Biblio

Large volumes of private data are gathered, processed, and stored on computers by governments, the military, organizations, financial institutions, colleges, and other enterprises. This data is then sent through networks to other computers. Urgent measures are required to safeguard sensitive personal and company data as well as national security due to the exponential development in number and complexity of cyber- attacks. The essay discusses the characteristics of the Internet and demonstrates how private and financial data can be transmitted over it while still being safeguarded. We show that robbery has spread throughout India and the rest of the world, endangering the global economy and security and giving rise to a variety of cyber-attacks.

Ransomware groups represent a significant cyber threat to Western states. Most high-end ransomware actors reside in territorial safe-haven jurisdictions and prove to be resistant to traditional law enforcement activities. This has prompted public sector and cybersecurity industry leaders to perceive ransomware as a national security threat requiring a whole-of-government approach, including cyber operations. In this paper, we investigate whether cyber operations or the threat of cyber operations influence the ransomware ecosystem. Subsequently, we assess the vectors of influence and characteristics of past operations that have disrupted the ecosystem. We describe the specifics of the ransomware-as-a-service system and provide three case studies (DarkSide/BlackMatter, REvil, Conti) highly representative of the current ecosystem and the effect cyber operations have on it. Additionally, we present initial observations about the influence of cyber operations on the system, including best practices from cyber operations against non-state groups. We conclude that even professional, highly skilled, and top-performing ransomware groups can be disrupted through cyber operations. In fact, cyber operations can even bypass some limits imposed on law enforcement operations. Even when ransomware groups rebrand or resurface after a hiatus, we suggest their infrastructure (both technical, human, and reputational) will still suffer mid-to long-term disruption. Although cyber operations are unlikely to be a silver bullet, they are an essential tool in the whole-of-government and multinational efforts and may even grow in importance in the next several years.1‘Releasing the hounds’ is a term for offensive cyber operations aimed at disrupting global ransomware gangs, especially those conducted by militaries or intelligence agencies. First use is found in Patrick Gray and Adam Boileau, ‘Feature Podcast: Releasing the Hounds with Bobby Chesney’, Risky Business, 28 May 2020, https://risky.biz/HF6/.

With the growth of mobile computing techniques, mobile gambling scams have seen a rampant increase in the recent past. In mobile gambling scams, miscreants deliver scamming messages via mobile instant messaging, host scam gambling platforms on mobile apps, and adopt mobile payment channels. To date, there is little quantitative knowledge about how this trending cybercrime operates, despite causing daily fraud losses estimated at more than \$\$\$522,262 USD. This paper presents the first empirical study based on ground-truth data of mobile gambling scams, associated with 1,461 scam incident reports and 1,487 gambling scam apps, spanning from January 1, 2020 to December 31, 2020. The qualitative and quantitative analysis of this ground-truth data allows us to characterize the operational pipeline and full fraud kill chain of mobile gambling scams. In particular, we study the social engineering tricks used by scammers and reveal their effectiveness. Our work provides a systematic analysis of 1,068 confirmed Android and 419 iOS scam apps, including their development frameworks, declared permissions, compatibility, and backend network infrastructure. Perhaps surprisingly, our study unveils that public online app generators have been abused to develop gambling scam apps. Our analysis reveals several payment channels (ab)used by gambling scam app and uncovers a new type of money mule-based payment channel with the average daily gambling deposit of \$\$\$400,000 USD. Our findings enable a better understanding of the mobile gambling scam ecosystem, and suggest potential avenues to disrupt these scam activities.

With the widespread adoption of Internet of Things (IoT) applications around the world, security related problems become a challenge since the number of cybercrimes that must be identified and investigated increased dramatically. The volume of data generated and handled is immense due to the increased number of IoT applications around the world. As a result, when a cybercrime happens, the volume of digital data needs to be dealt with is massive. Consequently, more effort and time are needed to handle the security issues. As a result, in digital forensics, the analysis phase is an important and challenging phase. This paper proposes a generic proactive model for the cybercrime analysis process in the Internet of Things. The model is focused on the classification of evidences in advance based on its significance and relation to past crimes, as well as the severity of the evidence in terms of the probability occurrence of a cybercrime. This model is supposed to save time and effort during the automated forensic investigation process.

