Being in Two Places at Once: Proactively Detecting Stolen Credentials

Tuesday, March 31 | 9:30AM–10:20AM | Room 555
Session Type: Professional Development
Most of us dread learning about compromised accounts after the fact. But, what if you could find stolen credentials more proactively? With a little math (already programmed) and free geolocation data, your access logs, containing IPs and user information, can be used to determine the feasibility of logins from two different geographic locations within a specified period. This session will demonstrate how a "great circle" math function, typically reserved for navigation, can be employed, where to find geolocation data, and a sample deployment. Although detection will vastly improve, potential false positive scenarios (e.g., helicopter parents) will be described.

OUTCOMES: Learn ways to proactively detect compromised accounts using Haversine and IP-based geolocation data * Understand how the Haversine function can be used with geolocation data without "hard" math * Find free IP-based geolocation data sources


  • Nick Hannon

    Sr. Information Security Architect, Swarthmore College

Resources & Downloads