Abstract
Underground forums contain many thousands of active users, but the vast majority will be involved, at most, in minor levels of deviance. The number who engage in serious criminal activity is small. That being said, underground forums have played a significant role in several recent high-profile cybercrime activities. In this work we apply data science approaches to understand criminal pathways and characterize key actors related to illegal activity in one of the largest and longest-running underground forums. We combine the results of a logistic regression model with k-means clustering and social network analysis, verifying the findings using topic analysis. We identify variables relating to forum activity that predict the likelihood a user will become an actor of interest to law enforcement, and would therefore benefit the most from intervention. This work provides the first step towards identifying ways to deter the involvement of young people away from a career in cybercrime.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
We refer to a whole website as a forum, on which pages are set aside for discussion of defined topics in boards, with users participating in conversation threads via individual posts.
- 3.
For the sake of visualization, the figure only shows the key actors and their five closest repliers and replied neighbours (filled in green).
- 4.
The administrator is a well known actor in Hackforums.
- 5.
These thresholds were chosen after exploratory experimentation with the dataset and manually inspecting the results.
- 6.
References
Afroz, S., Garg, V., McCoy, D., Greenstadt, R.: Honor among thieves: a common’s analysis of cybercrime economies. In: eCrime Researchers Summit, pp. 1–11. IEEE (2013)
Allodi, L.: Economic factors of vulnerability trade and exploitation. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1483–1499. ACM (2017)
Anderson, R., et al.: Measuring the cost of cybercrime. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 265–300. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_12
Antonakakis, M., et al.: Understanding the Mirai Botnet. In: Proceedings of the 26th USENIX Security Symposium, Vancouver, BC, pp. 1093–1110 (2017)
Blei, D.M., Ng, A.Y., Jordan, M.I.: Latent dirichlet allocation. J. Mach. Learn. Res. 3(Jan), 993–1022 (2003)
Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: the commoditization of malware distribution. In: Proceedings of the 20th USENIX Security Symposium, Berkeley, CA, USA, p. 13 (2011)
Caines, A., Pastrana, S., Hutchings, A., Buttery, P.: Automatically identifying the function and intent of posts in underground forums. (in submission)
Chang, W., Wang, A., Mohaisen, A., Chen, S.: Characterizing botnets-as-a-service. ACM SIGCOMM Comput. Commun. Rev. 44(4), 585–586 (2014)
Field, A.: Discovering Statistics Using SPSS, 2nd edn. SAGE Publications, London (2005)
Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of Internet miscreants. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2007)
Garg, V., Afroz, S., Overdorf, R., Greenstadt, R.: Computer-supported cooperative crime. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 32–43. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_3
Holt, T.J.: Subcultural evolution? Examining the influence of on- and off-line experiences on deviant subcultures. Deviant Behav. 28(2), 171–198 (2007)
Hutchings, A.: Cybercrime trajectories: an integrated theory of initiation, maintenance, and desistance. In: Crime Online: Correlates, Causes, and Context, pp. 117–140. Carolina Academic Press (2016)
Hutchings, A., Clayton, R.: Exploring the provision of online booter services. Deviant Behav. 37(10), 1163–1178 (2016)
Hutchings, A., Holt, T.J.: A crime script analysis of the online stolen data market. Br. J. Criminol. 55(3), 596–614 (2015)
Karami, M., McCoy, D.: Rent to PWN: analyzing commodity booter DDoS services. Usenix Login 38, 20–23 (2013)
Lloyd, S.: Least squares quantization in PCM. IEEE Trans. Inf. Theory 28(2), 129–137 (1982)
Lusthaus, J., Varese, F.: Offline and local: the hidden face of cybercrime. Polic.: J. Policy Pract. 1–11 (2017). advanced access
