Recent years have witnessed a dramatic change in the goals and modus operandi of malicious hackers. In particular, hackers realized the potential monetary gains associated with Internet fraud. As a result, there has been an integration of sophisticated computer attacks with well-established fraud mechanisms devised by organized crime. This process has created a vibrant underground economy. Recent research has mostly focused on the visible aspects of the underground economy, such as botnets, spam, and phishing. However, little has been done to understand this economy as a whole and to analyze and model its characteristics. What is needed is a holistic approach to the study and analysis of the underground economy that includes all aspects of the criminal process. In this project, novel techniques and tools are developed that help to analyze the underground economy and obtain a comprehensive picture of the complete criminal process. More precisely, the underground economy is analyzed and modeled from two different vantage points: First, the analysis identifies the actors participating the underground economy and models their different roles. Second, the analysis examines the infrastructure that is used by criminals to carry out their operations. The results of this project are techniques and tools to gather information about the infrastructure of the underground economy and the involved actors. The broader impact is a reduction in the amount and severity of crime performed in the Internet. Moreover, the results of this project support the task of cyber crime law enforcement in their fight against the underground economy.
CT-M: Understanding the Underground Economy