Towards Designing a Multipurpose Cybercrime Intelligence Framework

With the wide spread of the Internet and the increasing popularity of social networks that provide prompt and ease of communication, several criminal and radical groups have adopted it as a medium of operation. Existing literature in the area of cybercrime intelligence focuses on several research questions and adopts multiple methods using techniques such as social network analysis to address them. In this paper, we study the broad state-of-the-art research in cybercrime intelligence in order to identify existing research gaps. Our core aim is designing and developing a multipurpose framework that is able to fill these gaps using a wide range of techniques. We present an outline of a framework designed to aid law enforcement in detecting, analysing and making sense out of cybercrime data

A systematic survey of online data mining technology intended for law enforcement

As an increasing amount of crime takes on a digital aspect, law enforcement bodies must tackle an online environment generating huge volumes of data. With manual inspections becoming increasingly infeasible, law enforcement bodies are optimising online investigations through data-mining technologies. Such technologies must be well designed and rigorously grounded, yet no survey of the online data-mining literature exists which examines their techniques, applications and rigour. This article remedies this gap through a systematic mapping study describing online data-mining literature which visibly targets law enforcement applications, using evidence-based practices in survey making to produce a replicable analysis which can be methodologically examined for deficiencies

Exploring Online Fraudsters’ Decision-Making Processes

A growing body of evidence suggests the situational context influences the social engineer (SE) characteristics and tactics offenders (i.e., fraudsters) deploy during the development of an online fraud event. Several attempts have been made to examine online the macro-social development of an online fraud event. Nevertheless, macro-level social examinations have been largely unsuccessful in combating online fraud because offenders and victims, including offender victims, are not computers; therefore, offenders’ interactions, motives, and tactics are very difficult to surmise. To address online fraud, three independent studies were conducted to explore what is known about online fraudsters and investigate what is not accounted. Specifically, a scoping review of offenders SE characteristics and tactics is conducted. In addition, two empirical investigations examining linguistic cues used by offender and offender victims are conducted. for that present day literature or governmental reports do not address. Together, these studies examine the influence of the situational context on offenders’ decision-making process, like their SE characteristics and tactics. The results and limitations associated with each study, along with recommendations for further research are discussed

Oportunidades, riesgos y aplicaciones de la inteligencia de fuentes abiertas en la ciberseguridad y la ciberdefensa

