论文信息 - Profiling underground merchants based on network behavior

Profiling underground merchants based on network behavior

Online underground forums serve a key role in facilitating information exchange and commerce between gray market or even cybercriminal actors. In order to streamline bilateral communication to complete sales, merchants often publicly post their IM contact details, such as their Skype handle. Merchants that publicly post their Skype handle potentially leak information, since Skype has a known protocol flaw that reveals the IP address(es) of a user when they are online. In this paper, we collect Skype handles of merchants from three underground forums-AntiChat, BlackHat World and Hack Forums-and longitudinally monitor their network behavior. Our analysis of their network behavior provides a rich profile of their likely locations, network behavior, work habits, and other dynamics. In particular, we show that these merchants do not frequently use VPN services, and even when they do, they often leak their likely geolocation by also directly using residential and cellular IP addresses.

[1] Rob Thomas,et al. The underground economy: priceless , 2006 .

[2] Stefan Savage,et al. An inquiry into the nature and causes of the wealth of internet miscreants , 2007, CCS '07.

[3] T. Holt,et al. Exploring stolen data markets online: products and market forces , 2010 .

[4] Christian Platzer,et al. Covertly Probing Underground Economy Marketplaces , 2010, DIMVA.

[5] Walid Dabbous,et al. I know where you are and what you are sharing: exploiting P2P communications to invade users' privacy , 2011, IMC '11.

[6] Stefan Savage,et al. An analysis of underground forums , 2011, IMC '11.

[7] Nigel Shadbolt,et al. Why forums?: an empirical analysis into the facilitating factors of carding forums , 2013, WebSci.

[8] Nicolas Christin,et al. Traveling the silk road: a measurement analysis of a large anonymous online marketplace , 2012, WWW.

[9] Damon McCoy,et al. Honor among thieves: A common's analysis of cybercrime economies , 2013, 2013 APWG eCrime Researchers Summit.

[10] Ariel Stolerman,et al. Doppelgänger Finder: Taking Stylometry to the Underground , 2014, 2014 IEEE Symposium on Security and Privacy.

[11] Vaibhav Garg,et al. Computer-Supported Cooperative Crime , 2015, Financial Cryptography.

[12] Sadia Afroz,et al. Computer-Supported Cooperative Crime ( Short Paper ) , 2015 .