scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Deviating From the Cybercriminal Script: Exploring Tools of Anonymity (Mis)Used by Carders on Cryptomarkets:

Gert Jan van Hardeveld1, Craig Webber1, Kieron O'Hara1
University of Southampton1
09 Oct 2017-American Behavioral Scientist (SAGE PublicationsSage CA: Los Angeles, CA)-Vol. 61, Iss: 11, pp 1244-1266
TL;DR: It is concluded that finding pitfalls in the usage of tools by cybercriminals has the potential to increase the efficiency of disruption, interception, and prevention approaches.
Abstract: This work presents an overview of some of the tools that cybercriminals employ to trade securely. It will look at the weaknesses of these tools and how the behavior of cybercriminals will sometimes...

Summary (3 min read)

Jump to: [Introduction][Method][Proxy--based services Virtual machines][SOCKS][DNS leaks][Financial services Bitcoin and mixing services][Typology of potential pitfalls for carders][Result--focussed][Trusting the wrong people] and [Vulnerabilities in tools]

Introduction

  • Online marketplaces on which stolen credit card details are sold have been around since the early 2000s.
  • Hidden services are more resilient against traffic analysis and thus harder to penetrate than the regular web.

Method

  • The authors deconstructed carding to identify some of the common processes users of an underground marketplace go through to obtain and cash--out stolen payment cards.
  • While the tutorials will not be generalisable to account for all kinds of behaviour by carders, this sample is relevant to analyse, as the tutorials were accessible for carders for free.
  • They will therefore have played a part in the learning process of at least some of them, representing a form of social learning and initiation into the carding subculture (Holt, 2006) .
  • Within these categories the following tools that were mentioned in tutorials will be discussed: virtual machines, VPNs, SOCKS proxies, Tor, RDP, MAC address changers, DNS, Bitcoin and drops.
  • The authors will look at what the technological pitfalls of these tools are from the perspective of carders and how the misuse of the tools can lead to opportunities for the investigatory process for law enforcement.

Proxy--based services Virtual machines

  • VM software allows users to create multiple isolated virtual computers that run within a single physical computer.
  • Online criminals can thus commit their crimes on a virtual machine while deleting evidence on their physical computer.
  • Dykstra & Sherman (2011) identified the acquisition of data as one of the main issues of cloud forensics.
  • TrueCrypt is on--the--fly encryption software, which means that only the data needed by the user is accessible and that all data is encrypted from the onset (Balogun & Zhu, 2013) .
  • After simple proxies, VPNs are, together with Tor, the technologies most used by cybercriminals to achieve anonymisation (Europol, 2016) .

SOCKS

  • According to one tutorial, SOCKS proxies are often not publicly listed or well--known and will thus not be widely blacklisted by merchants and detected by fraud detection systems.
  • SOCKS proxies often run on the machines of users without their knowledge when they are part of a botnet.
  • They are used by carders to access someone else's computer and to thus make it seem as if the carding-related activity is being done from that computer.
  • Remote desktop connections to hacked computers are also offered on underground marketplaces.
  • The hacked computer's IP addresses used by online criminals were later leaked (Kaspersky Lab, 2016b) .

DNS leaks

  • ISPs will provide a DNS server for customers to use, and these servers will commonly log addresses which users have looked up.
  • If a user finds out that not all of the traffic goes through the proxy, he/she might obtain another proxy and do a DNS leak test again, until all traffic routes through the proxy.
  • Since MAC addresses are only visible to devices in the same network, they are of little use or relevance in the online world.
  • Tor uses onion routing, which is an anonymity technology that fragments the links between client and server in various steps by sending a message through various random relays.
  • Lewman (2016) has argued that a hidden service is just a single machine connected to the Internet and that there will thus still be opportunities for investigative and technical approaches to deanonymise traffic and users.

Financial services Bitcoin and mixing services

  • The cryptocurrency Bitcoin is mentioned in five tutorials.
  • A wallet file can hold the private keys for many different addresses.
  • Because of the public nature of the blockchain, many researchers and commercial entities have explored possibilities of tracing bitcoins across users.
  • Also for converting bitcoins back to traditional currencies, exchanges are used.
  • The drug trade on Tor is even more dependent on drop addresses and the postal system than carding, as it cannot be done purely digitally.

Typology of potential pitfalls for carders

  • From their analysis it can be concluded that there are various overlapping pitfalls in carders' usage of tools, which could lead back to their real identities.
  • Therefore, below, the authors list the pitfalls identified from the analysed tools.
  • The pitfalls carders can be prone to can be put into two categories: behavioural and technical.
  • Behavioural pitfalls make up the majority of potential mistakes by carders that have been identified in the literature.
  • These have been subdivided in result-focussed; overconfidence, laziness and forgetfulness; trusting the wrong tool providers; trusting the wrong people; transcending online--offline boundaries and inadequate obfuscation.

Result--focussed

  • Being too result--focussed has been identified as a behavioural pitfall, because carders may employ fewer security measures when they want to obtain a quick profit.
  • PGP has not been mentioned in any tutorials, but its usage can also be ascribed to this potential pitfall.
  • When marketplaces are seized by law enforcement agencies, however, they will often have access to all the public and private messages, which could reveal identifying information about users, should they fail to encrypt their messages.
  • In the case of overconfidence, laziness and forgetfulness the carder will be aware of various available tools to stay secure, but not use them all.
  • Trusting the wrong tool providers Proxy--based tools are based on technical mechanisms that strengthen the privacy of a user.

Trusting the wrong people

  • A potential behavioural pitfall for miscreants is that they trust the wrong people, send them personal information and do business with them.
  • Also, money or packet 'mules' may know the real identity of buyers and sellers and could give up this information to law enforcement.
  • A lack of legitimate source of income could be seen as an indicative sign for money laundering, after which specialised units may start an investigation into the funds.
  • Not using the right, or enough, tools to make sure the path from illegal activity to the individual user is obfuscated is a behavioural pitfall that can lead to the apprehension of carders.
  • Furthermore, 'know--your-customer' regulations demand cryptocurrency exchanges to verify the identities of customers (UK Government Office for Science, 2016).

Vulnerabilities in tools

  • While it may seem that such technological pitfalls cannot be avoided by criminal actors, this is not always the case.
  • In the case of the previously discussed example of the JavaScript vulnerability in the Tor browser used to identify some users of hidden services, only the users that enabled JavaScript in the browser were identified.
  • This is also the case for the usage of discontinued software, as developers will not continue to patch vulnerabilities anymore and its usage is thus a potential pitfall.

