Bot "Tweet" which extracts passwords etc. from posts of text sharing site and tweets "Dump Monitor"


ByLorraine Murphy

PastieYaPastebinText sharing service such as Internet clipboard is very convenient that you can share with anyone if you paste text with copy and paste and upload it,Internet Relay Chat(IRC) as a placeanonymousYaLulzsecWe are also using it. However, it seems that there is a case that a user with low alertness uploads text including personal information, or posts personal information obtained by a hacker cracking. A terrible bot that picks up only text including such personal information, extracts mail address, password, etc. and publishes it to the whole world with Twitter "Dump Monitor"is.

RaiderSec: Introducing dumpmon: A Twitter - bot that Monitors Paste - Sites for Account / Database Dumps and Other Interesting Content
http://raidersec.blogspot.jp/2013/03/introducing-dumpmon-twitter-bot-that.html

Dump Monitor (dumpmon)
https://twitter.com/dumpmon

Dump Monitor is Pastie · Pastebin ·SlexyAccount name · database posted to, Google's API key, Cisco configuration key,Honey potText containing logsRegular expressionIt seems that it seems to be a mechanism to search and extract matches and tweet them.


The tweet of Dump Monitor is displayed as follows. Clicking the pasted link for each tweet ......


A terrible thing listing email addresses and passwords was displayed.


Here, user name, password, name, and e-mail address are displayed from the left. Dump Monitor seems to have tweeted the text pasted on the text sharing site as it is because the item name is in Spanish notation instead of English.


In the text below, the URL and the login name and password for logging in to each site are fully visible.


Not only login information, Google API key was also tweeted.


It seems that the Cisco configuration key also leaks, and the traffic information is slurred.


The Dump Monitor has been updated in real time and tweets containing personal information every five minutes. Even though it is troublesome to memorize e-mail addresses and passwords, it's better to stop saving them on a text sharing site unpublished.

in Web Service, Posted by darkhorse_log