A short tutorial by Authentic8 researchers shows how you can use information found on Pastebin to locate individuals who are offering leaked or stolen data for sale.
What is Pastebin? Pastebin.com has been called the “clipboard of the web.” It’s a place to paste anything - plaintext documents, logs, source code, etc. - for anyone to view.
As useful as Pastebin is for sharing and collaborating online, it also has a dark side. The Register called it “The remote backdoor server for the cheap and lazy.” The service has become infamous as a repository of leaked or stolen databases, Proof of Concept (PoC) exploit code, combo lists, doxing victim dossiers, and credit card numbers - all on sale or even offered for free.
Publishing information on Pastebin requires no login, and it’s been popularized throughout the hacker community through the use of internet relay chat (IRC). While the Pastebin team is serious about removing sensitive information, it has reached its limits. With millions of active pastes, moderating the service has become an overwhelming task.
This means that threat intelligence professionals need to keep an eye on the service. They should know what to do next if and when their employer or client is affected by a data dump on Pastebin. The Authentic8 Flash Report How Pastebin Can Help with Research provides quick hands-on guidance.
For security researchers, Pastebin often serves as the first stop to look for leaked or stolen information or malicious code samples from data breaches or new exploits. The flash report created by the Authentic8 threat intelligence team helps with this task, which has become more difficult since Pastebin removed its search function recently.
Our manual provides a workaround. Threat hunting specialists often have to pick their way through uploaded “showcase” samples with links that promise more. Those links point to anywhere from Torrent sites, like The Pirate Bay, to a variety of darknet .onion marketplaces, where stolen data can be purchased.
Is your team new to Pastebin research and where it may lead you? We recommend following the example of experienced professional threat intelligence researchers in the public and private sectors.
Many use Silo for Research for Pastebin searches and to examine the sites and files they encounter. Web isolation with Silo enables them to prevent malware exposure and attribution, and facilitates team collaboration during their hunt.
Learn how to leverage Pastebin for yours here.