This project examines three properties of underground cybercrime communities: 1) profitability, 2) connectivity, 3) and sustainability. It identifies qualitative and quantitative metrics for these properties as well as discusses the relative effectiveness of distinct operationalization of these metrics under different levels of data granularity. The goal is to develop metrics that provide meaning indicators even when data is limited. for example, if public posts are available but not private messages between individual cybercriminals. The analysis targets five underground forums: AntiChat, BadHacke, BlackhatWorld, Carders, and L33tCrew. Finally, the project combines linguistic techniques, e.g. topic modeling, social network analysis, and analysis to provide a repeatable, verifiable, and systematic framework that enables a scientific exploration of these forums and the impact of distinct interventions at mitigating underground forums. This project assumes that cybercrime is made economically feasible by collaboration between criminals with specialized skills, as facilitated by underground forums. Thus, it argues to change the fundamental focus of anti-cybercrime efforts from making individual incidence of cybercrime unprofitable to making cybercrime communities unsustainable. The findings inform defender efforts, both for academic researchers as well as practitioners. The project builds a scientific framework to evaluate the effectiveness of such interventions. This framework is being used to develop tools for law enforcement as well as pedagogical material to educate students in cyber-security.
EAGER: Cybercrime Science