Pricing and Mapping the Underground Economy: An Analysis of Contracts on the Biggest Online Hacking Forum
9:51PM Jul 31, 2020
Welcome back to hope 2020. We're so happy to be here with us. A big shout out and thank you to all the attendees presenters and volunteers. This conference has been quite remarkable. And I'm grateful to be here with all of you for this epic show. Our next session is with David Hutu who leads the scientific research operations as chief research officer at flare systems. All right. David's talk is titled pricing and mapping the underground economy and analysis of contracts on the biggest online hacking forum. Don't forget the matrix chapter question. Let's go to the videotape broadcast control. Thank you.
So Good Friday evening, everyone. Thank you for joining me today for this presentation. The title of my presentation is pricing and mapping the underground economy and analysis of contracts on the biggest online hacking for so my name is David each My background is that I have a PhD in criminology. I've been doing research on malicious actors and cybercrime for the past 10 or 11 years now, my focus is mostly on the social organization of illicit markets, as well as criminal achievement. And my background is academic and I presented here in that capacity a couple of years ago. So in 2016, I was at a conference to talk about our big question, which is an open source, Bitcoin transaction tracking tool, they servable today. I'm back today to talk about persistence under trip research officer. and persistence is a company from Montreal that does visual risk prevention, and who specializes in analyzing guard deep and clear web to provide companies with real time actionable intelligence. Now today, more specifically, I'm here to talk about hacker contracts. So, basically, we've all seen on forums, not just actors talking with each other doing business with each other. But what we've rarely seen is the contracts that they enter. And most oftentimes, what we see is very informal contracts, where people agree on terms and then they either meet their goals or did in this case we're going to do is you want to index these contracts that I've actually been formalized over the past few months and want to understand exactly what their costs are, what they are, as well as mapping the structure of the social organization of delisted trades caused by a specific one, which is called platforms. So hackforums is going to be the main source of data for this presentation. And our overarching goal today is really to understand how the contracts that are manage and don't on hackers. are actually structured and who's involved in them and how they
So hi forums, I'm guessing that most people have actually heard of this form. And before we get to high cons, we have to ask yourself, Well, why do people still participate in these and then comes in clean when these farms have been around for quite some time. And there's basically four reasons why people still go on farms today. First one is for more control and coordination. So when you're a malicious actor, and you want to transact with someone else, to buy something, maybe can be a mass military can be malware, ransomware, whatever. The main problem is that you cannot enforce the contracts that you have. You actually have to deal everything by yourself. And if the other party in your transaction doesn't live up to your expectations, well, there's not much you can do. So when you go to forums, you actually have administrators, you have moderators, you have other people who are affected. In social regulation, and that's basically one of the things that you're going to be looking for when you go on forums. Second thing is social networking. So malicious actors and just criminals in general. They're really very, very, very, very social animals. This means that they need peers, they need other people to talk with. They need other people to learn from they want to aggregate with these people. And forums will actually provide you in this case with millions of people
to talk with.
Third thing and fourth thing they kind of mix them together is this idea of uncertainty mitigation in the face of both identity and quality. So when you're talking with people on the internet, you usually have no idea who you're talking to. And this person could be someone who's going to try and rip you off. This can be a law enforcement officer, it can be just pretty much anyone. And so what you want to do with these forums is actually go back and look at all the posts for the person. You're talking to. has made them form. And this will give you some clues as to who that person is to try and mitigate the anxiety around their identity, but also about the products that they're selling. So you can actually look at reviews, you can look at people would have said about this person and their product in the past. And you can actually, if no one's talking about the product, now maybe it's kind of suspicious. So forms pay a very, very important important role to remove uncertainty to allow people to network with each other, but also to provide them with some social control. Now, in the case of high crimes, it's a fund that's been around, I want to say pretty much forever. We're talking about 4.8 million members worth talking about 16 million Bo, so this is a massive form, much bigger than pretty much all the other high confirms and they have you know, 6 million threads. On average on everyday, you're going to find about on that forum. And you're going to have about 1000 people showing up every single day to participate in this form. Now, of course, not everyone will be posting messages, but that's a lot of members showing up every single day. And just to give