Did you find this useful? Give us your feedback

Content maybe subject to copyright    Report

!"
!"#$%&$'()*+,-)&.")/01"+/+$-$'%2)3/+$4&5)6742,+$'()&,,23),*)%','0-$&0)
8-$39:3";)10)/%+;"+3),')/+04&,-%+<"&3"
"
=:&.,+3)
#$%&"'()"*()"+(%,$*$-,."/%(01"2$33$%)4)50$%6)"78+(%()
"
=13&+%/&"
9:0;"<6%=">%$;$)&;"()"6*$%*0$<"6?";6@$"6?"&:$"&66-;"&:(&"AB3$%A%0@0)(-;"$@>-6B"
0)"6%,$%"&6"&%(,$";$AC%$-BD"E&"<0--"-66="(&"&:$"<$(=)$;;$;"6?"&:$;$"&66-;"(),":6< "
&:$"3$:(*06C%"6?"AB3$%A%0@0)(-;"<0--";6@$&0@$;"-$(,"&:$@"&6"C;$"&66-;"0)"(")6)F
6>&0@(-"@())$%."A%$(&0)1"6>>6%&C)0&0$;"?6%"-(<"$)?6%A$@$)&"&6"0,$)&0?B"(),"
(>>%$:$),"&:$@D"9:$"A%0@0)(-",6@(0)"&:0;"(%&0A-$"?6AC;$;"6)"0;"A(%,0)1."&:$"
6)-0)$"&%(,$"0)";&6-$)">(B@$)&"A(%,",$&(0-;"(),"&:$"A6);$GC$)&"A%0@0)(-"@0;C;$"
6?";CA:",(&(D"+6<$*$%."&:$;$"?0),0)1;"A6C-,"3$"(>>-0$,"@6%$"3%6(,-B."(;"@()B"6?"
&:$"()(-B;$,"&66-;"(%$"C;$,"(A%6;;"HAB3$%IA%0@0)(-",6@(0);D"9:0;">(>$%"0;"("
A6)&0)C(&06)"6?"$(%-0$%"<6%="H*()"+(%,$*$-,."2$33$%"4"78+(%(."JK!LI."0)"<:0A:"("
A%0@$";A%0>&"()(-B;0;"6?"JM"A(%,0)1"&C&6%0(-;">%$;$)&$,"&:$"&66-;"&:(&"
AB3$%A%0@0)(-;"C;$"&6"A(;:F6C&";&6-$)">(B@$)&"A(%,",$&(0-;"<:0-$"%$@(0)0)1"
()6)B@6C;D"2$"C;$"&:$;$"&C&6%0(-;"(),"()"()(-B;0;"6?"&:$"-0&$%(&C%$"&6"0,$)&0?B"
:6<"&:$B"A()"3$"C;$,"0)A6%%$A&-B"(),"A%$(&$"("&B>6-61B"6?">6&$)&0(-"3$:(*06C%(-"
(),"&$A:)6-610A(-">0&?(--;"0)"&:$;$"&66-;D"N0)(--B."<$"A6)A-C,$"&:(&"?0),0)1">0&?(--;"
0)"&:$"C;(1$"6?"&66-;"3B"AB3$%A%0@0)(-;":(;"&:$">6&$)&0(-"&6"0)A%$(;$"&:$"$??0A0$)AB"
6?",0;%C>&06)."0)&$%A$>&06)"(),">%$*$)&06)"(>>%6(A:$;D"+6<$*$%."0)"?C&C%$"<6%=."
0)&$%*0$<;"<0&:"-(<"$)?6%A$@$)&"$O>$%&;"(),"A6)*0A&$,"AB3$%A%0@0)(-;"6%";&0--"
(A&0*$"C;$%;";:6C-,"3$"C;$,"&6"()(-B;$"&:$"6>$%(&06)(-";$AC%0&B"6?"AB3$%A%0@0)(-;"
0)"@6%$",$>&:D""
"
>'&+,;:/&$,'"
7)-0)$"@(%=$&>-(A$;"6)"<:0A:";&6-$)"A%$,0&"A(%,",$&(0-;"(%$";6-,":(*$"3$$)"
(%6C),";0)A$"&:$"$(%-B"JKKK;D"P6@$"6?"&:$"?0%;&"QA(%,0)18"?6%C@;"<$%$"
/(%,$%R-()$&"(),"P:(,6</%$<."36&:"6?"<:0A:" <$%$";:C&",6<)"0)"JKKS"H#-$))B."
JK!!ID"9:$";:C&&0)1",6<)"6?"&:$;$"(),"6&:$%"?6%C@;":(;":(,"&:$"$??$A&"6?"@(=0)1"
A(%,$%;"@6%$"A6);A06C;"6?"&:$0%">$%;6)(-"Q6>$%(&06)(-";$AC%0&B8">%(A&0A$;."
$)A6C%(10)1"&:$@."?6%"$O(@>-$."&6"@6*$"?%6@"C;0)1"TRU";$%*0A$;"&6"&:$"@6%$"
;$AC%$"96%")$&<6%="<:$)"3%6<;0)1"A(%,0)1"?6%C@;"H9:6@(;"$&"(-D."JK!MID"9:$"
%$1C-(%"2$3"0;";&0--"C;$,"?6%":6;&0)1"A(%,0)1"?6%C@;"(),"@(%=$&>-(A$;D"+6<$*$%."
A(%,$%;":(*$"3$$)"C;0)1"&:$"96%")$&<6%="$*$%";0)A$"&:$"%0;$"6?"P0-="V6(,"0)"JK!!."
&:$"?0%;&"A%B>&6AC%%$)ABF?C$-$,"0--0A0&"@(%=$&>-(A$"&:(&"%()"6)"&:$"96%")$&<6%="(;"
(":0,,$)";$%*0A$D"PCA:"QA%B>&6@(%=$&;8"6)"&:$"96%")$&<6%="A()"3$"%$A61)0;$,"3B"
&:$"D6)06)";C??0O"(),"(%$"6)-B"(AA$;;03-$"&:%6C1:"&:$"96%")$&<6%=."<:0A:"6??$%;"
@6%$"()6)B@0&B"&:()"%$1C-(%"<$3;0&$;D"+0,,$)";$%*0A$;"(%$"@6%$"%$;0-0$)&"
(1(0);&"&%(??0A"()(-B;0;"(),"&:C;":(%,$%"&6">$)$&%(&$"&:()"&:$"%$1C-(%"<$3D
9(=$,6<);"6?"6)-0)$"C),$%1%6C),"?6%C@;"(),"A%B>&6@(%=$&;"(%$"6?&$)",$$@$,"
()"$??$A&0*$"A6C)&$%@$(;C%$"3B"-(<"$)?6%A$@$)&"(),"%$;$(%A:$%;"HW?0-0>6(0$"4"
P:6%&0;."JK!MX"Y0>."2$33$%"4"P:(,36-&."JK!ZX"[6&6B(@("$&"(-D."JK!!I."3C&"0&":(;"
(-;6"3$$)"(%1C$,"&6"3$"()"0)$??0A0$)&",$&$%%$)&"0)"&:$"-6)1"&$%@"10*$)"&:(&"0&":(;"
?(0-$,"&6"%$,CA$";(-$;"6%"@(%=$&;8"%$*$)C$"H\]A(%B"+]&C"4"#06@@6)0."JK!^X"
J"
_(,$1((%,."JK!^ID"P6;=("(),"/:%0;&0)"HJK!MI":(*$";:6<)"&:(&"&:$"$A6;B;&$@"
;&(B;"$GC(--B";&%6)1"(?&$%"&(=$,6<);"(),"A6)A-C,$"&:(&"A6@>-$O"(),"$O>$);0*$"
0)&$%)(&06)(-"-(<"$)?6%A$@$)&"6>$%(&06);"@(B")6&"3$"<6%&:"&:$"%$;6C%A$;"
0)*$;&$,"0)"&:$@D"9:$B"&:$%$?6%$"A(--"?6%"(-&$%)(&0*$";6-C&06);."<0&:"(";&%6)1$%"
?6AC;"6)">%$*$)&06)"6%"6)"(A&0*$"0)&$%*$)&06)D"+C&A:0)1;"(),"+6-& " HJK!^I"