Technological progress has changed our world beyond recognition. However, along with the incredible benefits and conveniences we have received new dangers and risks. Mankind is increasingly becoming hostage to information technology and cyber world. Recently, cybercrime is one of the top 10 risks to sustainable development in the world. It poses serious new challenges to global security and economy. The aim of the article is to obtain an assessment of some of the financial effects of modern IT crimes based on an analysis of the main aspects of monetary costs and the hidden economic impact of cybercrime. A multifactor regression model has been proposed to determine the contribution of the cost of the main consequences of IT incidents: business disruption, information loss, revenue loss and equipment damage caused by different types of cyberattacks worldwide in 2019 to total cost of cyberattacks. Information loss has been found to have a major impact on the total cost of cyberattacks, reducing profits and incurring additional costs for businesses. It was built a canonical model for identifying the dependence of total submission to ID ransomware, total cost of cybercrime and the main indicators of economic development for the TOP-10 countries. There is a significant correlation between two sets of indicators, in particular, it is confirmed that most cyberattacks target countries - countries with a high level of development, and the consequences of IT crimes are more significant for low-income countries.

The rapid rise of the Dark Web and supportive technologies has served as the backbone facilitating online illegal activity worldwide. These illegal activities supported by anonymisation technologies such as Tor has made it increasingly elusive to law enforcement agencies. Despite several successful law enforcement operations, illegal activity on the Dark Web is still growing. There are approaches to monitor, mine, and research the Dark Web, all with varying degrees of success. Given the complexity and dynamics of the services offered, we recognize the need for in depth analysis of the Dark Web with regard to its infrastructures, actors, types of abuse and their relationships. This involves the challenging task of information extraction from the very heterogeneous collection of web pages that make up the Dark Web. Most providers develop their services on top of standard frameworks such as WordPress, Simple Machine Forum, phpBB and several other frameworks to deploy their services. As a result, these service providers publish significant number of pages based on similar structural and stylistic templates. We propose an efficient, scalable, repeatable and accurate approach to cluster Dark Web pages based on those structural and stylistic features. Extracting relevant information from those clusters should make it feasible to conduct in depth Dark Web analysis. This paper presents our clustering algorithm to accelerate information extraction, and as a result improve attribution of digital traces to infrastructures or individuals in the fight against cyber crime.

CyberIR@MIT is a dynamic, interactive ontology-based knowledge system focused on the evolving, diverse & complex interconnections of cyberspace & international relations.

Explorations in Cyber International Relations (ECIR) is a collaborative research program of Massachusetts Institute of Technology and Harvard University designed to create multi-disciplinary approaches to the emergence of cyberspace in international relations. The purpose is to support policy analysis by combining leading-edge methods in computer science and technology with international law and long-range political and economic inquiry. ECIR is based in MIT Department of Political Science, with participation from Computer Science and Artificial Intelligence Laboratory (CSAIL) and Sloan School of Management. At Harvard, ECIR is based in the Kennedy School Belfer Center for Science and International Affairs, with participation of Berkman Klein Center for Internet & Society at Harvard Law School.

Abstract In international relations, the traditional approaches to theory and research, practice, and policy were derived from experiences in the 19th and 20th centuries. But cyberspace, shaped by human ingenuity, is a venue for social interaction, an environment for social communication, and an enabler of new mechanisms for power and leverage. Cyberspace creates new condition — problems and opportunities — for which there are no clear precedents in human history. Already we recognize new patterns of conflict and contention, and concepts such as cyberwar, cybersecurity, and cyberattack are in circulation, buttressed by considerable evidence of cyber espionage and cybercrime. The research problem is this: distinct features of cyberspace — such as time, scope, space, permeation, ubiquity, participation and attribution — challenge traditional modes of inquiry in international relations and limit their utility. The interdisciplinary MIT-Harvard ECIR research project explores various facets of cyber international relations, including its implications for power and politics, conflict and war. Our primary mission and principal goal is to increase the capacity of the nation to address the policy challenges of the cyber domain. Our research is intended to influence today’s policy makers with the best thinking about issues and opportunities, and to train tomorrow’s policy makers to be effective in understanding choice and consequence in cyber matters. Accordingly, the ECIR vision is to create an integrated knowledge domain of international relations in the cyber age, that is (a) multidisciplinary, theory-driven, technically and empirically; (b) clarifies threats and opportunities in cyberspace for national security, welfare, and influence;(c) provides analytical tools for understanding and managing transformation and change; and (d) attracts and educates generations of researchers, scholars, and analysts for international relations in the new cyber age.

The present-day world has become all dependent on cyberspace for every aspect of daily living. The use of cyberspace is rising with each passing day. The world is spending more time on the Internet than ever before. As a result, the risks of cyber threats and cybercrimes are increasing. The term `cyber threat' is referred to as the illegal activity performed using the Internet. Cybercriminals are changing their techniques with time to pass through the wall of protection. Conventional techniques are not capable of detecting zero-day attacks and sophisticated attacks. Thus far, heaps of machine learning techniques have been developed to detect the cybercrimes and battle against cyber threats. The objective of this research work is to present the evaluation of some of the widely used machine learning techniques used to detect some of the most threatening cyber threats to the cyberspace. Three primary machine learning techniques are mainly investigated, including deep belief network, decision tree and support vector machine. We have presented a brief exploration to gauge the performance of these machine learning techniques in the spam detection, intrusion detection and malware detection based on frequently used and benchmark datasets.

