惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Visual Studio Blog
C
Cisco Blogs
Help Net Security
Help Net Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
M
MIT News - Artificial intelligence
L
LINUX DO - 热门话题
I
InfoQ
GbyAI
GbyAI
NISL@THU
NISL@THU
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Engineering at Meta
Engineering at Meta
H
Hackread – Cybersecurity News, Data Breaches, AI and More
TaoSecurity Blog
TaoSecurity Blog
Simon Willison's Weblog
Simon Willison's Weblog
A
About on SuperTechFans
Spread Privacy
Spread Privacy
月光博客
月光博客
W
WeLiveSecurity
AWS News Blog
AWS News Blog
云风的 BLOG
云风的 BLOG
有赞技术团队
有赞技术团队
Security Latest
Security Latest
人人都是产品经理
人人都是产品经理
PCI Perspectives
PCI Perspectives
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Microsoft Azure Blog
Microsoft Azure Blog
Hugging Face - Blog
Hugging Face - Blog
S
SegmentFault 最新的问题
T
Troy Hunt's Blog
Martin Fowler
Martin Fowler
The Hacker News
The Hacker News
T
Tor Project blog
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
Stack Overflow Blog
Stack Overflow Blog
K
Kaspersky official blog
Cloudbric
Cloudbric
H
Help Net Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tailwind CSS Blog
D
DataBreaches.Net
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Tenable Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
博客园 - Franky
L
LINUX DO - 最新话题
MyScale Blog
MyScale Blog

University of Cambridge - Cybersecurity

Price of a bot army revealed across hundreds of online platforms AI art protection tools still leave creators at risk, researchers say Whistleblowing tech based on Cambridge research launched by the Guardian Researchers demonstrate the UK’s first long-distance ultra-secure communication over a quantum network Building business partnerships Architecting the future Lockdown 'helps fuel rise in cybercrime' Prevention better than cure at keeping young users from getting involved in cybercrime Most laptops vulnerable to attack via peripheral devices, say researchers
Honour among thieves: the study of a cybercrime marketplace in action
Anonymous · 2020-11-07 · via University of Cambridge - Cybersecurity

Researchers at the Cambridge Cybercrime Centre have revealed what they’ve learned from analysing hundreds of thousands of illicit trades that took place in an underground cybercrime forum over the last two years.

Having seen a large rise in illegal transactions during the first national lockdown last spring, the researchers warned that the second lockdown is likely to result in another surge in cybercrime activities. But they also offer insights on how such activity can be disrupted.

The researchers have been collecting the data on illicit trades from HackForums – the world’s largest and most popular online cybercrime community. Two years ago, it set up a market where contracts had to be logged for all transactions as an attempt to protect members of the community from scamming and frauds.

The contract system was introduced in 2018, and then made mandatory in spring 2019, for all market users. It logged all the illicit buying and selling of – among other things – malicious software (malware), currencies including Bitcoin and gift vouchers, eWhoring ‘packs’ (e.g. of photos and videos with sexual content), hacking tutorials and tools that allow users illegally to access or control remote servers.   

Ironically, HackForums had introduced the contract logging system in response to its members’ concerns that trades were being abused and they were being scammed. But in doing so, it unwittingly lifted the lid on the way such underground markets operate.

The data the contract logging generated has been collected by researchers here. And after analysing it and using statistical modelling approaches, the researchers have been able to shed important new light on the way a cybercrime market operates, hopefully to the benefit of the security community.

The researchers watched the market initially function as a forum where many individual users conducted one-off transactions. Then it changed. As the contract system became mandatory, within a few months, the market was becoming concentrated around a small group of ‘power-users’ offering goods and services that were attractive to many.

“This small group of users – representing about 5 per cent of all users – are involved in around 70 per cent of all the transactions,” said Anh Vu, a research assistant in the Cambridge Cybercrime Centre and co-author of the paper the Centre has just produced, Turning Up the Dial: the Evolution of a Cybercrime Market through Set-up, Stable, and Covid-19 Eras’ .

And then came the global declaration of the coronavirus pandemic in March 2020. The research team saw the virus and the resulting lockdowns that were introduced significantly “turn up the dial” on the number of market transactions.

“There was a big rise in transactions in what we call the ‘Covid-19 era’,” said Anh. “Looking at the discussion forums, we could see that a period of mass boredom and economic change – when presumably some members were not able to go to school and others had lost their jobs – really stimulated the market.

“Members needed to make money online and they had a lot of time on their hands, and so we saw a rise in trading activity. We expect to see another rise during the second lockdown, but we don’t think it will be as large as during the first.”

The increase in business during the pandemic also meant that contracts for transactions were concluded much faster. Where in the early months of the market, the completion time for contracts was around 70 hours, during the pandemic it dropped to less than 10 hours.

Online underground forums like HackForums are communities used for trading in illicit material and sharing knowledge. The forums support a plethora of cybercrimes, allowing members to learn about and engage in criminal activities such as trading virtual items obtained by illicit means, launching denial of service attacks, or obtaining and using malware. They facilitate a variety of illicit businesses aiming at making easy money.

The Cambridge Cybercrime Centre researchers have done some previous work looking at underground forums. “But this is the first dataset we are aware of that provides insights about the contracts made in these forums,” says Anh. Previously, while traders might meet online in a forum, they would likely trade offline via private messaging. But the introduction of the contract system means all trades are now logged – and can therefore be tracked.

Using the data, the researchers looked at a variety of trading activities taking place in the market. The largest activities were currency exchanges and payments – for example, exchanging Bitcoin (a very popular currency in illicit trading because people believe that it leaves no trace) for PayPal funds.

This activity was followed by trades in gift cards (including Amazon gift cards) and software licences. “When you install a software package like Windows,” Anh said. “You have to input a key to activate it. People often buy software keys illegally in a market like this because it is cheaper for them than purchasing it officially from Microsoft – and sometimes they can obtain it for free in exchange for other items.”

Other products and services they found being traded in the underground market were hacking tutorials, remote access tools and eWhoring materials – photos and videos with sexual content that are sold to a third party, who pays for them believing that they are paying for an online sexual encounter.

They used several methods to try and estimate the values of trades taking place via HackForums and concluded that taking both public and private transactions into account and extrapolating by each contract type, the lower bound total of trades was in excess of $6 million.

What the researchers learned about the operation of an underground cybercrime market is valuable, they believe, to the security community. The logging of contracts when goods were traded has allowed users to build up a form of trust and reputation and this in turn led to the rise of the ‘power-users’ in the market.

“And now we know a small group of power-users are responsible for a large number of transactions, it would make sense to focus interventions on them,” Anh said. “As that will have a much bigger impact than going after a large number of individuals.”

In their paper they suggest interventions to undermine the perceived reputations and trustworthiness of the big players – for example by posting false negative reviews of them and using other methods, known as Sybil attacks, that disrupt the market’s reputation systems.

And the researchers are continuing to watch the market. “We’re interested to know how the marketplace evolves during this second lockdown and afterwards,” said Anh. “And will be looking to see whether any new trading activities emerge.”

Reference: 
Turning Up the Dial: the Evolution of a Cybercrime Market through Set-up, Stable, and Covid-19 Eras’ was presented at a seminar series of the 2020 Internet Measurement Conference. It was also presented at the Workshop on Security and Human Behaviour taking place on Thursday 5 November 2020.