;0@0-(%-B"?6C),"&:(&"&$);06);"$O0;&"(%6C),";CA:"&(=$,6<);."(%1C0)1"&:(&"&:$B"
?6AC;"&66"@CA:"6)":01:F*(-C$";@(--"*6-C@$"A%0@$;."3C&"01)6%$";@(--F*(-C$":01:F
*6-C@$"A%0@$;D"_(<"$)?6%A$@$)&"1$)$%(--B">%06%0&0;$;"(%%$;&0)1"@(`6%";$--$%;."
3C&"A(%,$%;"<:6."?6%"$O(@>-$.";$--"-6<"GC()&0&0$;"<0&:"*(%06C;">;$C,6)B@;"<0--"
3$"-$;;"-0=$-B"&6"3$"(>>%$:$),$,D"W)"$O(@>-$"6?":6<"A(%,$%;"&%B"&6"A(;:F6C&"
>(B@$)&"A(%,;"0;"3B"6%,$%0)1"A6@>C&$%;."-(>&6>;."&(3-$&;"6%"&$-$*0;06);"H*()"
+(%,$*$-,."2$33$%"4"78+(%(."JK!LID"7&:$%":01:"*(-C$"0&$@;"6?&$)"(AGC0%$,"3B"
A(%,$%;"(%$"(0%-0)$"&0A=$&;."A(%"%$)&(-;"(),":6&$-"(AA6@@6,(&06)"HaC%6>6-."JK!LID
"
WAA6%,0)1"&6"9:6@(;"$&"(-D"HJK!MI."%$;$(%A:$%;")$$,"&6"%$A6);0,$%"&:$"Q?0%$F
?01:&0)1"(>>%6(A:8"(),"0);&$(,"?6AC;"6)"&:$",$>$),$)A0$;"6?"&:$"$A6;B;&$@D"
+C&A:0)1;"(),"+6-&"HJK!^I">%6*0,$"("A6--(&06)"6?"AC%%$)&"0)&$%*$)&06)"(),"
,0;%C>&06)"@$&:6,;"6?";&6-$)",(&("@(%=$&;.",$@6);&%(&0)1";6@$"$-$@$)&;"6?"&:$"
$A6;B;&$@"&:(&"A6C-,"3$"(,,%$;;$,D"+6<$*$%."&:$B",6")6&"-66="(&"&:$"@6,C;"
6>$%(),0"6?"0),0*0,C(-"C;$%;"6?";CA:"@(%=$&;D"E)"6)-0)$"C),$%1%6C),"
A6@@C)0&0$;"&:0;"0;"=)6<)"(;"Q6>$%(&06)(-";$AC%0&B8"6%"Q6>;$A8."<:0A:"@$%0&;"
?C%&:$%"%$;$(%A:."(;"A(%,$%;"A()"$@>-6B"&:$;$";=0--;."$*$)"<:$)"(--"@(%=$&>-(A$;"
(%$"&(=$)",6<)D"/(%,$%;"A6C-,";&0--"3CB"A(%,",$&(0-;"(&",0??$%$)&">-(A$;"6)"&:$"
<$3.";CA:"(;"A(%,0)1";:6>;."EV/"A:())$-;"6%":(A=$%"?6%C@;"Hb$)`(@0)"$&"(-D."
JK!MID"T()"+(%,$*$-,."2$33$%"(),"78+(%("HJK!LI"?6C),"< :0A:" &66-;"(%$"6?&$)"
C;$,"3B"A(%,$%;"&6"63&(0)"(),"A(;:F6C&";&6-$)"A(%,",$&(0-;"3B"()(-B;0)1"JM"
&C&6%0(-;"?6AC;$,"6)"A(%,0)1."?6C),"6)"(":0,,$)";$%*0A$"6)"96%
!
D"9:0;">(>$%"0;"("
A6)&0)C(&06)"6?"&:(&"<6%=D"""
"
?1@"/&$#")
2$"<0--"A6)&0)C$"6C%">%$*06C;"()(-B;0;"6?"&:$"(,*0A$"10*$)"&6"A(%,$%;"0)"&C&6%0(-;"
(36C&"<:(&"&66-;"&6"C;$"&6">%6&$A&"&:$@;$-*$;"?%6@"$O>6;C%$"&6"-(<"$)?6%A$@$)&."
-66="?6%"&:$">0&?(--;"0)"&:$;$"&66-;"(),"(&":6<"A(%,$%;"@(B"C;$"&:$@"0)A6%%$A&-BD"
2$"<()&"&6"0,$)&0?B"<:$%$">0&?(--;"-0$"0)"&:$"&$A:)6-61B"(),"0)"&:$"3$:(*06C%"6?"
A(%,$%;D"bB",60)1"&:0;."<$"A%$(&$"("3$&&$%"0);01:&"0)&6"&:$"6>$%(&06)(-";$AC%0&B"6?"
6)-0)$"A%0@0)(-;D"9:0;"A()"-$(,"&6")$<"0);01:&;"?6%"(A(,$@0("(),":$->"-(<"
$)?6%A$@$)&"0)",$&$%@0)0)1":6<"&6"(>>%6(A:"0)*$;&01(&06);."(;"<$"<0--"$O>6;$"
>6&$)&0(-"<$(=)$;;$;"0)"&:$"6>$%(&06)(-";$AC%0&B"6?"C;$%;"6?"A%B>&6@(%=$&;D"
"
A"&.,;"
E)">%$*06C;"<6%="H*()"+(%,$*$-,."2$33$%"4"78+(%(."JK!LI."<$"C;$,"("A%0@$"
;A%0>&"()(-B;0;."<:0A:"0;"("@$&:6,"&:(&"(0@;"&6",$;A%03$"&:$">%6A$,C%(-"(;>$A&;"6?"
("A%0@$"H/6%)0;:."!ccSID"2$",$A6);&%CA&$,"A(%,0)1"&6"0,$)&0?B";6@$"6?"&:$"
A6@@6)">%6A$;;$;"C;$%;"6?"()"C),$%1%6C),"@(%=$&>-(A$"16"&:%6C1:"&6"63&(0)"
(),"A(;:F6C&";&6-$)">(B@$)&"A(%,;D"2$"-66=$,"(&"JM"&C&6%0(-;."?6C),"6)"("?6%C@"
A6))$A&$,"&6"("A%B>&6@(%=$&"6)"&:$"96%")$&<6%=."<:0A:"?6AC;$,"6)",0??$%$)&"
""""""""""""""""""""""""""""""""""""""""""""""""""""""""
!
"9:0;"@(%=$&>-(A$"<$)&"6??-0)$"0)"W>%0-"JK!LD""
Z"
(;>$A&;"6?"&:$"A(%,0)1">%6A$;;"&6"A%$(&$"&:$"@6;&"A6@@6)-B"(,*0;$,"Q6>&0@(-8"
%6C&$."(;"A()"3$";$$)"0)"?01C%$"ED""
"
"
N01C%$"E"(,6>&$,"?%6@"T()"+(%,$*$-,."2$33$%"4"78+(%(."JK!L"
"
9:$"&C&6%0(-;"<$%$">6;&$,"?6%"?%$$"3$&<$$)"JK!Z"(),"JK!MD"2$"6)-B"()(-B;$,"
?%$$"&C&6%0(-;."(;"3CB0)1"&C&6%0(-;"A6)&%03C & $;"&6"&:$"&:%0*0)1"6?"C),$%1%6C),"
@(%=$&>-(A$;."<:0A:"0;"$&:0A(--B"GC$;&06)(3-$D"9:$"&C&6%0(-;"?6AC;"6)",0??$%$)&"
?(A$&;"6?"A(%,0)1d"&$%@0)6-61B."3(;0A;."-(C),$%0)1.",$-0*$%0)1">%6,CA&;"(),"
6&:$%;D"E&"0;":(%,"&6",$&$%@0)$"<:$)"&:$B"<$%$"<%0&&$)."(;"&:$B"A6C-,":(*$"3$$)"
6??$%$,"3$?6%$D"7)$"6?"&:$"&C&6%0(-;"<(;."?6%"$O(@>-$."("-(<"$)?6%A$@$)&"(1$)AB8;"
0);01:&"0)&6"A(%,$%8;"@$&:6,;"?%6@"(%6C),"&:$"&0@$"6?"P:(,6</%$<"(),"
/(%,$%R-()$&"3$&<$$)"JKK!"(),"JKKSD"9:$"%$;&"6?"&:$"&C&6%0(-;"A6)&$)&"0;"@6%$"