Cybersecurity is a major issue today. It is predicted that cybercrime will cost the world \$6 trillion annually by 2021. It is important to make logins secure as well as to make advances in security in order to catch cybercriminals. This paper will design and create a device that will use Fuzzy logic to identify a person by the rhythm and frequency of their typing. The device will take data from a user from a normal password entry session. This data will be used to make a Fuzzy system that will be able to identify the user by their typing speed. An application of this project could be used to make a more secure log-in system for a user. The log-in system would not only check that the correct password was entered but also that the rhythm of how the password was typed matched the user. Another application of this system could be used to help catch cybercriminals. A cybercriminal may have a certain rhythm at which they type at and this could be used like a fingerprint to help officials locate cybercriminals.

With rising value and popularity of cryptocurrencies, they inevitably attract cybercriminals seeking illicit profits within blockchain ecosystem. Two of the most popular methods are ransomware and cryptojacking. Ransomware, being the first and more obvious threat has been extensively studied in the past. Unlike that, scientists have often neglected cryptojacking, because it’s less obvious and less harmful than ransomware. In this paper, we’d like to propose enhanced detection program to combat cryptojacking, additionally briefly touching history of cryptojacking, also known as malicious mining and reviewing most notable previous attempts to detect and combat cryptojacking. The review would include out previous work on malicious mining detection and our current detection program is based on its previous iteration, which mostly used CPU usage heuristics to detect cryptojacking. However, we will include additional metrics for malicious mining detection, such as network usage and calls to cryptographic libraries, which result in a 93% detection rate against the selected number of cryptojacking samples, compared to 81% rate achieved in previous work. Finally, we’ll discuss generalization of proposed detection technique to include GPU cryptojackers.

With rise of cryptocurrency popularity and value, more and more cybercriminals seek to profit using that new technology. Most common ways to obtain illegitimate profit using cryptocurrencies are ransomware and cryptojacking also known as malicious mining. And while ransomware is well-known and well-studied threat which is obvious by design, cryptojacking is often neglected because it's less harmful and much harder to detect. This article considers question of cryptojacking detection. Brief history and definition of cryptojacking are described as well as reasons for designing custom detection technique. We also propose complex detection technique based on CPU load by an application, which can be applied to both browser-based and executable-type cryptojacking samples. Prototype detection program based on our technique was designed using decision tree algorithm. The program was tested in a controlled virtual machine environment and achieved 82% success rate against selected number of cryptojacking samples. Finally, we'll discuss generalization of proposed technique for future work.

Cybercrime is growing dramatically in the technological world nowadays. World Wide Web criminals exploit the personal information of internet users and use them to their advantage. Unethical users leverage the dark web to buy and sell illegal products or services and sometimes they manage to gain access to classified government information. A number of illegal activities that can be found in the dark web include selling or buying hacking tools, stolen data, digital fraud, terrorists activities, drugs, weapons, and more. The aim of this project is to collect evidence of any malicious activity in the dark web by using computer security mechanisms as traps called honeypots.

In the context of the rapid technological progress, the cyber-threats become a serious challenge that requires immediate and continuous action. As cybercrime poses a permanent and increasing threat, governments, corporate and individual users of the cyber-space are constantly struggling to ensure an acceptable level of security over their assets. Maliciousness on the cyber-space spans identity theft, fraud, and system intrusions. This is due to the benefits of cyberspace-low entry barriers, user anonymity, and spatial and temporal separation between users, make it a fertile field for deception and fraud. Numerous, supervised and unsupervised, techniques have been proposed and used to identify fraudulent transactions and activities that deviate from regular patterns of behaviour. For instance, neural networks and genetic algorithms were used to detect credit card fraud in a dataset covering 13 months and 50 million credit card transactions. Unsupervised methods, such as clustering analysis, have been used to identify financial fraud or to filter fake online product reviews and ratings on e-commerce websites. Blockchain technology has demonstrated its feasibility and relevance in e-commerce. Its use is now being extended to new areas, related to electronic government. The technology appears to be the most appropriate in areas that require storage and processing of large amounts of protected data. The question is what can blockchain technology do and not do to fight malicious online activity?