Macdonald, M., Frank, R., Mei, J., Monk, B.: Identifying digital threats in a hacker web forum. In: International Conference on Advances in Social Networks Analysis and Mining, pp. 926–933. IEEE/ACM (2015)
Marcus, M.P., Marcinkiewicz, M.A., Santorini, B.: Building a large annotated corpus of English: the penn treebank. Comput. Linguist. 19(2), 313–330 (1993)
McMillen, D., Alvarez, M.: Mirai IoT botnet: mining for bitcoins? IBM Security Intelligence (2017). https://perma.cc/SK2R-C3H7
Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G.M.: An analysis of underground forums. In: Proceedings of the ACM SIGCOMM Conference on Internet Measurement Conference, pp. 71–80 (2011)
National Crime Agency: Pathways into cyber crime (2017). https://perma.cc/897P-GZ3R
Noroozian, A., Korczyński, M., Gañan, C.H., Makita, D., Yoshioka, K., van Eeten, M.: Who gets the boot? Analyzing victimization by DDoS-as-a-service. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 368–389 (2016)
Nunes, E., et al.: Darknet and deepnet mining for proactive cybersecurity threat intelligence. In: Conference on Intelligence and Security Informatics (ISI), pp. 7–12. IEEE (2016)
Overdorf, R., Troncoso, C., Greenstadt, R., McCoy, D.: Under the underground: predicting private interactions in underground forums. arXiv preprint arXiv:1805.04494 (2018)
Pastrana, S., Thomas, D.R., Hutchings, A., Clayton, R.: CrimeBB: enabling cybercrime research on underground forums at scale. In: Proceedings of The Web Conference (WWW). ACM (2018)
Portnoff, R.S., et al.: Tools for automated analysis of cybercriminal markets. In: Proceedings of 26th International World Wide Web conference (2017)
Samtani, S., Chinn, R., Chen, H.: Exploring hacker assets in underground forums. In: International Conference on Intelligence and Security Informatics (ISI), pp. 31–36. IEEE (2015)
Sood, A.K., Enbody, R.J.: Crimeware-as-a-service: a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Prot. 6(1), 28–38 (2013)
Soska, K., Christin, N.: Measuring the longitudinal evolution of the online anonymous marketplace ecosystem. In: Proceedings of the 24th USENIX Security Symposium (2015)
Spärck-Jones, K.: A statistical interpretation of term specificity and its application in retrieval. J. Doc. 28, 11–21 (1972)
Sutherland, E.H.: White Collar Crime: The Uncut Version. Yale University Press, New Haven (1949)
Thomas, D.R., Clayton, R., Beresford, A.R.: 1000 days of UDP amplification DDoS attacks. In: APWG Symposium on Electronic Crime Research (eCrime). IEEE (2017). https://doi.org/10.1109/ECRIME.2017.7945057
Thorndike, R.L.: Who belongs in the family? Psychometrika 18(4), 267–276 (1953)
Valeros, V.: A study of RATs: third timeline iteration (2018). https://perma.cc/REB5-JFNR
Vold, G.B., Bernard, T.J., Snipes, J.B.: Theoretical Criminology, 5th edn. Oxford University Press, Inc., New York (2002)
Zhang, X., Tsang, A., Yue, W.T., Chau, M.: The classification of hackers by knowledge exchange behaviors. Inf. Syst. Front. 17, 1–13 (2015)
Acknowledgements
We thank the anonymous reviewers for their insightful comments. We also thank our colleagues from the Cambridge Cybercrime Centre for access to the CrimeBB dataset and their invaluable feedback, and Flashpoint, for assistance relating to actors of interest. This work was supported by The Alan Turing Institute’s Defence and Security Programme [grant DS/SDS/1718/4]; and the UK Engineering and Physical Sciences Research Council (EPSRC) [grant EP/M020320/1].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Pastrana, S., Hutchings, A., Caines, A., Buttery, P. (2018). Characterizing Eve: Analysing Cybercrime Actors in a Large Underground Forum. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2018. Lecture Notes in Computer Science(), vol 11050. Springer, Cham. https://doi.org/10.1007/978-3-030-00470-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-00470-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00469-9
Online ISBN: 978-3-030-00470-5
eBook Packages: Computer ScienceComputer Science (R0)