Demystifying the underground ecosystem of account registration bots

Yuhao Gao, Guoai Xu, Li Li, Xiapu Luo, Chenyuan Wang, Yulei Sui

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

1 Citation (Scopus)

Abstract

Member services are a core part of most online systems. For example, member services in online social networks and video platforms make it possible to serve users customized content or track their footprint for a recommendation. However, there is a dark side to membership that lurks behind influencer marketing, coupon harvesting, and spreading fake news. All these activities rely heavily on owning masses of fake accounts, and to create new accounts efficiently, malicious registrants use automated registration bots with anti-human verification services that can easily bypass a website’s security strategies.

In this paper, we take the first step toward understanding the underground ecosystem of account registration bots, and in particular, the anti-human verification services they use. From a comprehensive analysis, we determined the three most popular types of anti-human verification services. We then conducted experiments on these services from an attacker’s perspective to verify their effectiveness. The results show that all can easily bypass the security strategies website providers put in place to prevent fake registrations, such as SMS verification, CAPTCHA and IP monitoring. We further estimated the market size of the underground registration ecosystem, placing it at about US $4.8M-128.1 million per year. Our study demonstrates the urgency with which we to think about the effectiveness of our registration security strategies and should prompt us to develop new strategies for better protection.
Original languageEnglish
Title of host publicationProceedings of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)
PublisherACM
Pages897-909
Number of pages1822
ISBN (Electronic)10.1145/3540250
ISBN (Print)9781450394130
Publication statusPublished - 9 Nov 2022
Event29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) - , Singapore
Duration: 14 Nov 202218 Nov 2022
https://2022.esec-fse.org/

Conference

Conference29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)
Country/TerritorySingapore
Period14/11/2218/11/22
Internet address

Fingerprint

Dive into the research topics of 'Demystifying the underground ecosystem of account registration bots'. Together they form a unique fingerprint.

Cite this