you an idea of the activity, on average, a thread will get about nine replies, which means that there is a good level of activity when we're looking at threads because people are replying to each other when we're looking at threads. Now how forums is often seen as this place where no script kiddies, unexperienced malicious actors are going to operate but what we've seen actually in the past is that high forms is really plays for pretty much everyone goes, so of course, you're gonna have your script kiddies, you're gonna have your unexperienced hackers going there just because when you type no hype forms on Google, what do you get? Well, you get, you know, hack forms, but you're also going to get various fascist actors. And these are just, you know, a few of many news stories that talk about how, you know, these established or as far as hackers actually hang around high forms. And very this draws us back to our social networking aspect. It says, because when you're in headphones, there's so many people to talk with. This is the place where everyone goes, which means that this is a place where everyone's going to. So when we look at these analysis today, yes, we are going to have some new malicious actors, but we also have a lot more established people being involved in this trade. And that's something that's really interesting for these allowances. Now, this is hackforums is a form for social networking. You know, if you're looking at what the main sections of the form are, while you're gonna have, you know, life tech code gaming, you know, you're going to have all These, you know, very various sections. And here you had a screenshot of some of the threads that were posted in one of the subsection, you know, with someone claiming, you know, I made microcell you know, someone else bragging how they made a million dollars. So you're gonna have this mix of people just dragging people just looking for friends, but you're also going to have something else and what you're going to find is 100 that is all about you know, business. And, and this forum, which you're going to have is independent sellers, that will post advertisements and these you know, will often include screenshots or graphics of you know, kind of their publicity, their flyer, if you will, and description, their pricing and business model. More and more. We're seeing suffer as a service for malware, and we can get back to that later on. If that's of interest to you. You're going to have no contact information. And very often you're going to have vouches. bypass customers. So people, you know, just reposting messages saying, you know, this is this person said that I provided good service, maybe you should.
So here you have an example of someone who's selling a social media bot. So it's basically someone who will, you know, retweet your tweets, if that's something you're interested in. And you have the price, you have the service, the offering. And as you can see, they very often have these, you know, very handy, very nice, colorful fires that they used to advertise their cabinets. Now, a couple of months back, what was really of interest to me was that high firms actually decided in 2018, to establish these contracts. And in this case, is was meant as a way to reduce uncertainty, and to build trust between the parties in transactions. So basically, if you want to deal in hackathons, you have to go through this contract interface. And you have an example over here, where you're going to see that you You're going to have the actors are going to be involved, you have dates, you're going to have status, there's probably way too much information. But you actually have this flow going from, you know, awaiting approval. So waiting for both parties to agree on the terms of the contract, then you have all the lifespan of the contract, it's evolving. It's ongoing, and then you get to this complete phase, where you're even going to have feedback by both parties saying that this went well or not. And this is a very rich source of information, you're gonna have, you know, bitcoin wallets, aetherium wallets, you're gonna have, you know, the terms of the contracts, the obligations, you know, on the left and on the right, so both parties this transaction, what their obligations are, and most interesting is going to have a status. So you're going to see is it a completed contract is an ongoing contract. This is something that was litigious. So what happens is contact the found thing that you should look at is Actually, on the top right is the visibility of the contract. So visibility can either be public or private. And in the case of private contracts, all we can see is, who are the actors involved in the contract, and they ended status. So about 10% of the contracts on hackforums are public and more and mobile we're seeing is that they are more on the private than on the public side. So the first thing that we wanted to do was to look at the content of these contracts. So we downloaded the whole list. So that was about I believe, 200,000 contracts that were published, and that is up until maybe two weeks ago. But we can of course, analyze all of the contracts because we only have access to contracts who for public when we're looking at the content of these contracts. So what we did is we sampled some of the public contracts. And what we came up with was this technology of what are the products and services that were bought through these contracts on headphones. Now, once again, this is just a sample just a subset of everything that was going on and I farms. So of course, there are some very important questions that we're going to be asking. So for example, there really wasn't much activity around ransomware, for example, and that was kind of a surprise, given how prevalent and important you know, ransomware are these days. So what we found was that there were five main categories of product being for sale on headphones, through these contracts, and that was everything related to money, stolen credentials, hacking tools, reputation points and methods. I'm not going to go into other very much, but I'll just dive very quickly into these, you know, Five
