3,062 research outputs found
Characterizing Key Stakeholders in an Online Black-Hat Marketplace
Over the past few years, many black-hat marketplaces have emerged that
facilitate access to reputation manipulation services such as fake Facebook
likes, fraudulent search engine optimization (SEO), or bogus Amazon reviews. In
order to deploy effective technical and legal countermeasures, it is important
to understand how these black-hat marketplaces operate, shedding light on the
services they offer, who is selling, who is buying, what are they buying, who
is more successful, why are they successful, etc. Toward this goal, in this
paper, we present a detailed micro-economic analysis of a popular online
black-hat marketplace, namely, SEOClerks.com. As the site provides
non-anonymized transaction information, we set to analyze selling and buying
behavior of individual users, propose a strategy to identify key users, and
study their tactics as compared to other (non-key) users. We find that key
users: (1) are mostly located in Asian countries, (2) are focused more on
selling black-hat SEO services, (3) tend to list more lower priced services,
and (4) sometimes buy services from other sellers and then sell at higher
prices. Finally, we discuss the implications of our analysis with respect to
devising effective economic and legal intervention strategies against
marketplace operators and key users.Comment: 12th IEEE/APWG Symposium on Electronic Crime Research (eCrime 2017
All Your Cards Are Belong To Us: Understanding Online Carding Forums
Underground online forums are platforms that enable trades of illicit
services and stolen goods. Carding forums, in particular, are known for being
focused on trading financial information. However, little evidence exists about
the sellers that are present on carding forums, the precise types of products
they advertise, and the prices buyers pay. Existing literature mainly focuses
on the organisation and structure of the forums. Furthermore, studies on
carding forums are usually based on literature review, expert interviews, or
data from forums that have already been shut down. This paper provides
first-of-its-kind empirical evidence on active forums where stolen financial
data is traded. We monitored 5 out of 25 discovered forums, collected posts
from the forums over a three-month period, and analysed them quantitatively and
qualitatively. We focused our analyses on products, prices, seller prolificacy,
seller specialisation, and seller reputation
Malware and Exploits on the Dark Web
In recent years, the darknet has become the key location for the distribution
of malware and exploits. We have seen scenarios where software vulnerabilities
have been disclosed by vendors and shortly after, operational exploits are
available on darknet forums and marketplaces. Many marketplace vendors offer
zero-day exploits that have not yet been discovered or disclosed. This trend
has led to security companies offering darknet analysis services to detect new
exploits and malware, providing proactive threat intelligence. This paper
presents information on the scale of malware distribution, the trends of
malware types offered, the methods for discovering new exploits and the
effectiveness of darknet analysis in detecting malware at the earliest possible
stage.Comment: 5 pages, 0 figure
Gas Monitor: Developments in the Wholesale Gas Market in the Netherlands in 2006
The present situation in the wholesale gas market calls for measures aimed at enhancing competition. Our annual monitoring report into the functioning of the gas market identifies a number of serious problems that impede competition in the wholesale market. Market parties have indicated a lack of available import capacity, storage capacity and quality conversion capacity, though facilities are not always optimally utilised. The report’s findings confirm the necessity of the action plan which was presented by the NMa/ DTe to the Minister of Economic Affairs in early October this year. Improvement is required for the rules of play and the level of transparency in the gas market. It is also necessary to pursue further integration into North-West Europe.Monitoring,gas, competition, infrastructure
Economic Factors of Vulnerability Trade and Exploitation
Cybercrime markets support the development and diffusion of new attack
technologies, vulnerability exploits, and malware. Whereas the revenue streams
of cyber attackers have been studied multiple times in the literature, no
quantitative account currently exists on the economics of attack acquisition
and deployment. Yet, this understanding is critical to characterize the
production of (traded) exploits, the economy that drives it, and its effects on
the overall attack scenario. In this paper we provide an empirical
investigation of the economics of vulnerability exploitation, and the effects
of market factors on likelihood of exploit. Our data is collected
first-handedly from a prominent Russian cybercrime market where the trading of
the most active attack tools reported by the security industry happens. Our
findings reveal that exploits in the underground are priced similarly or above
vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle
of exploits is slower than currently often assumed. On the other hand,
cybercriminals are becoming faster at introducing selected vulnerabilities, and
the market is in clear expansion both in terms of players, traded exploits, and
exploit pricing. We then evaluate the effects of these market variables on
likelihood of attack realization, and find strong evidence of the correlation
between market activity and exploit deployment. We discuss implications on
vulnerability metrics, economics, and exploit measurement.Comment: 17 pages, 11 figures, 14 table
Police Ransomware - Threat Assessment
Over the past two years, European Union (EU) Member States (MS) have been confronted with a significant proliferation of police ransomware cases. Experts from both law enforcement and the private sector agree that prevention and raising awareness can only work in conjunction with investigations targeting the criminals behind the fraud. Furthermore, even if police ransomware in its current form might naturally fade out in the future, it is likely that an evolution of this modus operandi driven by the same or different perpetrators will take place. That is why it is important that measures against police ransomware and similar modi operandi are implemented in a coordinated, complementary and comprehensive manner.
This assessment is the result of a common initiative of the European Cybercrime Centre (EC3) and the Dutch National High Tech Crime Unit (NHTCU). Its aim is to increase awareness of ransomware by providing an EU perspective on the problem and to identify opportunities for intervention and coordination. The assessment encourages better coordination and cooperation between MS law enforcement agencies from the early stages of cybercrime investigations and acknowledges once more the importance of partnering with private industry.
This threat assessment relies on open source information, research papers on ransomware and semi-structured interviews with cybercrime investigators
Dynamics of Dark Web Financial Marketplaces: An Exploratory Study of Underground Fraud and Scam Business
The number of Dark Web financial marketplaces where Dark Web users and sellers actively trade illegal goods and services anonymously has been growing exponentially in recent years. The Dark Web has expanded illegal activities via selling various illicit products, from hacked credit cards to stolen crypto accounts. This study aims to delineate the characteristics of the Dark Web financial market and its scams. Data were derived from leading Dark Web financial websites, including Hidden Wiki, Onion List, and Dark Web Wiki, using Dark Web search engines. The study combines statistical analysis with thematic analysis of Dark Web content. Offering promotions and customer services with the payment methods of cryptocurrencies were prevalent, similar to the Surface Web\u27s e-commerce market. The findings suggest that the Dark Web financial market is likely to harbor scams targeting Dark Web buyers. Dark Web sellers construct a website to sell scam products and recommend purchasing Escrow services to ensure safe transactions as an additional scam. The results from this study provided empirical support for the components of the routine activity theory of the Dark Web financial market to substantiate a more comprehensive view of patterns of fraud/ scams. Enhancing law enforcement capabilities of investigating financial marketplaces and promoting public awareness and consumer safety programs are discussed as effective preventive measures
- …