Identifying cyberattack vectors on cyber supply chains (CSC) in the event of cyberattacks are very important in mitigating cybercrimes effectively on Cyber Physical Systems CPS. However, in the cyber security domain, the invincibility nature of cybercrimes makes it difficult and challenging to predict the threat probability and impact of cyber attacks. Although cybercrime phenomenon, risks, and treats contain a lot of unpredictability's, uncertainties and fuzziness, cyberattack detection should be practical, methodical and reasonable to be implemented. We explore Bayesian Belief Networks (BBN) as knowledge representation in artificial intelligence to be able to be formally applied probabilistic inference in the cyber security domain. The aim of this paper is to use Bayesian Belief Networks to detect cyberattacks on CSC in the CPS domain. We model cyberattacks using DAG method to determine the attack propagation. Further, we use a smart grid case study to demonstrate the applicability of attack and the cascading effects. The results show that BBN could be adapted to determine uncertainties in the event of cyberattacks in the CSC domain.

This paper presents the results of a qualitative study on discussions about two major law enforcement interventions against Dark Net Market (DNM) users extracted from relevant Reddit forums. We assess the impact of Operation Hyperion and Operation Bayonet (combined with the closure of the site Hansa) by analyzing posts and comments made by users of two Reddit forums created for the discussion of Dark Net Markets. The operations are compared in terms of the size of the discussions, the consequences recorded, and the opinions shared by forum users. We find that Operation Bayonet generated a higher number of discussions on Reddit, and from the qualitative analysis of such discussions it appears that this operation also had a greater impact on the DNM ecosystem.

The fundamental aim of digital forensics is to discover, investigate and protect an evidence, increasing cybercrime enforces digital forensics team to have more accurate evidence handling. This makes digital evidence as an important factor to link individual with criminal activity. In this procedure of forensics investigation, maintaining integrity of the evidence plays an important role. A chain of custody refers to a process of recording and preserving details of digital evidence from collection to presenting in court of law. It becomes a necessary objective to ensure that the evidence provided to the court remains original and authentic without tampering. Aim is to transfer these digital evidences securely using encryption techniques.

Cybercrime has been regarded understandably as a consequent compromise that follows the advent and perceived success of the computer and internet technologies. Equally effecting the privacy, trust, finance and welfare of the wealthy and low-income individuals and organizations, this menace has shown no indication of slowing down. Reports across the world have consistently shown exponential increase in the numbers and costs of cyber-incidents, and more worriedly low conviction rates of cybercriminals, over the years. Stakeholders increasingly explore ways to keep up with containing cyber-incidents by devising tools and techniques to increase the overall efficiency of investigations, but the gap keeps getting wider. However, criminal profiling - an investigative technique that has been proven to provide accurate and valuable directions to traditional crime investigations - has not seen a widespread application, including a formal methodology, to cybercrime investigations due to difficulties in its seamless transference. This paper, in a bid to address this problem, seeks to preliminarily identify the exact benefits criminal profiling has brought to successful traditional crime investigations and the benefits it can translate to cybercrime investigations, identify the challenges posed by the cyber-scene to its implementation in cybercrime investigations, and proffer a practicable solution.

This paper explores the process of collective crisis problem-solving in the darkweb. We conducted a preliminary study on one of the Tor-based darkweb forums, during the shutdown of two marketplaces. Content analysis suggests that distrust permeated the forum during the marketplace shutdowns. We analyzed the debates concerned with suspicious claims and conspiracies. The results suggest that a black-market crisis potentially offers an opportunity for cyber-intelligence to disrupt the darkweb by engendering internal conflicts. At the same time, the study also shows that darkweb members were adept at reaching collective solutions by sharing new market information, more secure technologies, and alternative routes for economic activities.

Bitcoin, a peer-to-peer payment system and digital currency, is often involved in illicit activities such as scamming, ransomware attacks, illegal goods trading, and thievery. At the time of writing, the Bitcoin ecosystem has not yet been mapped and as such there is no estimate of the share of illicit activities. This paper provides the first estimation of the portion of cyber-criminal entities in the Bitcoin ecosystem. Our dataset consists of 854 observations categorised into 12 classes (out of which 5 are cybercrime-related) and a total of 100,000 uncategorised observations. The dataset was obtained from the data provider who applied three types of clustering of Bitcoin transactions to categorise entities: co-spend, intelligence-based, and behaviour-based. Thirteen supervised learning classifiers were then tested, of which four prevailed with a cross-validation accuracy of 77.38%, 76.47%, 78.46%, 80.76% respectively. From the top four classifiers, Bagging and Gradient Boosting classifiers were selected based on their weighted average and per class precision on the cybercrime-related categories. Both models were used to classify 100,000 uncategorised entities, showing that the share of cybercrime-related is 29.81% according to Bagging, and 10.95% according to Gradient Boosting with number of entities as the metric. With regard to the number of addresses and current coins held by this type of entities, the results are: 5.79% and 10.02% according to Bagging; and 3.16% and 1.45% according to Gradient Boosting.