so I'm looking at money first. It's mostly the cases of contracts where people are going to exchange a cryptocurrency for a fiat currency. So basically just, you know, US dollars in many cases, and actually in most cases, what you see is PayPal being involved. So 56% of the contracts, were about PayPal, we had about 26% of the contracts that involve gift cards or points. And very often, these were four amazon gift cards, and that's very easy to understand. So someone had some cryptocurrency and they want to buy something on Amazon. Well, basically, they're just gonna get these amazon gift cards, and they're gonna buy something on Amazon. We've seen also apps for Apple cash apps and this is a way either to know launder the money or a way to actually do some fraud. So what we've seen is that the raid to launder the money or make these changes is anywhere between zero and 50% depending on the actors involved, depending on the currency as well. But if you're gonna get, you know, some amazon giftcard and you have some bitcoins, it's usually going to be between zero and 50% of the amount that you need in the gift card that you're going to have to pay more in Bitcoin to get this to get this cash. And of course, we've all seen all the ads, you know, for PayPal, but where people are just, you know, selling Google accounts and credentials for PayPal accounts. But what we've been seeing more and more is actually also food services. So here, for example, you're going to have someone who says, Well, I can order some food. Well, basically, I will sell you this, this food credits for about half of the money. So it shouldn't get you know, $50 worth of food in order tonight for you and your girlfriend was going to cost you about 2760 it may take a couple of hours to add the bonds to your orders. So just you know, be be advised Don't call me at 5pm Friday to order something half an hour. And they of course are going to take you know, Bitcoin and other currencies in the US only at this point. Now the second category that we've seen in contracts that is very prevalent is stolen credentials. And so here you find credentials for pretty much anything on earth that you can think of. So we're talking about, you know, social media, we're talking about entertaining accounts. This can be you know, your Netflix, Spotify, you're gonna have your cloud accounts, of course, for example, Azure, and also you're gonna have some business accounts. So it was really interesting to see how you can get pretty much any single Count available on these contracts. And the wealth of doing positions are impacted by this, we're pretty impressive, just for confidentiality, and just for safety reasons, we're not going to list all these stolen credentials over there. And we haven't seen or, you know, there's very little to no mentions of how these credentials are acquired or stolen. And we know that there is a lot of phishing and credential stuffing going on around this. And here, what you can see is actually some example of credential stuffing going on. So what you see is basically someone using a specialized piece of software to use a list of usernames and passwords that were stolen somewhere else or just downloaded from the internet. And then they're used to attack a service or website to see if these credentials work. So very often, people Get fish or people will supply a username and a password. And these are going to be reused fed into the software to see if it's possible to attack it. And as you can see here, there are many options in the stuff that you can use. You have the list of all these M and passwords.
And then the second, you're
gonna see the typing launch. And then you're gonna see, as you see on the top right over here, you can see the accounts that were actually validated by the stack. And now you're gonna see, for example, this is an ad for a virtual, you know, just a Cloud account. And you have, you know, where should we contact the person. So on this court, you have all the credits are available in the account and that gives you the idea of what you can do with this Cloud account. Good thing you can do is look at hacking tools, and these hacking contracts are very often used for hacking tools. So here you're gonna have virtual private servers, web hosting, Macy, blue import, bulletproof private hosting, are going to be the dominating products. But you're also going to have other types of hacking tools. And so what you're going to find is, for example, contracts for social network. But this was part of a research I did previously with go secure, a Canadian cybersecurity company, where we looked at social network bots. So basically bots that will like your post, retweet your posts and just give you followers, which is a very booming business right now. And also contracts for mass mailers. So basically, either Software or Services to send phishing, phishing emails. And finally, which was kind of more worrying was this trend for Android rats. So basically, just this malware that you can use to infect Android,
Android phones. So what back there,
there was no mention a couple of novel categories, such as ransomware. And so our, our belief is that this is kept to the more private contracts. And this is something we have
little to no visibility into, unfortunately.