%$A$)&."(;";6@$."?6%"$O(@>-$."?6AC;"6)"b0&A60)"-(C),$%0)1D"2:0-$"&:$"&C&6%0(-;"<0--"
)6&"3$"1$)$%(-0;(3-$"&6"(AA6C)&"?6%"(--"=0),;"6?"3$:(*06C%"3B"A(%,$%;."&:0;";(@>-$"
0;"%$-$*()&"&6"()(-B;$."(;"&:$"&C&6%0(-;"<$%$"(AA$;;03-$"?6%"A(%,$%;"?6%"?%$$D"9:$B"
<0--"&:$%$?6%$":(*$">-(B$,"(">(%&"0)"&:$"-$(%)0)1">%6A$;;"6?"(&"-$(;&";6@$"6?"&:$@."
%$>%$;$)&0)1"("?6%@"6?";6A0(-"-$(%)0)1"(),"0)0&0(&06)"0)&6"&:$"A(%,0)1";C3AC-&C%$"
H+6-&."JKKLID"E);01:&;"0)&6"&:$"6>$%(&06)(-";$AC%0&B"6?"A(%,$%;"A()"&:C;"3$"
63&(0)$,"?%6@"&:0;",(&(;$&D"
"
E)"&:0;">(>$%."<$"<0--"-66="(&";6@$"6?"&:$"@6;&"A6@@6)-B",0;AC;;$,"&66-;"
@$)&06)$,"0)"&:$;$"&C&6%0(-;."&:$"6)$;"&:(&":(*$"3$$)"@$)&06)$,"0)"&<6"6%"@6%$"
&C&6%0(-;D"2$"<0--"%$*0$<"&:$"-0&$%(&C%$"6)"&:$;$"&66-;"&6"()(-B;$"<:B"&:$B"(%$"
C;$,."<:(&"&:$0%"&$A:)0A(-">0&?(--;"(%$"(),":6<"A(%,$%;"A()"C;$"&:$@"0)A6%%$A&-BD"
9:$"&66-;"A()"3$"A(&$16%0;$,"(;"!"#$%&'()*+,)*"-./*)."0.1(1/.(2,)*"-./*)"(),"#002.1*D"
20&:0)"&:$;$"A(&$16%0$;"&:$"?6--6<0)1"&66-;"&:(&"<$%$"@$)&06)$,"0)"&C&6%0(-;"<0--"
3$",0;AC;;$,d"*0%&C(-"@(A:0)$;."TRU;."P7/5P">%6O0$;."96%."V\R."[W/"(,,%$;;"
A:()1$%;."\UP."b0&A60)"(),",%6>;D"R(B>(-"<(;"@$)&06)$,"0)";$*$%(-"&C&6%0(-;."3C&"
()"()(-B;0;"6?":6<"&:0;"0;"@0;C;$,"3B"A(%,$%;"A()"3$"?6C),"0)">%$*06C;"<6%="H*()"
+(%,$*$-,."2$33$%"4"78+(%(."JK!LID"N0)(--B."("&B>6-61B"6?";6@$"6?"&:$"
3$:(*06C%(-"(),"&$A:)6-610A(-">0&?(--;"0)"&66-;"C;$,"3B"A(%,$%;"<0--"3$"A%$(&$,."
S"
<:0A:"A()"3$"C;$,."(),"$-(36%(&$,"6)."3B"%$;$(%A:$%;"(),"-(<"$)?6%A$@$)&"
(1$)A0$;"&6"C),$%;&(),":6<"A(%,$%;"A()"3$">6&$)&0(--B"0,$)&0?0$,"0)"?C&C%$"
%$;$(%A:D"
"
N01C%$"EE"UC@3$%"6?"@$)&06);"6?"&66-;"0)"&C&6%0(-;"
"
W)"()(-B;0;"6?"&:$"-0&$%(&C%$"<0--";:6<":6<"(),"<:B"C;$%;"6?"0--0A0&"6)-0)$"
@(%=$&>-(A$;"C;$"&66-;"&6";&(B";$AC%$"<:0-$"@(=0)1">%6?0&;"?%6@";&6-$)"A(%,"
,$&(0-;D"9:$;$"&66-;"A()"(??$A&"&:$"0)*$;&01(&6%B">%6A$;;"?6%"-(<"$)?6%A$@$)&D"2$"
<0--"-66="(&"<:(&"&:$"&$A:)6-610A(-">0&?(--;"6?"&:$;$"&66-;"(%$"?%6@"&:$">$%;>$A&0*$"
6?"A(%,$%;"(),":6<"&:$"@0;C;$"6?"&:$"&66-;"A()"-$(,"&6"6>>6%&C)0&0$;"?6%"&:$"
0)*$;&01(&6%B">%6A$;;"?6%"-(<"$)?6%A$@$)&D"2$"(;;C@$"&:(&"A(%,$%;"<0--"&%B"&6"
;&(B"()6)B@6C;."<:0-$"-(<"$)?6%A$@$)&"<0--"&%B"&6",0;A6*$%"&:$"%$(-"0,$)&0&B"6?"
A(%,$%;
J
D"7C%"(0@"0;"&6"$O>-6%$"&:$">0&?(--;"0)"&:$"*(%06C;"&66-;"C;$,"3B"
AB3$%A%0@0)(-;D"
"
B+,70C1%3";)3"+#$/"3)"
D$+&:%2)-%/.$'"3"
E&"0;"%$A6@@$),$,"0)"&:%$$"6?"&:$"()(-B;$,"A(%,0)1"&C&6%0(-;"&6"C;$"("*0%&C(-"
@(A:0)$"HT[ID"T[";6?&<(%$"(--6<;"C;$%;"&6"A%$(&$"@C-&0>-$"0;6-(&$,"*0%&C(-"
A6@>C&$%;"&:(&"%C)"<0&:0)"(";0)1-$">:B;0A(-"A6@>C&$%D"T[;"A()"3$"%C)"(;">(%&"6?"
("A-6C,"$)*0%6)@$)&."<:0A:"-$(,;"&6"("<0,$"*(%0$&B"6?"0;;C$;"?6%"-(<"$)?6%A$@$)&"
0)"&:$0%"0)*$;&01(&06);"H+$(-$B."W)1$-6>6C-6C"4"a*();."JK!ZID"9:0;"@(=$;"&:$@"
(>>$(-0)1"?6%"A(%,$%;D"WAA6%,0)1"&6";6@$"6?"&:$"(C&:6%;"6?"&C&6%0(-;."A(%,$%;"
;:6C-,"<6%="6)"*0%&C(-"@(A:0)$;"&6":(*$"(";(?$"(),";$>(%(&$">-(A$"?%6@"&:$0%"
>$%;6)(-"A6@>C&0)1"0)"<:0A:"&:$B"A()",6"&:$0%"A(%,0)1"3C;0)$;;"0)"6%,$%"?6%"
&:$@"&6"3$"*$%B":(%,"&6"&%(A$"3B"-(<"$)?6%A$@$)&D"W-;6."3B"C;0)1"("*0%&C(-"
@(A:0)$"?6%"A(%,0)1"(),"&:$"Q)6%@(-8"A6@>C&$%"?6%"%$1C-(%"3%6<;0)1"(A&0*0&B."&:$"
A(%,$%"0;"-$;;"-0=$-B"&6"-$(*$"&%(A$;"6?"&:$0%"%$(-"0,$)&0&B"()B<:$%$"0)"("A(%,0)1"
$)*0%6)@$)&D"PCA:"3$:(*06C%"(-;6"@$();"&:(&"&:$"A:()A$"&:(&"&:$%$"0;"$*0,$)A$"
-$?&"3$:0),"6)"&:$">:B;0A(-"A6@>C&$%"0;"@0)0@(-D"7)-0)$"A%0@0)(-;"A()"&:C;"
A6@@0&"&:$0%"A%0@$;"6)"("*0%&C(-"@(A:0)$"<:0-$",$-$&0)1"$*0,$)A$"6)"&:$0%"
>:B;0A(-"A6@>C&$%D"96"0)*$;&01(&$";CA:"A%0@$;."?6%$);0A"0)*$;&01(&06)")$$,$,"&6"
(,6>&")$<"&$A:)0GC$;D"9:$;$"(%$"=)6<)"(;"A-6C,"?6%$);0A;"He(<6(,"4"+(;()."
JK!ZID"
"
""""""""""""""""""""""""""""""""""""""""""""""""""""""""
