Peer Surveillance in Online Communities

Online communities are not safe spaces for user privacy. Even though existing research focuses on creating and improving various content moderation strategies and privacy preserving technologies, platforms hosting online communities support features allowing users to surveil one another--leading to harassment, personal data breaches, and offline harm. To tackle this problem, we introduce a new, work-in-progress framework for analyzing data privacy within vulnerable, identity-based online communities. Where current SOUPS papers study surveillance and longitudinal user data as two distinct challenges to user privacy, more work needs to be done in exploring the sites where surveillance and historical user data assemble. By synthesizing over 40 years of developments in the analysis of surveillance, we derive properties of online communities that enable the abuse of user data by fellow community members and suggest key steps to improving security for vulnerable users. Deploying this new framework on new and existing platforms will ensure that online communities are privacy-conscious and designed more inclusively

The Ethics of Going Deep: Challenges in Machine Learning for Sensitive Security Domains

Sometimes, machine learning models can determine the trajectory of human life, and a series of cascading ethical failures could be irreversible. Ethical concerns are nevertheless set to increase, in particular when the injection of algorithmic forms of decision-making occurs in highly sensitive security contexts. In cybercrime, there have been cases of algorithms that have not identified racist and hateful speeches, as well as missing the identification of Image Based Sexual Abuse cases. Hence, this paper intends to add a voice of caution on the vulnerabilities pervading the different stages of a machine learning development pipeline and the ethical challenges that these potentially nurture and perpetuate. To highlight both the issues and potential fixes in an adversarial environment, we use Child Sexual Exploitation and its implications on the Internet as a case study, being 2021 its worst year according to the Internet Watch Foundation

Understanding and preventing the advertisement and sale of illicit drugs to young people through social media: A multidisciplinary scoping review

ISSUES: The sale of illicit drugs online has expanded to mainstream social media apps. These platforms provide access to a wide audience, especially children and adolescents. Research is in its infancy and scattered due to the multidisciplinary aspects of the phenomena. APPROACH: We present a multidisciplinary systematic scoping review on the advertisement and sale of illicit drugs to young people. Peer-reviewed studies written in English, Spanish and French were searched for the period 2015 to 2022. We extracted data on users, drugs studied, rate of posts, terminology used and study methodology. KEY FINDINGS: A total of 56 peer-reviewed papers were included. The analysis of these highlights the variety of drugs advertised and platforms used to do so. Various methodological designs were considered. Approaches to detecting illicit content were the focus of many studies as algorithms move from detecting drug-related keywords to drug selling behaviour. We found that on average, for the studies reviewed, 13 in 100 social media posts advertise illicit drugs. However, popular platforms used by adolescents are rarely studied. IMPLICATIONS: Promotional content is increasing in sophistication to appeal to young people, shifting towards healthy, glamourous and seemingly legal depictions of drugs. Greater inter-disciplinary collaboration between computational and qualitative approaches are needed to comprehensively study the sale and advertisement of illegal drugs on social media across different platforms. This requires coordinated action from researchers, policy makers and service providers

“Invest in crypto!”: An analysis of investment scam advertisements found in Bitcointalk