Now, you know, just one example of a mass mailer, what does it look like? Well, basically, it's just a very simple interface, where you enter the server that you want to use to send the emails, who wants to who you want to receive these emails. Or you can either send SMS or email with the messages and then some configuration and just by clicking OK, at the end, you're up and you're able to send all these conversations and points and emails to the to the relevant people. And now, the fourth category is We find in these contracts, his reputation points. So that was really interesting because it's mostly for internal high forums, fights points, or reputation points. So it's basically just for vanity reasons. It's just so your account looks as though it's more established, as though it's has more experience. And you know, these bytes, you can earn them by, you know, creating threads by posting replies by replying to threads. And these members while they can donate their bikes to each other, but they can also sell them. And what we seen is that these reputation points also count towards reviews and merchant websites. So basically people getting paid to perk up hope you're using Amazon. And so in this case, this is propping up a business. So if you're selling something, you want to look as though you're an established actor. Well, just by having these reputation points, you look like you're more credible and perhaps Someone who's just now. But all these points, that's good look more, more trustworthy. And so here, what you see is basically someone posting an ad saying that they're driven by these reputation points. And interestingly, the price for these points is going to change depending on the level of the person they're doing a contract with, which means that if they're doing a contract with someone who's more established, higher status, they're going to pay more for these reputation points than if they go with someone who has no lower status and have alternative contracts over here. Finally, the fifth fifth type of contract that we found, once again, this was a sample of public contracts is all about the methods it's possibly the most difficult category to analyze. And what we see is, you know, people looking for methods To get rich quickly. So there's been a lot of papers published that talked about how about cybercrime, and how malicious actors may have the impression that it's very easy to make money in the criminal underground. And so these guides are really geared to these people who can learn how to make money and it's very often just people's scamming new Mises actors and trying to get money out of them without providing them with you know, actual very good tips on how to make money. And so they're mostly just get rich quick schemes that provide kind of no evidence is how you're supposed to get rich. But there were also quite a few guides starting companies, it can be a you know, for example, a large coffee chain. It can be for example, and, and network.
And these basically will just give you methods on on how to make money while You're, while you're just you know, hacking or attacking these companies. And you know, here you have an example on these ads. And you know, these are not teaching they can this guide to know can be upwards of $1,000 for the next person, and very often they're going to be limited to a specific number of people just to make them more premium. Or make sure that the people using these methods don't get better basically. Now, once we've learned, you know, what are people using these contexts for? One of the very interesting point that we wanted to look at was, well, how much negotiations is there on you know, behind these contracts? And one of the things I've always been fascinated about is to see and do people better in in the crew on the ground, do people negotiate? How does that happen? You know, when you see a listing, for example, an advertisement for someone saying, I have this super elite, you know, malware or ransomware. And I'm trying to sell for $1,000. Where are people really paying $1,000 for the smell, where are they paying $500? And how does that happen? And so here, what we did is we actually took a sample of the contracts that we have analyzed. And we were able to match these contracts to specific kids on hot forms. And so this allows us to compare the price that was in the contract with the price that was in the original advertisement for the product. And what was really interesting is that there was a price difference in many cases. It was mostly discounts and these discounts were as you can see, I put in here zero to 25%. But it was mostly around you know, five to 15 percent price off. So that was really interesting to see that people did not negotiate all that much. When someone said that they were going to do you know, sell a gift card for $1,000. Maybe they'll take $50, maybe they'll take $100 of that gift card. But really, very often, they're not going to go above that. What was really interesting, though, is that there was actually quite a few people who didn't pay anything for their product. And this is something that has been raised in the literature in the past, and this is all about the samples. And it's very interesting to see that many malicious actors will actually agree to make contracts for samples. And so before you buy something that's quite expensive, maybe want to try it out. And kind of the same thing as with drugs. And so that's why you get some people getting 100% off the price just because that means that they're just you know, getting free sample This product.
