Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

The Pastebin Trend (cont.)

August 17, 2011 - 3 min read
ImageIn June during some of the LulzSec pastes, I published a brief blog post on our sister blog (Scrapbook). In that post, I discussed a spike in Pastebin web transactions due to the LulzSec information drops and other controversial news within the information security community. To get a more precise view of when the spikes occurred, why and the general increase in Pastebin transactions, I wrote a script to automate the process of collecting daily statistics from our web transaction logs to Pastebin. Below are the results.
For Q2 2011 (April 1 - June 30), the a graph of the daily Pastebin usage looks like:

You can see from the trend-line that transactions to Pastebin increase about 200% throughout Q2. This increase has been due in part to some of the recent stories dealing with information being leaked out onto the Internet through Pastebin from LulzSec. However, surprisingly that was not the reason for the largest spike seen thus far - the reason for the significant spike on May 12 occurred due to privacy concerns surrounding Google's social networking site (see below for the link to the Pastebin paste). You can also see the cyclic-nature of the work week, since this traffic is from corporate, enterprise clients (i.e., the 2-day lulls are the weekends). The notable stories corresponding with the spikes seen in the above chart are as follows:
  • May 12-13: Google Social Circles privacy violation
  • June 13-15: LulzSec versus Bethesda & Senate.gov
  • June 20-22: LulzSec (UK Census and Operation Anti-Security) and Dropbox vulnerability disclosure
  • June 27: Dossier on LulzSec / gn0sis
Following Q2, some of the LulzSec activity has settled down, so with the exception of two spikes in July, a slight overall decrease has been seen in recent Pastebin transactions versus Q2. This is what the July 1 to present chart looks like:

There are two prominent spikes during this timeframe:
  • July 1st: Anonymous / Lulz attacks against Arizona law enforcement (link1, link2)
  • July 21st: Anonymous / Lulz statement to FBI and law enforcement (link)
A interesting side note - Pastebin changed it's IP from to on July 2nd - both are SingleHop netblocks (the DNS PTR record for the first IP is to m1221.sgded.com and the second is to s1.jeroenvader.com). The reason for doing this is unclear, perhaps it was an server upgrade.
There were many other Anonymous / Lulz Patebin pastes that occurred in the timeframe of this analysis -- I only listed pastes that were the cause for spikes seen within our customer traffic.
There is no question that the Anonymous / Lulz pastes to Pastebin increase the visits and traffic volume to the site ... driving factors for online revenue. One website revenue analysis site estimates that Pastebin receives about 7.3 million page views a day and has an estimated worth of almost $3 million USD based on this traffic volume. It is certainly interesting to witness this conflict of interest: Pastebin (and yes other web services like Twitter) are being used as popular soap boxes for illegally communicating sensitive / stolen information while at the same time collecting revenue from its related traffic. If Pastebin were to crack down hard on removing this content they would effectively be loosing their biggest cash cow. The Anonymous / Lulz pastes remain live on the Pastebin site -- if interested, here is Pastebin's acceptable use policy. One could argue that with the open avenue of communication that is the web, groups like Anonymous / Lulz would just use a different service or start their own so why bother cracking down, just collect the traffic (revenue) and be happy. Others would argue to do what is "ethically right."
form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.