J
"W-&:6C1:"<$"(%$"(<(%$"&:(&"&:0;"0;")6&"(-<(B;"&:$"A(;$D""
M"
/-6C,"?6%$);0A;",$(-"<0&:",0??$%$)&"0;;C$;"&:()"& %(,0&06)(-",010&(-"?6%$);0A;D"
\B=;&%("4"P:$%@()"HJK!!I"0,$)&0?0$,"&:$"(AGC0;0&06)"6?",(&("(;"6)$"6?"&:$"@(0)"
0;;C$;"6?"A-6C,"?6%$);0A;D"E)"("A-6C,"$)*0%6)@$)&.",(&(",6$;")6&":(*$"&6"3$";&6%$,"
6)"&:$">:B;0A(-"A6@>C&$%"6?"&:$"C;$%."3C&"<0--"3$"-6A(&$,"6)"*(%06C;"A6@>C&$%;"
6<)$,"3B"&:$"A-6C,">%6*0,$%D"\(&("(),"-61"?0-$;"<0--"3$"A6F-6A(&$,"<0&:",(&("6?"
6&:$%"C;$%;"H+$(-$B."W)1$-6>6C-6C"4"a*();."JK!ZI"(),"(%$";6@$&0@$;":(%,"&6"
%$&%(A$."(;"&:$B"A()"3$"-6A(&$,"(@6)1"@()B":6;&;"0)",0??$%$)&",(&("A$)&%$;"
He(<6(,"4"+(;()."JK!ZID"W)6&:$%"(AGC0;0&06)">%63-$@"0;"&:(&"-(<"$)?6%A$@$)&"
)$$,;"(";$(%A:"<(%%()&""&6"(AA$;;",(&("6)""A-6C,">%6*0,$%8;";$%*$%;D"9:0;"A6C-,"3$"
>%63-$@(&0A"<:$)"0&"0;")6&"-6A(&$,"(&"6)$";>$A0?0A"-6A(&06)"6%"<:$)"&:$",(&("6?"
6&:$%"C;$%;"0;";&6%$,"6)"&:$";(@$";$%*$%."(;"-66=0)1"(&",(&("6)"&:$;$";$%*$%;"A()"
&:$)"*06-(&$"&:$0%">%0*(ABD"/66>$%(&06)"6?"&:$"A-6C,">%6*0,$%"A()":$->"0)";CA:"
A(;$;"&6"?01C%$"6C&"&:$"3$;&"(>>%6(A:."(;"&:$B"1$)$%(--B":(*$"@6%$"$*0,$)A$"6?"
<:(&",(&("3$-6)1;"&6"(";C;>$A&"He(<6(,"4"+(;()."JK!ZID"2:$)"C;0)1"("T["6)"("
A-6C,";$%*0A$."0&"(-;6"(A&;"(;"(">%6OB."(;"&:$"C;$%8;"(A&06);"(>>$(%"&6"A6@$"?%6@"
&:$"T["<:0A:"0;"6)"&:$")$&<6%="6?"&:$"A-6C,">%6*0,$%D"/%6;;F`C%0;,0A&06)(-"
(>>%6(A:$;"(%$"&:C;")$A$;;(%B"0?"&:$",(&("(%$";&6%$,"(&",(&("A$)&%$;"0)"6&:$%"
A6C)&%0$;D
"
T[;"A()"(-;6"3$"%C)"6)"C;$%8;"-6A(-",$;=&6>;D"2:0-$"C;0)1"("T["6)"("-6A(-"
@(A:0)$."0&"<(;"(-;6"(,*0;$,"0)"6)$"&C&6%0(-"&6"C;$"9%C$/%B>&"6)"&6>D"9%C$/%B>&"0;"
6)F&:$F?-B"$)A%B>&06)";6?&<(%$."<:0A:"@$();"&:(&"6)-B"&:$",(&(")$$,$,"3B"&:$"
C;$%"0;"(AA$;;03-$"(),"&:(&"(--",(&("0;"$)A%B>&$,"?%6@"&:$"6);$&"Hb(-61C)"4"e:C."
JK!ZID"9%C$/%B>&"A()"$)A%B>&"("T["(),"&:C;"@(=$"0&"$*$)":(%,$%"?6%"-(<"
$)?6%A$@$)&"&6";$0f$",(&("?%6@"0&D"E)"&:$"&C&6%0(-"&:$"(%1C@$)&"?6%"C;0)1"
9%C$/%B>&"0;"@(,$"(;"0&"A()":$->";6@$6)$"<:$)"-(<"$)?6%A$@$)&"&%0$;"&6"%(0,"("
;C;>$A&8;":6C;$D"E?"*0%&C(-",0;="$)A%B>&06)"0;"C;$,."&:$";C;>$A&"A6C-,";0@>-B">C--"
&:$">-C1"6?"&:$"A6@>C&$%."@(=0)1"0&"0@>6;;03-$"&6"$)&$%"&:$"*0%&C(-"@(A:0)$"
<0&:6C&",$A%B>&0)1"0&"?0%;&D"9:$"$)A%B>&$,"T["<0--"(>>$(%"&6":(*$"%(),6@",(&("0)"
0&."<:0A:"A6C-,"-$(,"&6">-(C;03-$",$)0(30-0&B"6?"&:$";C;>$A&D"PCA:"0)A0,$)&;."0)"
<:0A:",(&("0;"$)A%B>&$,."(%$"6?&$)")6&">%6;$AC&(3-$"3$A(C;$"6?"("-(A="6?"$*0,$)A$"
Hb(-61C)"4"e:C."JK!ZID"b$A(C;$"6?"&:0;."-(<"$)?6%A$@$)&"6?&$)"&%0$;"&6">%$*$)&"("
;C;>$A&"6?"()"6)-0)$"A%0@$"?%6@"A-6;0)1"6%"&C%)0)1"6??"&:$0%"@(A:0)$",C%0)1"()"
(%%$;&."(;"&:0;"A6C-,"-$(,"&6"("-6;;"6?"$*0,$)A$D"+6<$*$%."9%C$/%B>&"0;"
,0;A6)&0)C$,"3B"0&;",$*$-6>$%;."<:0A:"@$();"&:(&">6&$)&0(-"*C-)$%(30-0&0$;"<0--"
)6&"3$">(&A:$,"(),"&:(&"0&"0;")6"-6)1$%"(*(0-(3-$"&:%6C1:"&:$"6??0A0(-"<$3;0&$D"
V$(,$%;"6?"&:$"&C&6%0(-;"0)"<:0A:"9%C$/%B>&"0;"%$A6@@$),$,"@01:&"@(=$"&:$"
@0;&(=$"6?";&0--"&%B0)1"&6",6<)-6(,"&:$";6?&<(%$D"9:$;$",6<)-6(,"?0-$;"A6C-,"3$"
0)?$A&$,"<0&:"@(-<(%$"3B"@(-0A06C;"(&&(A=$%;"<:6"<()&"&6"(AA$;;"&:$0%";B;&$@D"
9:0;"A6C-,"3$."?6%"$O(@>-$."C;$,"(;"("&(A&0A"3B"-(<"$)?6%A$@$)&"&6"0,$)&0?B"
>6&$)&0(-";C;>$A&;D"
"
DBE"
T0%&C(-"R%0*(&$"U$&<6%=;"HTRU;I"(%$"(@6)1"&:$"@6;&",0;AC;;$,"&6>0A;"0)"&:$"
()(-B;$,"A(%,0)1"&C&6%0(-;D"W"TRU"0;"(">%0*(&$")$&<6%="&:(&"C;$;"g>C3-0A")$&<6%=;"
H;CA:"(;"&:$"E)&$%)$&I"&C))$--0)1">%6&6A6-;."(),";$AC%0&B">%6A$,C%$;"&6"&C))$-"
,(&("?%6@"6)$")$&<6%="&6"()6&:$%h"H+(<=0);."Y$)"4"/:6C."JKKKd">D"!ZSID"W?&$%"
;0@>-$">%6O0$;."TRU;"(%$."&61$&:$%"<0&:"96%."&:$"&$A:)6-610$;"@6;&"C;$,"3B"
Citations
More filters
Journal ArticleDOI
DICE-E: A Framework for Conducting Darknet Identification, Collection, Evaluation with Ethics