The intelligence gathering has transformed significantly in the digital age. A qualitative leap within this domain is the sophistication of Open Source Intelligence (OSINT), a paradigm that exploits publicly available information for planned and strategic objectives. The main purpose of this PhD thesis is to motivate, justify and demonstrate OSINT as a reference paradigm that should complement the present and future of both civilian cybersecurity solutions and cyberdefence national and international strategies. The first objective concerns the critical examination and evaluation of the state of OSINT under the current digital revolution and the growth of Big Data and Artificial Intelligence (AI). The second objective is geared toward categorizing security and privacy risks associated with OSINT. The third objective focuses on leveraging the OSINT advantages in practical use cases by designing and implementing OSINT techniques to counter online threats, particularly those from social networks. The fourth objective embarks on exploring the Dark web through the lens of OSINT, identifying and evaluating existing techniques for discovering Tor onion addresses, those that enable the access to Dark sites hosted in the Tor network, which could facilitate the monitoring of underground sites. To achieve these objectives, we follow a methodology with clearly ordered steps. Firstly, a rigorous review of the existing literature addresses the first objective, focusing on the state of OSINT, its applications, and its challenges. This serves to identify existing research gaps and establish a solid foundation for an updated view of OSINT. Consequently, a critical part of the methodology involves assessing the potential security and privacy risks that could emerge from the misuse of OSINT by cybercriminals, including using AI to enhance cyberattacks, fulfilling the second objective. Thirdly, to provide practical evidence regarding the power of OSINT, we work in a Twitter use case in the context of the 2019 Spanish general election, designing and implementing OSINT methods to understand the behaviour and impact of automated accounts. Through AI and social media analysis, this process aims to detect social bots in the wild for further behaviour characterization and impact assessment, thus covering the third objective. The last effort is dedicated to the Dark web, reviewing different works in the literature related to the Tor network to identify and characterize the techniques for gathering onion addresses essential for accessing anonymous websites, completing the fourth objective. This comprehensive methodology led to the publication of five remarkable scientific papers in peer-reviewed journals, collectively forming the basis of this PhD thesis. As main conclusions, this PhD thesis underlines the immense potential of OSINT as a strategic tool for problem-solving across many sectors. In the age of Big Data and AI, OSINT aids in deriving insights from vast, complex information sources such as social networks, online documents, web pages and even the corners of the Deep and Dark web. The practical use cases developed in this PhD thesis prove that incorporating OSINT into cybersecurity and cyberdefence is increasingly valuable. Social Media Intelligence (SOCMINT) helps to characterize social bots in disinformation contexts, which, in conjunction with AI, returns sophisticated results, such as the sentiment of organic content generated in social media or the political alignment of automated accounts. On the other hand, the Dark Web Intelligence (DARKINT) enables gathering the links of anonymous Dark web sites. However, we also expose in this PhD thesis that the development of OSINT carries its share of risks. Open data can be exploited for social engineering, spear-phishing, profiling, deception, blackmail, spreading disinformation or launching personalized attacks. Hence, the adoption of legal and ethical practices is also important.La recolección de inteligencia ha sufrido una transformación significativa durante la era digital. En particular, podemos destacar el auge y sofisticicación de la Inteligencia de Fuentes Abiertas (OSINT, por sus siglas en inglés de Open Source Intelligence), paradigma que recolecta y analiza la información públicamente disponible para objetivos estratégicos y planificados. El cometido principal de esta tesis doctoral es motivar, justificar y demostrar que OSINT es un paradigma de referencia para complementar el presente y futuro de las soluciones de ciberseguridad civiles y las estrategias de ciberdefensa nacionales e internacionales. El primer objetivo es examinar y evaluar el estado de OSINT en el contexto actual de revolución digital y crecimiento del Big Data y la Inteligencia Artificial (IA). El segundo objetivo está orientado a categorizar los riesgos de seguridad y privacidad asociados con OSINT. El tercer objetivo se centra en aprovechar las ventajas de OSINT en casos de uso prácticos, diseñando e implementando técnicas de OSINT para contrarrestar amenazas online, particularmente aquellas provenientes de las redes sociales. El cuarto objetivo es explorar la Dark web, buscando identificar y evaluar técnicas existentes para descubrir las direcciones aleatorias de las páginas alojadas en la red Tor. Para alcanzar estos objetivos seguimos una metodología con pasos ordenados. Primero, para abordar el primer objetivo, realizamos una revisión rigurosa de la literatura existente, centrándonos en el estado de OSINT, sus aplicaciones y sus desafíos. A continuación, en relación con el segundo objetivo, evaluamos los posibles riesgos de seguridad y privacidad que podrían surgir del mal uso de OSINT por parte de ciberdelincuentes, incluido el uso de IA para mejorar los ciberataques. En tercer lugar, para proporcionar evidencia práctica sobre el poder de OSINT, trabajamos en un caso de uso de Twitter en el contexto de las elecciones generales españolas de 2019, diseñando e implementando métodos de OSINT para entender el comportamiento y el impacto de las cuentas automatizadas. A través de la IA y el análisis de redes sociales, buscamos detectar bots sociales en Twitter para una posterior caracterización del comportamiento y evaluación del impacto, cubriendo así el tercer objetivo. Luego, dedicamos otra parte de la tesis al cuarto objetivo relacionado con la Dark web, revisando diferentes trabajos en la literatura de la red Tor para identificar y caracterizar las técnicas para recopilar direcciones onion, esenciales para acceder a sitios web anónimos de la red Tor. Esta metodología llevó a la publicación de cinco destacados artículos científicos en revistas revisadas por pares, formando colectivamente la base de esta tesis doctoral. Como principales conclusiones, esta tesis doctoral subraya el inmenso potencial de OSINT como herramienta estratégica para resolver problemas en muchos sectores. En la era de Big Data e IA, OSINT extrae conocimiento a partir de grandes y complejas fuentes de información en abierto como redes sociales, documentos online, páginas web, e incluso en la Deep y Dark web. Por otro lado, los casos prácticos desarrollados evidencian que la incorporación de OSINT en ciberseguridad y ciberdefensa es cada vez más valiosa. La Inteligencia de Redes Sociales (SOCMINT, por sus siglas en inglés Social Media Intelligence) ayuda a caracterizar bots sociales en contextos de desinformación. Por su parte, la Inteligencia de la Web Oscura (DARKINT, por sus siglas en inglés Dark Web Intelligence) permite recopilar enlaces de sitios anónimos de la Dark web. Sin embargo, esta tesis expone como el desarrollo de OSINT lleva consigo una serie de riesgos. Los datos abiertos pueden ser explotados para ingeniería social, spear-phishing, perfilado, engaño, chantaje, difusión de desinformación o lanzamiento de ataques personalizados. Por lo tanto, la adopción de prácticas legales y éticas es también imprescindible

