University of Miami School of Business Administration
Whether it happens through malware or through phishing, loss of one's online identity is a real and present danger. While many attackers seek credentials to realize financial gain, an analysis of the compromised accounts at their own institutions reveals that perpetrators often steal university credentials to gain free and unfettered access to information. This nontraditional motivation for credential theft puts a special burden on the academic institutions that provide these accounts. In this paper, the authors describe the design, implementation, and evaluation of a system for safeguarding academic accounts and resources called the University Credential Abuse Auditing System (UCAAS).