[...]

Victor Benjamin1, Joseph S. Valacich, Hsinchun Chen
Arizona State University1
01 Mar 2019-Management Information Systems Quarterly
TL;DR: The DICE-E framework provides a focused reference point and detailed guidelines for scholars wishing to become active in the Darknets research stream, and can guide scholars through key decision points when attempting to incorporate the Darknet within their research.
Abstract: Society’s growing dependence on computers and information technologies has been matched by an escalation of the frequency and sophistication of cyber attacks committed by criminals operating from the Darknet. As a result, security researchers have taken an interest in scrutinizing the Darknet and other underground web communities to develop a better understanding of cybercriminals and emerging threats. However, many scholars lack the capability or expertise to operationalize Darknet research and are thus unable to contribute to this increasingly impactful body of literature. This article introduces a framework for guiding such research, called Darknet Identification, Collection, Evaluation, with Ethics (DICE-E). The DICE-E framework provides a focused reference point and detailed guidelines for scholars wishing to become active in the Darknet research stream. Four steps to conducting Darknet forum research are outlined: (1) identification of Darknet data sources, (2) data collection strategies, (3) evaluation of Darknet data, and (4) ethical concerns related to Darknet research. To illustrate how DICE-E can be utilized, an example empirical study is reported. This exemplar illustrates how DICE-E can guide scholars through key decision points when attempting to incorporate the Darknet within their research.