other end of the spectrum, we also had people that were paying more. In most cases, when people were paying more than the price that was advertised, it was the case it was really good money. And that's because the exchange rate had changed. So basically, if it costs more to buy bitcoins at some point, that means that you know, the price of the thing is going to change. But mostly, what we saw is that when you're doing analysis on these advertisements, and you see a price for product, what you can expect is that most times, the people who are buying the service are going to pay maybe five, maybe 10. Not really more than 15% off the list price for that product. So when you're doing these economics analysis of this one's really interesting to see that you can actually rely on these numbers and if you buy Nike and to build scenarios, no sometimes can be like conservative or some that can be Maybe more loose? Well, you can actually use these numbers and use these contracts to model exactly how much money do you add or take away from these contracts when you're analyzing their price. Now, the last thing that we wanted to do was to look at how these contracts are organized. So now we know what's in those contracts to some extent, we know how their price, how much negotiations they are, the next thing that we wanted to do was to look at the social network of hackers, and try and understand exactly how is this network structure? So the first decision that we had to take was, so do we take all 200,000 contracts that we have downloaded? I felt as though that maybe wasn't the best idea because a lot of these contracts are actually incomplete. And when you're talking about these incomplete contract, laughs its lucky winner. They just never happen. It's not clear whether the people fail to deliver on their obligations. So there was a lot of uncertainty around, you know, were the people involved in the contract really involved in the contract? Or did things fall out? Or for any reason? I mean, what was this real? So the decision we took was to look at only the completed contracts on headphones. And this is about 85,000 contracts over the last 26 months that were collected and analyzed here. And what you're seeing is basically the number of transactions per month for these contracts. And it's really interesting to see that there's an upward trends so as time passes by, more and more people are using these contracts. And also, for some reason, that is kind of difficult to explain. But around March, April, or you know, beginning of the spring of each year, you see this, you know, this peak in the number of contracts that are being launched on headphones. So we know there are these cycles on online illicit markets. For example, usually in the summer, there's fewer contracts, less activity around Christmas, it's the same thing. early January is a part of house retail to some extent. And in this case, the piece really appeared to be in the spring, this is when everyone kind of comes out of the winter needs some money, and that's why they're doing a lot of contracts. When we're looking at the number of actors per month, it follows a very similar pattern to what we just saw with the contracts, of course, we see the peaks kind of at the same places, and we see that there's right now about 2000 people different Take the record and be active each month on hackathon during contracts are quite a sizable number of people. And when you look at the number of transactions, it was around three to 4000 average that you would see.
when you're talking about social network analysis, what you're trying to do is analyze a network. Now, what's network? Well, it's basically a collection of nodes. And in this case, these nodes are going to be malicious actors. And they're all connected by edges or ties, which are going to be transactions. Now here, it's always very important to remember that the inclusion exclusion rules do have a significant impact in the analysis. So once again, we only look at the completed contracts. That's about 85,000. We haven't had a chance to run the numbers of the world data set. But I wouldn't be surprised if we found something That was pretty different when we include a different set of network. So every time we're talking about this network, we have to remember kind of what they are. Now, there's two pointers that you can take when you're doing social network analysis, you can either look at the network level, so basically the structure of the level of the network, or you can also look at the ego or individual level. So for this presentation, we're going to focus on the network level. And as I said, So between May 2018 to July 2020. Now, we're going to be looking at a few metrics. So the first one is going to be centralization. So that's a very important metric for social network analysis. It's basically how are the ties centralized in the network. So is everyone doing their contracts with the same person as you can see in the left, or is everyone buying and selling from each other, as you can send it right. And, you know, when you're looking at destruction of these networks when you're trying to understand how they're structured centralization is a very key metric, because it tells you if a few actors are playing a central role in the net. The other metric we're going to be looking at is the notion of cliques. So cliques is basically how are the pies organized? On the left, what you see is that the clique is going to be a subgroup of the network, where you have a very high density of pies between the actors. So you're going to see, for example, three actors in the left all talking to each other. You're going to see three actors on the right, talking to each other, and the cliques may be connected with each other. That's fine. But what you see is that people are mostly connected with each other in small groups. But you see on the right is that really isn't the case. So it's basically everyone is only connected to one person. So there's really no clicks in there. clicks are really important because it shows if your network is one network, or multiple smaller networks connected to each other. So it really gives you a good idea of the structure of the network, and how you're supposed to understand these sites.
