are searching for newer, actively traded credentials, you should use our live search or the hacker forum database search on the deep web. These tools provide real-time insights into fresh leaks before they become widely available. 
 + 
 +**Data Accuracy and Duplicate Entries** 
 + 
 +Credential leaks often get repackaged and redistributed in collections and archives, leading to duplicate entries. While our system works to filter out redundancies, users may still encounter repeated data across different breaches. 
 + 
 +Furthermore, due to the age of many datasets, a significant portion of credentials—often exceeding 90%—may no longer be valid. This occurs because: 
 + 
 +  * Users change their passwords after a breach is exposed. 
 +  * Accounts may be deleted or suspended by the service provider. 
 +  * Credentials become obsolete as new security measures are implemented. 
 + 
 +The older the dataset, the higher the probability that the credentials are no longer functional. Since these credentials are publicly available, they are accessible to anyone, diminishing their immediate value to attackers. 
 + 
 +**Why Monitoring is More Important than Retrospective Analysis** 
 + 
 +Rather than relying solely on static historical reports, continuous monitoring of leaked credentials is essential. A one-time report over an extended period is not as effective as ongoing surveillance because: 
 +Even if 99% of leaked credentials are outdated, the remaining 1% of active credentials still pose a security risk. 
 + 
 +Leaked credentials provide critical intelligence beyond just direct access, such as: 
 + 
 +  * Employee usage of third-party services with company accounts (e.g., logging into Netflix or other non-business platforms using corporate credentials). 
 +  * Password patterns that reveal predictable behavior. For example, if a user previously used Summer2024, there's a chance their next password could be Summer2025. 
 +  * Cross-service password reuse, which allows attackers to map out vulnerabilities across multiple platforms. 
 +  * Exposure assessment, measuring how frequently an employee's email appears in different leaks, making them more susceptible to phishing and targeted attacks. 
  
 ===== What is a leak? ===== ===== What is a leak? =====
leak_search.1732703370.txt.gz · Last modified: 2024/11/27 11:29 by kaduuwikiadmin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki