Alice Hutchings

Exploring the Provision of Online Booter Services

ABSTRACT This research uses differential association, techniques of neutralization, and rational choice theory to study those who operate “booter services”: websites that illegally offer denial-of-service attacks for a fee. Booter services provide “easy money” for the young males that run them. The operators claim they provide legitimate services for network testing, despite acknowledging that their services are used to attack other targets. Booter services are advertised through the online communities where the skills are learned and definitions favorable toward offending are shared. Some financial services proactively frustrate the provision of booter services, by closing the accounts used for receiving payments.

The online stolen data market: disruption and intervention approaches

This article brings a new taxonomy and collation of intervention and disruption methods that can be applied to the online stolen data market. These online marketplaces are used to buy and sell identity and financial information, as well as the products and services that enable this economy. This article combines research findings from computer science with criminology to provide a multidisciplinary approach to crimes committed with the use of technology.

Scripting the crime commission process in the illicit online prescription drug trade

This article considers the processes in the illicit online prescription drug trade, namely search-redirection attacks and the operation of unlicensed pharmacies using crime script analysis. Empirical data have been used to describe the salient elements of the online criminal infrastructures and associated monetization paths enabling criminal profitability. This analysis reveals the existence of structural chokepoints: components of online criminal operations being limited in number, and critical for the operations’ profitability. Consequently, interventions targeting such components can reduce the opportunities and incentives to engage in online crime through an increase in criminal operational costs, and in the risk of apprehension.

Cloud computing for small business: Criminal and security threats and prevention measures

Compared with large organisations, small businesses operate in a distinct and highly resource-constrained operating and technical environment. Their proprietors are often time poor, have minimal bargaining power and have limited financial, technical, legal and personnel resources. It is therefore unsurprising that cloud computing and its promise of smoothing cash flows and dramatically reducing ICT overheads is attractive to small business. Cloud computing shifts the delivery and maintenance of software, databases and storage to the internet, transforming them into Pay-As-You-Go services accessed through a web browser. While providing many benefits, cloud computing also brings many risks for small business, including potential computer security and criminal, regulatory and civil liability issues. This paper, undertaken as a collaborative partnership with the ARC Centre of Excellence in Policing and Security at Griffith University, identifies these risks and offers a perspective on how they might be contained so that the benefits of cloud computing do not outweigh the risks for small businesses in the 21st century.

Examining signals of trust in criminal markets online

Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHSSandT/ CSD) Broad Agency Announcement 11.02, the Government of Australia and SPAWAR Systems Center Pacific [N66001-13-C-0131]; National Institute of Justice, Office of Justice Programs, US Department of Justice [2010-IJ-CX-1676, 2010]

Configuring Zeus: A case study of online crime target selection and knowledge transmission

Zeus is a well-known and effective family of ‘man-in-the-browser’ malware. This qualitative case study analyses posts in online cybercrime forums that discuss Zeus configuration. Online cybercriminals were found to share, sell, steal, and trade configuration files. The discussions and advertisements on the forums, which span four years, were found to evolve with market conditions and externalities, including Zeus being offered as a subscription service. The release of tools to decrypt configuration files by security researchers was also closely followed on the forums, and assisted offenders when it came to stealing configuration files from others.

Computer security threats faced by small businesses in Australia

In this paper, an overview is provided of computer security threats faced by small businesses. Having identified the threats, the implications for small business owners are described, along with countermeasures that can be adopted to prevent incidents from occurring. The results of the Australian Business Assessment of Computer User Security (ABACUS) survey, commissioned by the Australian Institute of Criminology (AIC), are drawn upon to identify key risks (Challice 2009; Richards 2009). Additional emerging threats relating to wireless internet, cloud computing and spear phishing are also outlined, as well as the risks relating to online fraud.

CrimeBB: Enabling Cybercrime Research on Underground Forums at Scale

Underground forums allow criminals to interact, exchange knowledge, and trade in products and services. They also provide a pathway into cybercrime, tempting the curious to join those already motivated to obtain easy money. Analysing these forums enables us to better understand the behaviours of offenders and pathways into crime. Prior research has been valuable, but limited by a reliance on datasets that are incomplete or outdated. More complete data, going back many years, allows for comprehensive research into the evolution of forums and their users. We describe CrimeBot, a crawler designed around the particular challenges of capturing data from underground forums. CrimeBot is used to update and maintain CrimeBB, a dataset of more than 48m posts made from 1m accounts in 4 different operational forums over a decade. This dataset presents a new opportunity for large-scale and longitudinal analysis using up-to-date information. We illustrate the potential by presenting a case study using CrimeBB, which analyses which activities lead new actors into engagement with cybercrime. CrimeBB is available to other academic researchers under a legal agreement, designed to prevent misuse and provide safeguards for ethical research.

Ethical issues in research using datasets of illicit origin

We evaluate the use of data obtained by illicit means against a broad set of ethical and legal issues. Our analysis covers both the direct collection, and secondary uses of, data obtained via illicit means such as exploiting a vulnerability, or unauthorized disclosure. We extract ethical principles from existing advice and guidance and analyse how they have been applied within more than 20 recent peer reviewed papers that deal with illicitly obtained datasets. We find that existing advice and guidance does not address all of the problems that researchers have faced and explain how the papers tackle ethical issues inconsistently, and sometimes not at all. Our analysis reveals not only a lack of application of safeguards but also that legitimate ethical justifications for research are being overlooked. In many cases positive benefits, as well as potential harms, remain entirely unidentified. Few papers record explicit Research Ethics Board (REB) approval for the activity that is described and the justifications given for exemption suggest deficiencies in the REB process.

Characterizing Eve: Analysing Cybercrime Actors in a Large Underground Forum.

Underground forums contain many thousands of active users, but the vast majority will be involved, at most, in minor levels of deviance. The number who engage in serious criminal activity is small. That being said, underground forums have played a significant role in several recent high-profile cybercrime activities. In this work we apply data science approaches to understand criminal pathways and characterize key actors related to illegal activity in one of the largest and longest-running underground forums. We combine the results of a logistic regression model with k-means clustering and social network analysis, verifying the findings using topic analysis. We identify variables relating to forum activity that predict the likelihood a user will become an actor of interest to law enforcement, and would therefore benefit the most from intervention. This work provides the first step towards identifying ways to deter the involvement of young people away from a career in cybercrime.