Law\u27s Haze, Police Ways, and Tech\u27s Maze: Relationships between American law, crime, and technology

In this dissertation, I explore the role of law in policing operations targeting cyber sex offenders in the United States. Specifically, I examine enforcement in this crime arena as part of an ongoing expansion within the carceral, surveillance, risk-based state. I argue that imprecision and lack of clarity within American law – particularly in the evolving world of online interactions – generate hazy, arbitrary applications in law enforcement. On this point, I submit that absence of legal clarity undermines law enforcement efforts to address crimes – both within and beyond the cyber world. Distinctive spaces of online and tech-based socialization, paired with the rapid evolution of technology, produce complex conditions for law enforcement. These components are further nourished – indeed, created – by a pervasive lack of clarity within the law. In short, law is unable to keep pace with the evolving nature of crime, the technologies of crime, and finally, the technologies of crime response, deterrence, and prevention. In chronicling the history of American sex crimes law enforcement broadly and cyber sex crimes specifically, I trace the role of unclear law in the ongoing project of carceral state development. Through my work on a State-mandated taskforce reviewing the Connecticut Sex Offender Registry, I also document impetuses of carceral state construction in the criminal justice apparatus for cataloging, monitoring, tracking, and surveilling of offenders. Moreover, I detect within the shift toward risk-assessment criminal justice sanctions the move to predict and identify not-yet-offenders among the civilian population – a premise of the carceral state drive to subsume the legal into those rendered illegal; the nonpunitive into the punitive; the civil into the penal

IDTraffickers:An Authorship Attribution Dataset to link and connect Potential Human-Trafficking Operations on Text Escort Advertisements

Human trafficking (HT) is a pervasive global issue affecting vulnerable individuals, violating their fundamental human rights. Investigations reveal that a significant number of HT cases are associated with online advertisements (ads), particularly in escort markets. Consequently, identifying and connecting HT vendors has become increasingly challenging for Law Enforcement Agencies (LEAs). To address this issue, we introduce IDTraffickers, an extensive dataset consisting of 87,595 text ads and 5,244 vendor labels to enable the verification and identification of potential HT vendors on online escort markets. To establish a benchmark for authorship identification, we train a DeCLUTR-small model, achieving a macro-F1 score of 0.8656 in a closed-set classification environment. Next, we leverage the style representations extracted from the trained classifier to conduct authorship verification, resulting in a mean r-precision score of 0.8852 in an open-set ranking environment. Finally, to encourage further research and ensure responsible data sharing, we plan to release IDTraffickers for the authorship attribution task to researchers under specific conditions, considering the sensitive nature of the data. We believe that the availability of our dataset and benchmarks will empower future researchers to utilize our findings, thereby facilitating the effective linkage of escort ads and the development of more robust approaches for identifying HT indicators

