Search for: All records

The emergence of the dark web has enabled hackers to anonymously exchange information and trade malware worldwide, exposing organizations to an unprecedented number of threats. Without visibility into this offensive base, defenders are often left to mitigate damage. While prior cyber-threat intelligence research has been valuable, it has been constrained by incomplete, outdated, and noisy datasets. In this paper, we detail our efforts to build a comprehensive repository that illuminates the current plans of cyber-attackers. We achieve this by designing and deploying DarkMiner, a system that regularly scrapes the Tor network to populate the DarkMiner Database (DMDb). DMDb offers researchers a structured criminal hacking data collection enhanced with non-textual fields and object change tracking capabilities. To show its potential, we present three case studies analyzing: 1) cyber threat market fluctuations, 2) image-based vendor attribution, and 3) software vulnerability targeting. 

In the last decade, cybercrime has risen considerably. One key factor is the proliferation of online cybercrime communities, where actors trade products and services, and also learn from each other. Accordingly, understanding the operation and behavior of these communities is of great interest, and they have been explored across multiple disciplines with different, often quite novel, approaches. This survey explores the challenges inherent to the field and the methodological approaches researchers used to understand this space. We note that, in many cases, cybercrime research is more of an art than a science. We highlight the good practices and propose a list of recommendations for future cybercrime community scholars, including taking steps to verify and validate results, establishing privacy and ethical research practices, and mitigating the challenge of ground truth data.