Determine age, region, source of leaked credentials using RadioCarbon

RadioCarbon is an interesting tool developed by Florian Roth, focused on checking age and origin of a credential leak:

Typically you get leaked credentials in form of list of email addresses or user names, cleartext passwords or password hashes, and you have no idea how relevant they are and who to inform about the leak: for example, usually you don’t have information about the origin of the leaked credential, and these data could be obsolete.

RadioCarbon is based on the fact that the users of a service provides indicators for the origin and the age of the leak by choosing certain passwords or email addresses:

  • Users include the current year in their passwords (e.g. stephan2017, Mercedes17!, pass2016)
  • Users typically don’t include a year in the password that is in the future (e.g. pass2022, website2045)
  • Users include the name of the website/service in their passwords (e.g. website1234, pass4website)
  • Users use one time email addresses for the registration (e.g. [email protected], [email protected])
  • Users can use the “+” character to easily create new email aliases for certain purposes (e.g. [email protected])

Example2

The project is in the first stage of development, and it has some issues:

– If the user field contains a nickname and no email address, the region analysis fails
– If the password field contains a password hash and not a clear text password, the analysis is strongly hindered


More technical information and downloads

https://github.com/Neo23x0/radiocarbon

Comments