IDTraffickers:An Authorship Attribution Dataset to link and connect Potential Human-Trafficking Operations on Text Escort Advertisements

Human trafficking (HT) is a pervasive global issue affecting vulnerable individuals, violating their fundamental human rights. Investigations reveal that a significant number of HT cases are associated with online advertisements (ads), particularly in escort markets. Consequently, identifying and connecting HT vendors has become increasingly challenging for Law Enforcement Agencies (LEAs). To address this issue, we introduce IDTraffickers, an extensive dataset consisting of 87,595 text ads and 5,244 vendor labels to enable the verification and identification of potential HT vendors on online escort markets. To establish a benchmark for authorship identification, we train a DeCLUTR-small model, achieving a macro-F1 score of 0.8656 in a closed-set classification environment. Next, we leverage the style representations extracted from the trained classifier to conduct authorship verification, resulting in a mean r-precision score of 0.8852 in an open-set ranking environment. Finally, to encourage further research and ensure responsible data sharing, we plan to release IDTraffickers for the authorship attribution task to researchers under specific conditions, considering the sensitive nature of the data. We believe that the availability of our dataset and benchmarks will empower future researchers to utilize our findings, thereby facilitating the effective linkage of escort ads and the development of more robust approaches for identifying HT indicators

Biztonság és jog: Konferenciakötet

Mindig is jelentős tudományos teher nehezedett azon kutatókra a társadalomtudományok terén, akik a „biztonság” – mint általános koncepció fogalmát - gazdasági, jogi, vagy iparági, szűk körben értelemezett szakmai szempontok alapján kívánták meghatározni. A jogtudományok területén a biztonság hiánya számos álláspont szerint egyfajta fenyegetést, veszélyt, kárt, hátrányt jelent, így maga a „biztonság” egy sajátos védelmi, konzervációs állapotot testesít meg. Így az értelmezés terén a joggyakorlatban gyakran alkalmazott ún. negatív megközelítés szolgálhat kiindulópontként tekintettel arra, hogy a biztonság fogalma legegyszerűbben annak hiányán keresztül értelmezhető. Figyelemmel a jogi értelemben vett biztonság multilaterális jellegére, ahogyan a gazdasági -, úgy szükségszerűen a jogi érdekek esetleges sérelme sem zárható ki teljes mértékben, tekintettel a fogalom relatív jellegére. Ugyanakkor az ember, mint jogalany biztonságát holisztikus megközelítéssel a személyét, valamint anyagi javait érő valamennyi fenyegetést és sérelmet figyelembe vevő, egymásra épülő megközelítés útján lehetséges értelmezni. A negyedik ipari forradalom következtében a fentiek alapján vett biztonság kérdésköre új dimenzót jelentve számottevő mértékben az online térben jelenik meg. Dinamikáját tekintve e kérdéskör - az információs-kommunikációs technológiák fejlődésével, különösen a jelenlegi COVID-19 okozta pandemiás helyzet kapcsán bekövetkezett változások okán – a korábbiakhoz képest jelentősen felgyorsult. A jelenlegi tudományos, műszaki és gazdasági fejlődés szintje, az ún. „state of art” új igényeket és jelenleg még nem ismert kockázatokat, kihívásokat generál. A konferencia 2020. december 8-án a fent részletezett aktualitásokra figyelemmel a Pécsi Tudományegyetem Állam-és Jogtudományi Kar Kriminológia és Büntetés-végrehajtási Jogi Tanszéke által került megszervezésre a biztonságpolitika területén folytatott kutatási munka hagyományának további ápolásaként. Az előadások anyagát jelen kötetünkben az Olvasó szíves figyelmébe ajánljuk.2020.12.0