Bitcoin, a decentralized cryptographic currency that has experienced proliferating popularity over the past few years, is the common denominator in a wide variety of cybercrime. We perform a measurement analysis of CryptoLocker, a family of ransomware that encrypts a victim's files until a ransom is paid, within the Bitcoin ecosystem from September 5, 2013 through January 31, 2014. Using information collected from online fora, such as reddit and BitcoinTalk, as an initial starting point, we generate a cluster of 968 Bitcoin addresses belonging to CryptoLocker. We provide a lower bound for CryptoLocker's economy in Bitcoin and identify 795 ransom payments totalling 1,128.40 BTC (\$310,472.38), but show that the proceeds could have been worth upwards of \$1.1 million at peak valuation. By analyzing ransom payment timestamps both longitudinally across CryptoLocker's operating period and transversely across times of day, we detect changes in distributions and form conjectures on CryptoLocker that corroborate information from previous efforts. Additionally, we construct a network topology to detail CryptoLocker's financial infrastructure and obtain auxiliary information on the CryptoLocker operation. Most notably, we find evidence that suggests connections to popular Bitcoin services, such as Bitcoin Fog and BTC-e, and subtle links to other cybercrimes surrounding Bitcoin, such as the Sheep Marketplace scam of 2013. We use our study to underscore the value of measurement analyses and threat intelligence in understanding the erratic cybercrime landscape.

This study focuses on the spatial context of hacking to networks of Honey-pots. We investigate the relationship between topological positions and geographic positions of victimized computers and system trespassers. We've deployed research Honeypots on the computer networks of two academic institutions, collected information on successful brute force attacks (BFA) and system trespassing events (sessions), and used Social Network Analysis (SNA) techniques, to depict and understand the correlation between spatial attributes (IP addresses) and hacking networks' topology. We mapped and explored hacking patterns and found that geography might set the behavior of the attackers as well as the topology of hacking networks. The contribution of this study stems from the fact that there are no prior studies of geographical influences on the topology of hacking networks and from the unique usage of SNA to investigate hacking activities. Looking ahead, our study can assist policymakers in forming effective policies in the field of cybercrime.

This paper argues the need for considering mitigating circumstances in cybercrime. Mitigating circumstances are conditions which moderate the culpability of an offender of a committed offence. Our argument is based on several observations. The cyberspace introduces a new family of communication and interaction styles and designs which could facilitate, make available, deceive, and in some cases persuade, a user to commit an offence. User's lack of awareness could be a valid mitigation when using software features introduced without a proper management of change and enough precautionary mechanisms, e.g. warning messages. The cyber behaviour of users may not be necessarily a reflection of their real character and intention. Their irrational and unconscious actions may result from their immersed and prolonged presence in a particular cyber context. Hence, the consideration of the cyberspace design, the "cyber psychological" status of an offender and their inter-relation could form a new family of mitigating circumstances inherent and unique to cybercrime. This paper elaborates on this initial argument from different perspectives including software engineering, cyber psychology, digital forensics, social responsibility and law.

The internet has had a major impact on how information is shared within supply chains, and in commerce in general. This has resulted in the establishment of information systems such as e-supply chains amongst others which integrate the internet and other information and communications technology (ICT) with traditional business processes for the swift transmission of information between trading partners. Many organisations have reaped the benefits of adopting the eSC model, but have also faced the challenges with which it comes. One such major challenge is information security. Digital forensic readiness is a relatively new exciting field which can prepare and prevent incidents from occurring within an eSC environment if implemented strategically. With the current state of cybercrime, tool developers are challenged with the task of developing cutting edge digital forensic readiness tools that can keep up with the current technological advancements, such as (eSCs), in the business world. Therefore, the problem addressed in this paper is that there are no DFR tools that are designed to support eSCs specifically. There are some general-purpose monitoring tools that have forensic readiness functionality, but currently there are no tools specifically designed to serve the eSC environment. Therefore, this paper discusses the limitations of current digital forensic readiness tools for the eSC environment and an architectural design for next-generation eSC DFR systems is proposed, along with the system requirements that such systems must satisfy. It is the view of the authors that the conclusions drawn from this paper can spearhead the development of cutting-edge next-generation digital forensic readiness tools, and bring attention to some of the shortcomings of current tools.