and that's kind of a measure for repeated business. We will look at how these networks change over time. Here we had to make a decision once again. And we decided to aggregate all the links based on the month of the year. So just because there are these cycles all the time and they tend to repeat themselves year after year, it felt as though aggregating all the ties on a monthly basis made sentences and what we wanted to see is how many ties we have in month number one I still present in month number two. And so this is what we call the Jacquard index. And it's a measure of homogeneity between the months or the similarity between month over month. So what we're looking at is if I buy something from someone in January, am I going to buy something from that same person in February, that's a really gives you a good idea of what's going on there. Now, we computed what these networks of headphones looked like. And this is actually what you get. So I'm gonna let it cycle through. And what you see is, each time it refreshes is a new month. So you're seeing a set of humans in between each of the image. So it gives you kind of a nice idea of the evolution of the network. And each.is a malicious actor and the bigger the node, the more transaction the person is involved in. Same we don't really know who's buying or son, all we know is people involved in the transaction. And as you can see, in each of these frame, you do have bigger nodes that appear. You also has thicker lines, which shows kind of thicker interactions. But it's basically a very decentralized network with a lot of actors not doing many transactions and a few key actors doing a lot more transactions than the other actors. So that was kind of really interesting. Now looking at the, at the results, the first thing that we see is centralization scores, and these were extremely low. So just as you saw before, they were about a ties each month. And it's not like there was one actor that was receiving all those ties. Yes, some people received more ties than others. But there wasn't really anyone who was receiving all this I remember. So these scores of centralization are multiplied by 1000. And they're actually extremely low. And so that was really interesting because no one is able to corner the market on high forms. This means that this is a very decentralized network. It's not like you're removing someone from the network, you're gonna be destroying all these activities. It's really a lot of people decentralized,
The other thing that was really interesting is I was kind of expecting to see an increase in centralization over time, but that's not really what you see, you actually see a slight decline over time. And so this means that the form like people are building their business and becoming the reference and some of the areas that we've seen these contracts. So this means that because the centralization remains civil war is even decreasing. It means that competition is really fierce. No one is able to establish themselves As a leader in the field, and they're always competing with each other to get revenues. Now, when we look at clicks, it's even lower. And what you actually see is that even though the contracts started with higher level of fix, these numbers are multiplied by the way by 10 million, which means that they're incredibly low. And they're actually going down over time. So that was really interesting. So it means that you know, there were pockets of people dealing with each other at first, and overtime will be seen as a decent realization, which means that people are not really buying from each other in small pockets is everyone just buying from everyone else? And so what we see is that there's not these gangs being homeless and the suburbs being formed. And it's a lot more random and a lot more decentralized than what we could have expected from this network. Finally, when we look at the Jacquard index, it's a number that ranges from zero to 100. And the closer you are to zero the less than a year and a half month over month. So what do you have over here is basically, how similar was this month compared to the one that was just right before it. And what you saw is that at first, you had an increasing Jacquard index, which means that people were repeating purchases month over month, and this number of people who was repeating purchases was increasing over time and then slowly decrease and it remained pretty stable over time. So that was a really interesting feature, which means that in many cases, people do not repeat their purchase online. And then that becomes a question of where the people not satisfied that they try and bypass contracts when they've done through. It was going on there.
Now I only have
a very limited time left. So pretty quickly, what are the main takeaways from this presentation?
And unsurprisingly, money
laundering, financial crimes are really at the heart of the illicit trade of harm was out of money related products being advertised. We saw sold credentials for financial institutions and others being advertised on this forum. And there was a surprising absence of certain types of attacks, for example, ransomware. And so we have to remember that we only looked at the public contracts. And so it would be really interesting if we could look at the private content. And one of the projects that we have that will be ongoing is trying to look at the general products being advertised and mapping that to the public contracts and seeing what kind of products are being advertised that we're not seeing in the contrast to try them. He into these private contracts, something we couldn't do for this presentation. Unfortunately, what we saw was that vanity and status is extremely important. Yes, for social networking, but mostly for business. There's a lot of research being done on the status of people and how this really improves their social embeddedness. And how they can connect with each other this transaction doesn't think and talk about if you're interested as well. And this was something that was really important in these contracts. Now, there was very little margin for negotiations, samples are available. And it was, I would say, kind of the most surprising feature of these contracts is, how decentralized they are. I've published many papers on this topic and other precedent, the dark web, where we see that you know, these markets are going to be very centralized. So A very limited number of actors, for example, 1% of vendors are going to be making 90% of the sales. And this really was not the case. But hyphens. And so kind of this forum, platform, maybe is more decentralized, people can try many things. Maybe they're less afraid to try and transact with other people, because they have this social regulation. So this whole idea of being nested into this official platform, maybe allows you to take more chances. Try dealing with more people, which indicates or explains why we have less fit the repeated business with someone and deeper exploring alternative options when they're buying something, listen.
And, of course, it's also impacted by the limited stability in the ties.
And so there's a lot of questions arising around the usefulness of this platform. So moving forward, we plan to look at different types of models. To build out these ties, relational event model something where we're experimenting with, and we need to refine and looking at the transactions, I think that's really interesting. So why have these transaction failed? What can we learn from these transaction as well? It's something we'll be looking at. And if you have any questions, here's my email address and I'd be happy to answer any.
