Analisis Kuantitatif Eksploitasi Akun Google Pasca Phishing Berbasis Konsistensi Jaringan
DOI:
https://doi.org/10.36596/jitu.v10i1.2246Keywords:
authentication, ASN, Gmail security, phishing , residential proxy, window of vulnerabilityAbstract
Phishing attacks experienced a significant increase during the COVID-19 pandemic, with over 160,000 phishing domains identified quarterly in 2020. This research analyzes login success using phishing-derived data through residential proxies to identify critical factors affecting attack effectiveness against Google authentication systems. Quantitative methodology with controlled experiments utilized 150 Gmail accounts created specifically for this research, with a maximum of 15 login attempts per account. Results demonstrate a 90.7% success rate (136 of 150 cases), with three dominant factors: IP address accuracy (100% match = 97.8% success rate), tier-1 Malaysia ISP/ASN matching (AS4818 DiGi 92.3%, AS9534 Maxis 91.9%, AS4788 TM 90.3%), and geographic location consistency (Kuala Lumpur 59.3% with 91% success rate). Critical findings reveal systemic vulnerabilities in Google's 7-day old password validity policy, creating a window of vulnerability where 22.1% of attacks succeeded on days 3-6 post-password change. This research contributes to cybersecurity literature by providing a quantitative framework for measuring residential proxy effectiveness in post-phishing exploitation and recommending mandatory 2FA implementation and reduction of old password validity period to maximum 48 hours.
References
A. B. Annef, “ANCAMAN SIBER DI TENGAH PANDEMI COVID-19?: TINJAUAN TERHADAP KEAMANAN NON-TRADISIONAL DAN KEAMANAN SIBER DI INDONESIA,” Sriwijaya Journal of International Relations, vol. 1, no. 1, 2021, doi: 10.47753/sjir.v1i1.3.
W. A. Karunia, A. Fitya Zahra, and Y. Amrozi, “Kajian Ancaman Baru Dalam Keamanan Informasi: Systematic Literature Review Pada Kerentanan Cyber Security Pasca-Pandemi,” 2025.
X. Mi et al., “Resident evil: Understanding residential IP proxy as a dark service,” in Proceedings - IEEE Symposium on Security and Privacy, 2019. doi: 10.1109/SP.2019.00011.
N. S. Zaini et al., “Phishing detection system using machine learning classifiers,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 17, no. 3, 2020, doi: 10.11591/ijeecs.v17.i3.pp1165-1171.
T. Mehraj, M. A. Sheheryar, S. A. Lone, and A. H. Mir, “A critical insight into the identity authentication systems on smartphones,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 13, no. 3, 2019, doi: 10.11591/ijeecs.v13.i3.pp982-989.
M. Guri, E. Shemer, D. Shirtz, and Y. Elovici, “Personal information leakage during password recovery of internet services,” in Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016, 2017. doi: 10.1109/EISIC.2016.035.
G. Mogos and N. S. Mohd Jamail, “Study on security risks of e-banking system,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 21, no. 2, 2020, doi: 10.11591/ijeecs.v21.i2.pp1065-1072.
E. Chiapponi, M. Dacier, and O. Thonnard, “Inside Residential IP Proxies: Lessons Learned from Large Measurement Campaigns,” in Proceedings - 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023, 2023. doi: 10.1109/EuroSPW59978.2023.00062.
M. N. Trisolvena and N. H. Saputra, “Phishing Cyber Security Threats,” Jurnal Improsci, vol. 2, no. 1, pp. 38–48, Aug. 2024, doi: 10.62885/improsci.v2i1.440.
D. Komosny, M. Voznak, and S. U. Rehman, “Location accuracy of commercial IP address geolocation databases,” Information Technology and Control, vol. 46, no. 3, 2017, doi: 10.5755/j01.itc.46.3.14451.
Z. Wang, Y. Niu, H. Chen, G. Cheng, J. Cui, and Z. Zhang, “Target driven IP Geolocation Algorithm,” in Journal of Physics: Conference Series, 2021. doi: 10.1088/1742-6596/1861/1/012002.
D. Firewall et al., “IMPLEMENTASI KEAMANAN HOTSPOT MENGGUNAKAN PROXY,” Jurnal Ilmiah Rekayasa dan Manajemen Sistem Informasi, vol. 8, no. 2, pp. 148–154, 2022.
M. Campobasso and L. Allodi, “Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale,” in Proceedings of the ACM Conference on Computer and Communications Security, 2020. doi: 10.1145/3372297.3417892.
Suci Sekar Sari and Agus Tedyyana, “Analisis Efektivitas Rule Snort dalam Mendeteksi Serangan Jaringan,” Repeater?: Publikasi Teknik Informatika dan Jaringan, vol. 2, no. 4, pp. 01–15, Aug. 2024, doi: 10.62951/repeater.v2i4.194.
M. Nasution, M. Haris Munandar, and E. P. Korespondensi, “JURNAL MEDIA INFORMATIKA [JUMIN] Implementasi Sistem Keamanan Jaringan Menggunakan Firewall dan IDS pada Infrastruktur Jaringan Skala Kecil-Menengah,” 2025.
M. Ali, H. Karimipour, and M. Tariq, “Integration of blockchain and federated learning for Internet of Things: Recent advances and future challenges,” Comput Secur, vol. 108, p. 102355, 2021, doi: https://doi.org/10.1016/j.cose.2021.102355.
S. Hessien and M. Hassan, “PISCOT: A Pipelined Split-Transaction COTS-Coherent Bus for Multi-Core Real-Time Systems,” ACM Transactions on Embedded Computing Systems, vol. 22, no. 1, Oct. 2022, doi: 10.1145/3556975.
A. Sikorski, L. Pavlova, D. Martin, and J. Gil, “Laonice (Sarsiana) sinica Sikorski & Wu 1998,” May 2023, Zenodo. doi: 10.5281/zenodo.7890123.
M. Guri, E. Shemer, D. Shirtz, and Y. Elovici, “Personal Information Leakage During Password Recovery of Internet Services,” in 2016 European Intelligence and Security Informatics Conference (EISIC), 2016, pp. 136–139. doi: 10.1109/EISIC.2016.035.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 JITU : Journal Informatic Technology And Communication
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
1.png)
