Raspberry Pi bot tracks hacker posts to vacuum up passwords and more
Password and credit-card details leak online every day. So no one really knows just how much personally identifiable information is available by clicking on the right link to Pastebin, Pastie, or similar sites. Using a platform that runs on the hobbyist Raspberry Pi platform to drink from this fire hose, a security researcher has cataloged more than 3,000 such posts in less than three months while adding scores more each week.
Dumpmon, as the project is called, is a bot that monitors Twitter messages for Web links containing account credentials, sensitive account information, and other "interesting" content. Since its debut on April 3, it has captured more than 3,300 records containing 1.1 million addresses, most of which are accompanied by the plaintext or cryptographic hash of an associated password. The project has also unearthed social security and driver license numbers, credit card data, and other information that could be used to hijack user accounts or commit identity theft. On average, Dumpmon collects 51 such posts each day.