This paper investigates the evolution of investment scam lures and scam-related keywords in the cryptocurrency online forum Bitcointalk over a period of 12 years. Our findings show a shift in scam-related keywords found within posts in the forum, where “Ponzi” was the most popular and most frequently mentioned in 2014 and 2018 and “HYIP” appeared more often in 2018 and 2021. We also identify that the financial principle is the tactic more likely to be used to lure people into investment scams from 2015 until 2017, coinciding with the period when “Ponzi” was the most commonly found keyword. This is followed by a transition to the authority and distraction principles from 2018 until 2022, which also coincides with the increase of popularity of “HYIP”. We collect more than 17.8M posts from 399k threads from the forum from July 2010 until June 2022. Our longitudinal analysis shows the popularity transition between subforums and keywords across time. We design a categorisation criteria and annotate 4,218 posts from 2,630 threads based on it. We then use the annotated sample to train four machine learning statistical models. We use the best performing model to classify all 281k English-language threads into four categories: overt scams, potential scams, scam comments and not investment scam related. We analyze the frequency changes of scam-related threads across the 12 year period and observe that overt and potential scams peaked in 2015 and 2018 respectively. We see that potential scams also increased during the COVID-19 pandemic. We use heuristics to pinpoint the types of cryptocurrencies most frequently used within scam advertisements. Bitcoin is most commonly found in potential scams while Ethereum appears more often than other cryptocurrencies in overt scams. We use machine learning classifiers to identify the scam actor types behind the posts categorised as overt and potential scams. We also classify the type of lure used by scammers. Our results indicate that the time principle is not a tactic used as frequently as expected. Finally, we observe the influence of the pandemic in the strategies used to lure victims, reflected in higher than expected use of the kindness principle in 2021 and 2022

The Bitcoin Brain Drain: Examining the Use and Abuse of Bitcoin Brain Wallets

In the cryptocurrency Bitcoin, users can deterministically derive the private keys used for transmitting money from a password. Such “brain wallets” are appealing because they free users from storing their private keys on untrusted computers. Unfortunately, they also enable attackers to conduct unlimited offline password guessing. In this paper, we report on the first large-scale measurement of the use of brain wallets in Bitcoin. Using a wide range of word lists, we evaluated around 300 billion passwords. Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 h but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded. We find no evidence that users of brain wallets loaded with more bitcoin select stronger passwords, but we do find that brain wallets with weaker passwords are cracked more quickly

Measuring the Changing Cost of Cybercrime

In 2012 we presented the first systematic study of the costs of cybercrime. In this paper, we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone replacing the PC and laptop as the consumer terminal of choice, with Android replacing Windows, and with many services moving to the cloud. The use of social networks has become extremely widespread. The executive summary is that about half of all property crime, by volume and by value, is now online. We hypothesised in 2012 that this might be so; it is now established by multiple victimisation studies. Many cybercrime patterns appear to be fairly stable, but there are some interesting changes. Payment fraud, for example, has more than doubled in value but has fallen slightly as a proportion of payment value; the payment system has simply become bigger, and slightly more efficient. Several new cybercrimes are significant enough to mention, including business email compromise and crimes involving cryptocurrencies. The move to the cloud means that system misconfiguration may now be responsible for as many breaches as phishing. Some companies have suffered large losses as a side-effect of denial-of-service worms released by state actors, such as NotPetya; we have to take a view on whether they count as cybercrime. The infrastructure supporting cybercrime, such as botnets, continues to evolve, and specific crimes such as premium-rate phone scams have evolved some interesting variants. The overall picture is the same as in 2012: traditional offences that are now technically ‘computer crimes’ such as tax and welfare fraud cost the typical citizen in the low hundreds of Euros/dollars a year; payment frauds and similar offences, where the modus operandi has been completely changed by computers, cost in the tens; while the new computer crimes cost in the tens of cents. Defending against the platforms used to support the latter two types of crime cost citizens in the tens of dollars. Our conclusions remain broadly the same as in 2012: it would be economically rational to spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more on response. We are particularly bad at prosecuting criminals who operate infrastructure that other wrongdoers exploit. Given the growing realisation among policymakers that crime hasn’t been falling over the past decade, merely moving online, we might reasonably hope for better funded and coordinated law-enforcement action