51 citations

Journal Article
Psychology and crime

[...]

W. C. Sullivan
01 Apr 1909-The Eugenics Review

33 citations

Dissertation
Deviant security : the technical computer security practices of cyber criminals

[...]

Erik Van De Sandt
01 Jan 2019
TL;DR: The findings of this socio-technical-legal project prove that deviant security is an academic field of study on its own with continually evolving research opportunities.
Abstract: The dominant academic and practitioners’ perspective on security evolves around law-abiding referent objects of security who are under attack by law-breaking threat agents. This study turns the current perspective around and presents a new security paradigm. Suspects of crime have threat agents as well, and are therefore in need of security. The study takes cyber criminals as referent objects of security, and researches their technical computer security practices. While their protective practices are not necessarily deemed criminal by law, security policies and mechanisms of cyber criminals frequently deviate from prescribed bonafide cyber security standards. As such, this study is the first to present a full picture on these deviant security practices, based on unique access to public and confidential secondary data related to some of the world’s most serious and organized cyber criminals. Besides describing the protection of crime and the criminal, the observed practices are explained by the economics of deviant security: a combination of technical computer security principles and microeconomic theory. The new security paradigm lets us realize that cyber criminals have many countermeasures at their disposal in the preparation, pre-activity, activity and post-activity phases of their modi operandi. Their controls are not only driven by technical innovations, but also by cultural, economical, legal and political dimensions on a micro, meso and macro level. Deviant security is very much democratized, and indeed one of the prime causes of today’s efficiency and effectiveness crisis in police investigations. Yet every modus operandi comes with all kinds of minor, major and even unavoidable weaknesses, and therefore suggestions are made how police investigations can exploit these vulnerabilities and promote human security as a public good for all citizens. Ultimately, the findings of this socio-technical-legal project prove that deviant security is an academic field of study on its own with continually evolving research opportunities.

31 citations

Cites methods from "Deviating From the Cybercriminal Sc..."

  • ..., cryptocurrency mixers, remote desktop protocol, Tor and VPNs - and in a second study types of operational security by cyber criminals in general, and used as data sources respectively carder tutorials and expert interviews [110][111]....

    [...]

Journal ArticleDOI
Assessing the Practices and Products of Darkweb Firearm Vendors

[...]

Christopher Copeland1, Mikaela Wallin2, Thomas J. Holt2
Tarleton State University1, Michigan State University2
02 Aug 2020-Deviant Behavior
TL;DR: The development of the Darknet as a parallel network to the Web in the 21st century has facilitated illegal trafficking in small arms, as defined by the United Nations as mentioned in this paper, and the authors have used invest
Abstract: The development of the Darknet as a parallel network to the Web in the 21st century has facilitated illegal trafficking in small arms, as defined by the United Nations The authors have used invest

29 citations

Journal ArticleDOI
Understanding online anonymity

[...]

