David Décary-Hétu
Last known affiliation: Université de Montréal
Bio: David Décary-Hétu is a Ph.D. in criminology and an original co-founder of the cybersecurity company Flare Systems who has over 10 years of experience researching online illicit markets and anonymity technologies. David has published his research in top academic journals like the British Medical Journal, and is the co-creator of widely used tools to monitor both the darkweb and bitcoin transactions. David is the Chair of the Darknet and Anonymity Research Centre (DARC), a Canadian Innovation Foundation funded research lab that has been at the forefront of research for the past 3 years. David presented at Botconf and other high level cybersecurity conferences in the past.
Luca Brunoni 🗣 | David Décary-Hétu 🗣 | Olivier Beaudet-Labrecque | Sandra Langel
Abstract (click to view)
Discussion forums are asynchronous communication channels hosted on internet websites. An important component of discussion forums is the marketplace section most forums host. This section enables official and unofficial vendors to post messages about goods and services for sale, and for customers to request certain products as well. The aim of this research is to describe and understand the impacts of the private nature of discussion forums on their participants’ activities. Our driving hypothesis is that private discussion forums are host to more sophisticated participants that will, in turn, offer and have access to more sophisticated tools. More specifically, this paper will compare public and private discussion forums to describe and understand the primary and secondary types of malware their participants advertise, the infrastructure the malware targets, the freshness of the malware being advertised, the quality based on price of the malware being advertised and, finally, the level of trust in the sellers of malware. Our findings suggest that while private discussion forums may not be the place where unknown and more sophisticated malware are offered for sale, but it just may be the place where the most significant and organized threats come from.
David Décary-Hétu 🗣
Abstract (click to view)
The Internet has become over the past fifteen years the medium of choice for people to communicate with each other. As Boase & Wellman (2002) have predicted, we are now firmly in the era of networked individualism where each person creates his own personal social network and interacts with numerous circles of individuals who have very different backgrounds and live in different time zones.
This telecommunication revolution has forever changed how people communicate in both legitimate and illegitimate parts of society. Past research (Wall, 2007; Décary-Hétu, 2013) has shown that the balance of power between guardians, victims and criminals has shifted over the past few years in favour of the later. Indeed, it is now easier than ever for a criminal to find willing co-offenders and to offload stolen financial data on the black market (Holt & Lampke, 2010). To do so, criminals can use online forums and IRC chat rooms to post messages about what they need or have for sale. Possible business partners can then privately communicate in order to negotiate a satisfactory agreement.
While the Internet has solved many of the networking issues criminals were facing, it has also created new ones. As no one will share (or is able to prove) past criminal activities, criminals have had to rely on signs and signals that others send or display in order to decide whether or not to trust someone with a co-offending opportunity or with a business transaction. Signs and signals (Gambetta, 2009) such as clothing, tattoos and ethnicity that were commonly used to assess the trustworthiness of individuals are difficult to translate in the virtual world. In the context of the Internet, it is considerably easier to fake any of the aforementioned signs and signals and they therefore lose most of their significance.
To offset this problem, the administrators and moderators of online criminal forums and IRC chat rooms have adopted reputation scales that work just like the ones on popular merchant sites like eBay and Amazon (Motoyama et al., 2011). Users and administrators can then rate each other and provide a sense of the trustworthiness of others in the criminal community. Past research (Décary-Hétu, 2013) has shown that this reputation is not distributed randomly among the criminal population. To the contrary, many predictors of higher reputation can be identified and only a few individuals manage to outperform others in this regards. Those that accumulate the most reputation capital can then use it to increase their sales of illicit goods and services (Décary-Hétu, 2013).
This presentation aims to build on this research and provide a new understanding of how individuals accumulate reputation by looking at an illicit forum where participants talk about botnets and buy/sell botnet-related services. To do so, we have collected data on all of the forum members as well as their reputation level over a period of several months. Using Nagin et al.’s (2006) life-course trajectories approach, we have developed a model that identifies the different paths that members follow when they accumulate reputation in this online forum. This approach takes into account multiple predictors to classify each individual into a single group of offenders based on how they accumulate reputation points. Our results confirms that reputation is not distributed randomly but extends past research by demonstrating that there are differences in how people accumulate reputation. This enables us to better understand the careers of these individuals and to create tools that would identify key players in the online criminal underground before they have reached their full potential.