Investigating MMM Ponzi scheme on Bitcoin

Cybercriminals exploit cryptocurrencies to carry out illicit activities. In this paper, we focus on Ponzi schemes that operate on Bitcoin and perform an in-depth analysis of MMM, one of the oldest and most popular Ponzi schemes. Based on 423K transactions involving 16K addresses, we show that: (1) Starting Sep 2014, the scheme goes through three phases over three years. At its peak, MMM circulated more than 150M dollars a day, after which it collapsed by the end of Jun 2016. (2) There is a high income inequality between MMM members, with the daily Gini index reaching more than 0.9. The scheme also exhibits a zero-sum investment model, in which one member's loss is another member's gain. The percentage of victims who never made any profit has grown from 0% to 41% in five months, during which the top-earning scammer has made 765K dollars in profit. (3) The scheme has a global reach with 80 different member countries but a highly-asymmetrical flow of money between them. While India and Indonesia have the largest pairwise flow in MMM, members in Indonesia have received 12x more money than they have sent to their counterparts in India

SmartOTPs: An Air-Gapped 2-Factor Authentication for Smart-Contract Wallets

With the recent rise of cryptocurrencies' popularity, the security and management of crypto-tokens have become critical. We have witnessed many attacks on users and providers, which have resulted in significant financial losses. To remedy these issues, several wallet solutions have been proposed. However, these solutions often lack either essential security features, usability, or do not allow users to customize their spending rules. In this paper, we propose SmartOTPs, a smart-contract wallet framework that gives a flexible, usable, and secure way of managing crypto-tokens in a self-sovereign fashion. The proposed framework consists of four components (i.e., an authenticator, a client, a hardware wallet, and a smart contract), and it provides 2-factor authentication (2FA) performed in two stages of interaction with the blockchain. To the best of our knowledge, our framework is the first one that utilizes one-time passwords (OTPs) in the setting of the public blockchain. In SmartOTPs, the OTPs are aggregated by a Merkle tree and hash chains whereby for each authentication only a short OTP (e.g., 16B-long) is transferred from the authenticator to the client. Such a novel setting enables us to make a fully air-gapped authenticator by utilizing small QR codes or a few mnemonic words, while additionally offering resilience against quantum cryptanalysis. We have made a proof-of-concept based on the Ethereum platform. Our cost analysis shows that the average cost of a transfer operation is comparable to existing 2FA solutions using smart contracts with multi-signatures

Measuring the changing cost of cybercrime

In 2012 we presented the rst systematic study of the costs of cybercrime. In this paper, we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone replacing the PC and laptop as the consumer terminal of choice, with Android replacing Windows, and with many services moving to the cloud. The use of social networks has become extremely widespread. The executive summary is that about half of all property crime, by volume and by value, is now online. We hypothesised in 2012 that this might be so; it is now established by multiple victimisation studies. Many cybercrime patterns appear to be fairly stable, but there are some interesting changes. Payment fraud, for example, has more than doubled in value but has fallen slightly as a proportion of payment value; the payment system has simply become bigger, and slightly more ecient. Several new cybercrimes are signicant enough to mention, including business email compromise and crimes involving cryptocurrencies. The move to the cloud means that system misconguration may now be responsible for as many breaches as phishing. Some companies have suered large losses as a side-eect of denial-of-service worms released by state actors, such as NotPetya; we have to take a view on whether they count as cybercrime. The infrastructure supporting cybercrime, such as botnets, continues to evolve, and specic crimes such as premium-rate phone scams have evolved some interesting variants. The overall picture is the same as in 2012: traditional oences that are now technically `computer crimes' such as tax and welfare fraud cost the typical citizen in the low hundreds of Euros/ dollars a year; payment frauds and similar oences, where the modus operandi has been completely changed by computers, cost in the tens; while the new computer crimes cost in the tens of cents. Defending against the platforms used to support the latter two types of crime cost citizens in the tens of dollars. Our conclusions remain broadly the same as in 2012: it would be economically rational to spend less in anticipation of cybercrime (on antivirus, rewalls, etc.) and more on response. We are particularly bad at prosecuting criminals who operate infrastructure that other wrongdoers exploit. Given the growing realisation among policymakers that crime hasn't been falling over the past decade, merely moving online, we might reasonably hope for better funded and coordinated law-enforcement action