skip to main content

Attention:

The NSF Public Access Repository (NSF-PAR) system and access will be unavailable from 11:00 PM ET on Thursday, October 10 until 2:00 AM ET on Friday, October 11 due to maintenance. We apologize for the inconvenience.


This content will become publicly available on February 23, 2025

Title: The Art of Cybercrime Community Research

In the last decade, cybercrime has risen considerably. One key factor is the proliferation of online cybercrime communities, where actors trade products and services, and also learn from each other. Accordingly, understanding the operation and behavior of these communities is of great interest, and they have been explored across multiple disciplines with different, often quite novel, approaches. This survey explores the challenges inherent to the field and the methodological approaches researchers used to understand this space. We note that, in many cases, cybercrime research is more of an art than a science. We highlight the good practices and propose a list of recommendations for future cybercrime community scholars, including taking steps to verify and validate results, establishing privacy and ethical research practices, and mitigating the challenge of ground truth data.

 
more » « less
Award ID(s):
2246220
NSF-PAR ID:
10495736
Author(s) / Creator(s):
; ; ; ; ; ;
Publisher / Repository:
Association for Computing Machinery
Date Published:
Journal Name:
ACM Computing Surveys
Volume:
56
Issue:
6
ISSN:
0360-0300
Page Range / eLocation ID:
1 to 26
Subject(s) / Keyword(s):
Cybercrime, communities, forums, marketplaces, data processing, ethics
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Jaishankar, K. (Ed.)
    Compared to other topics, cybercrime is a relatively new addition to the criminological literature. interest in the topic has grown over the past decade, with a handful of scholars leading efforts to generate empirical understanding about the topic. Common conclusions reached in these studies are that more research is needed, cybercrime is interdisciplinary in nature, and cybercrime should be addressed as an international problem. In this study, we examine a sample of 593 prior cybercrime scholarly articles to identify the types of research strategies used in them, the patterns guiding those strategies, whether the research is interdisciplinary, and the degree to which scholars engage in international cybercrime studies. Attention is also given to co-authorship as well as citation patterns. Implications for future research are provided. 
    more » « less
  2. In recent decades, law enforcement agencies have increasingly prioritized cybercrime investigations, as evinced by the growing adoption of specialized cybercrime units and personnel. A burgeoning literature has emerged which examines cybercrime units and investigators. Yet, little attention has been given to the role of computers in shaping these investigations. This study addresses this gap through an analysis of qualitative interviews with 47 cybercrime investigative personnel including sworn detectives, civilian analysts, and unit administrators. This analysis confirms and extends prior research by exploring challenges presented by computers to cybercrime investigations including issues surrounding anonymization, encryption, jurisdiction, caseloads, backlogs, data volume, eliciting data from electronic service providers, and the ever-changing technological landscape. Also considered are the advantages offered by such technologies for cybercrime investigations. Computer and network technologies facilitate undercover investigations, provide easy access to global networks and databases, and supply large quantities of evidence to help secure convictions. Finally, this study considers elements of cybercrime investigations not supplanted by computer databases, automation, or network systems. Directions for future research and policy implications are considered.

     
    more » « less
  3. The current analysis utilizes semi-structured qualitative interviews with sworn cybercrime detectives, civilian digital forensics analysts, and unit administrators to consider variations between cybercrime units which bear significant implications for cybercrime investigative policy and practice. The first variation observed in this study concerns differences in the structure of digital forensics assignments. Such duties may be assigned to sworn officers, civilians, sworn officers and civilian, outsourced to other departments, or a dedicated forensic lab. Second, variations between units were noted in resource availability (tools, training, and finances). These variations among cybercrime units may have implications for personnel recruitment and retention, the sophistication of cases considered by investigators, and case success.

     
    more » « less
  4. While research has been conducted with and in marginalized or vulnerable groups, explicit guidelines and best practices centering on specific communities are nascent. An excellent case study to engage within this aspect of research is Black Twitter. This research project considers the history of research with Black communities, combined with empirical work that explores how people who engage with Black Twitter think about research and researchers in order to suggest potential good practices and what researchers should know when studying Black Twitter or other digital traces from marginalized or vulnerable online communities. From our interviews, we gleaned that Black Twitter users feel differently about their content contributing to a research study depending on, for example, the type of content and the positionality of the researcher. Much of the advice participants shared for researchers involved an encouragement to cultivate cultural competency, get to know the community before researching it, and conduct research transparently. Aiming to improve the experience of research for both Black Twitter and researchers, this project is a stepping stone toward future work that further establishes and expands user perceptions of research ethics for online communities composed of vulnerable populations. 
    more » « less
  5. Cyberattacks are a major threat in the modern era, yet there is a lack of information on how cybercrime groups think and operate. This paper aims to better understand cyber adversaries by analyzing penetration testing teams during the 2018 and 2019 National Collegiate Penetration Testing Competition, in which groups of students performed similar actions as cybercriminals, attempting to identify and exploit system vulnerabilities. Using penetration testing teams as an ethical proxy for cybercrime groups allows the researchers to study group dynamics as well as factors impacting the rationality of cybercriminals. Themes identified in manually coded interview transcripts are compared to the existing literature on cybercrime groups. Similar to what is established in the prior research, themes emerged in the interviews on the group structure and dynamics of each team, featuring elements of leadership, division of labor, the role of each team member, the presence of partners and subgroups, communication within the team, and interpersonal team member relationships. Other apparent factors that specifically impacted the bounded, or limited, rationality of the team members included setbacks and problem solving, the competition environment, stress, and issues with morale. This comparison of penetration testing groups with cybercrime groups allows for the development of a better understanding of the operations and rational thinking of a criminal organization, which may lead to a better understanding of how to prevent or defend against cyberattacks, such as by improving response times of the security team or by increasing the difficulty of penetrating the technical environment 
    more » « less