Welcome to securityCRUSH

Welcome to the securityCRUSH blog, a place where you can find random musings as well as postings relevant to information security, penetration testing, and my latest projects - Daniel Wood.

Friday, November 8, 2013

Adobe Data Mining and Ethics

Several days ago I released a script to aid security researchers and organizations in identifying if their account(s) were in the recent Adobe account database leak.  I had originally aided several organizations in identifying more accounts they had not known about and figured others could use this as well on their own.

Adobe sent out notifications to potentially compromised accounts, however, since they originally stated the number of accounts were roughly 2.9 million, and now we know the potential amount of accounts are closer to 150 million (minus dupes, fakes, etc); I figured having an independent way of verifying is probably a good idea.

This script will parse through the original leaked database file within users.tar.gz, which uncompressed is approximately 9GB in size for user supplied TLD's.  I have included a sample domains.txt as well as roughly the Top 500 (U.S.) sites from Alexa, as of October 6, 2013.  These text files are for mass data mining, however, you can trim them down to only your organization's owned domains or however else you would like to use them.

I've received several questions from individuals concerned stating that a script like this could be used for both good and nefarious purposes.  This is true with any tool; it all depends on the purpose and motivation of the user.  The leaked database is already floating around on publicly available forums, chat rooms, and twitter - so that danger is not just limited to scripts like these.  The information that can be mined from this database leak could allow security researchers to obtain better name, username, and password lists to aid in password auditing or conducting phishing exercises (all legally authorized); or could allow potentially malicious actors to conduct the same types of audits and 'attacks'.  Again, it's all based upon the motivations of the user.

Hopefully, those within the infosec community will find it useful and even tweak it to their own needs.  It's meant to be a starting point and not a finished product.  Over time I will bake more features in it, however, I won't be adding needless features just to bloat it.

UPDATE:  Several developers and researchers have adapted my code and idea for their own projects to provide these types of services to users as well.  Great!

Daniel Wood