Thais Sarda1, Simone Natale1, Nikos Sotirakopoulos2, Mark Monaghan3
Loughborough University1, Universities UK2, University of Birmingham3
03 Apr 2019-Media, Culture & Society
TL;DR: It is argued that online anonymity should not be conceptualized in absolute terms but as an inherently fluid and transitional condition that characterizes any kind of social interaction online.
Abstract: Whenever we navigate the Web, we leave a trace through our IP address, which can in turn be used to establish our identity – for instance, by cross-checking it with a user’s Internet subscription. By using software such as VPN and Tor, however, it might be possible to avoid leaving such traces. A lively debate among policymakers, security professionals, hacker communities, and human rights associations has recently ensued regarding the question if such anonymity is acceptable and in which form. This article introduces the Crosscurrent special section dedicated to this topic by providing a brief overview of this debate and by pointing to the necessity of considering online anonymity from multiple, interrelated perspectives. By taking into account both technical and social dimensions, we argue that online anonymity should not be conceptualized in absolute terms but as an inherently fluid and transitional condition that characterizes any kind of social interaction online.

27 citations

References
More filters
Journal ArticleDOI
Prospect theory: analysis of decision under risk

[...]

Daniel Kahneman, Amos Tversky
01 Jan 1979-Econometrica

27,773 citations

"Deviating From the Cybercriminal Sc..." refers background in this paper

  • ...In prospect theory (Kahneman & Tversky, 1979), this is explained by the finding that people are limited in their comprehension and evaluation of extreme probabilities....

    [...]

ReportDOI
Tor: the second-generation onion router

[...]

Roger Dingledine, Nick Mathewson, Paul Syverson1
United States Naval Research Laboratory1
13 Aug 2004
TL;DR: This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points.
Abstract: We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between anonymity, usability, and efficiency. We briefly describe our experiences with an international network of more than 30 nodes. We close with a list of open problems in anonymous communication.

3,960 citations

Journal ArticleDOI
Anonymous connections and onion routing

[...]

Michael G. Reed1, Paul Syverson1, David M. Goldschlag
United States Naval Research Laboratory1
01 May 1998-IEEE Journal on Selected Areas in Communications
TL;DR: Anonymous connections and their implementation using onion routing are described and several application proxies for onion routing, as well as configurations of onion routing networks are described.
Abstract: Onion routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Onion routing's anonymous connections are bidirectional, near real-time, and can be used anywhere a socket connection can be used. Any identifying information must be in the data stream carried over an anonymous connection. An onion is a data structure that is treated as the destination address by onion routers; thus, it is used to establish an anonymous connection. Onions themselves appear different to each onion router as well as to network observers. The same goes for data carried over the connections they establish. Proxy-aware applications, such as Web browsers and e-mail clients, require no modification to use onion routing, and do so through a series of proxies. A prototype onion routing network is running between our lab and other sites. This paper describes anonymous connections and their implementation using onion routing. This paper also describes several application proxies for onion routing, as well as configurations of onion routing networks.

1,307 citations

Proceedings ArticleDOI
A fistful of bitcoins: characterizing payments among men with no names

[...]

Sarah Meiklejohn1, Marjori Pomarole1, Grant Jordan1, Kirill Levchenko1, Damon McCoy2, Geoffrey M. Voelker1, Stefan Savage1 
University of California, San Diego1, George Mason University2
23 Oct 2013
TL;DR: From this analysis, longitudinal changes in the Bitcoin market are characterized, the stresses these changes are placing on the system, and the challenges for those seeking to use Bitcoin for criminal or fraudulent purposes at scale are defined.
Abstract: Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on a combination of cryptographic protection and a peer-to-peer protocol for witnessing settlements. Consequently, Bitcoin has the unintuitive property that while the ownership of money is implicitly anonymous, its flow is globally visible. In this paper we explore this unique characteristic further, using heuristic clustering to group Bitcoin wallets based on evidence of shared authority, and then using re-identification attacks (i.e., empirical purchasing of goods and services) to classify the operators of those clusters. From this analysis, we characterize longitudinal changes in the Bitcoin market, the stresses these changes are placing on the system, and the challenges for those seeking to use Bitcoin for criminal or fraudulent purposes at scale.

778 citations

Posted Content
An Analysis of Anonymity in the Bitcoin System

[...]

Fergal Reid1, Martin Harrigan1
University College Dublin1
22 Jul 2011-arXiv: Physics and Society
TL;DR: In this article, the authors consider the topological structure of two networks derived from Bitcoin's public transaction history and combine these structures with external information and techniques such as context discovery and flow analysis to investigate an alleged theft of Bitcoins.
Abstract: Anonymity in Bitcoin, a peer-to-peer electronic currency system, is a complicated issue. Within the system, users are identified by public-keys only. An attacker wishing to de-anonymize its users will attempt to construct the one-to-many mapping between users and public-keys and associate information external to the system with the users. Bitcoin tries to prevent this attack by storing the mapping of a user to his or her public-keys on that user's node only and by allowing each user to generate as many public-keys as required. In this chapter we consider the topological structure of two networks derived from Bitcoin's public transaction history. We show that the two networks have a non-trivial topological structure, provide complementary views of the Bitcoin system and have implications for anonymity. We combine these structures with external information and techniques such as context discovery and flow analysis to investigate an alleged theft of Bitcoins, which, at the time of the theft, had a market value of approximately half a million U.S. dollars.

632 citations

Related Papers (5)
Profiling Cybercriminals: Topic Model Clustering of Carding Forum Member Comment Histories

[...]

01 Oct 2018-Social Science Computer Review
Alex Kigerl
Analysis of online messages for identity tracing in cybercrime investigation

[...]

26 Jun 2012
Smita Nirkhi, Rajiv V. Dharaskar, V. M. Thakre
Messaging Forensic Framework for Cybercrime Investigation

[...]

27 Jan 2011
Farkhund Iqbal
Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops

[...]

27 May 2015
Victor Benjamin, Weifeng Li, Thomas J. Holt, Hsinchun Chen 
Growing cyber crimes in India: A survey

[...]

16 Mar 2016
P. N. Vijaya Kumar
Frequently Asked Questions (1)
Q1. What are the contributions in this paper?

This work presents an overview of some of the tools that cybercriminals employ in order to trade securely. The criminal domain this article focuses on is carding, the online trade in stolen payment card details and the consequent criminal misuse of such data. This paper is a continuation of earlier work ( van Hardeveld, Webber & O ’ Hara, 2016 ), in which a crime script analysis of 25 carding tutorials presented the tools that cybercriminals use to cash-­‐out stolen payment card details while remaining anonymous. The authors use these tutorials and an analysis of the literature to identify how they can be used incorrectly and create a typology of potential behavioural and technological pitfalls in these tools. Finally, the authors conclude that finding pitfalls in the usage of tools by cybercriminals has the potential to increase the efficiency of disruption, interception and prevention approaches.