Hi, welcome back. We're here with David, thank you very much for that talk to David. That was really interesting and Thank you very much for sharing. We do have a question for you.
Question. Are there any
current? Are there currently any illicit trade versions of no normal world's procurement techniques such as RFP auctions, etc.
So I had to read that one, two or three times. But there is it's an it's actually an excellent question. And thank you for having me the whole conference, it was a great conference. We've been monitoring and we're working on actually right now is the ransomware, if we can call it the industry. And what we're saying is malicious actors are now not only encrypting people's data, but they're actually exfiltrating it and then they will put it up for auction. And one of the most interesting trend that we've seen is that malicious actors are going after the providers and partners have the big juicy targets. So if you want to get into NASA, for example, pretty difficult, but maybe there's a third party working with mezza that you can actually hack and get their files. And then you can auction off naza files, but going through the third party. And so we've been monitoring and looking at a lot of these websites where we have auctions derived from these ransomware attacks. And these auctions are going to be very expensive. So 10s of thousands of dollars, if not six figure. And so what we're seeing is something that's, you know, auctions kind of like what eBay had, but for stolen confidential information, and I was talking, I talked about, you know, the samples and they hit them, there was a comment in the chat room. But it's kind of the same thing with these auctions. So they'll give you maybe a database, maybe a few files for you to sample and make sure that you know, you know, you're buying the good stuff, basically.
I see. And
so how does that work? And then let's say you buy some data, and it's not what it says it's supposed to be there's no refunds is there now
So one of the perks of going through the forums and going through, you know, for example, the contracts I was talking about the DI forums is that you actually have someone that can enforce the contract. So of course, there's no law you can
you you will not have, you know, any cops you can call, but at least you're going to have these form authority. And so people are going to be investment should only have one video open at the time.
you're going to have, you know, these form administrators who are going to be who are going to be enforcing the contracts and either, you know, banning the people who are you know, going back on their word, you're gonna have the administrators putting out constraints putting out messages, and sometimes you're even gonna have been so you know, people before people can become a vendor, they're gonna have to pitch in, you know, these $500 $2,000 as a bond. And then if there's a fraud While demonstrators are going to use that money to pay back the people who shot it. So that's something that we've been talking a lot about the different demmick and insurance for travel, and how are you supposed to get back your money? Well, it's kind of the same thing where you have bonds, and then you reuse that to pay back.
Right? That's a very interesting concept of what we call self policing, type of thing. Very interesting. All right. Our next question is, some of the models you showed are fairly difficult for non specialists to understand. Do you think understanding a model is necessary or as an informal understanding sufficient? And then a follow up is, you know, do you think we should avoid following gut feelings
on so they are that was just a few minutes to explain what social network analysis is. And that's totally understandable. I start, you know, 45 hours classes are on social network analysis in the past. I tried to pick something that was kind of the main areas we should look into. So one of the things that's really interesting is this idea of centralization. So is there one person selling, you know, malicious software, stolen credentials to everyone in the community? Or are there hundreds of thousand people doing that. And the difference between the two scenarios is really significant. Because if one person is central network, that means that if that person leaves, there's they're, you know, arrested because they just made the most money and they want to get out. But it means that the whole network kind of just shuts down and can't operate anymore. And so it's really important to look at these social networks understand how they're structured. So is there one person at the core of it? Even if people are some actors are more important than others? That's fine. But is there one core actor you know, I was talking about the clicks the cakes, so people kind of connecting in smaller groups or This one big network, if you're trying to, you know, get into one big network, it's much more easy for you to get into a group of three, you know, when you're going in a conference, and there's three or four people talking with each other, trying to get into that circle is kind of difficult, because they all know each other, they all want to talk with each other. But if there's just one big room, and you're just bumping from one person to another, it becomes much easier. So all these questions about the structure of the networks are really relevant. And I did my best to keep it simple. There's much more sophisticated models that we could be running. And we will be publishing more on these models. And it's something that you can maybe do more easily in the blog course or white papers, something that people can, you know, sit down, have a glass of scotch and just, you know, read through slowly to make sure they understand it.
Thank you. That was an
excellent answer. We've got a couple of minutes left. I'm gonna go on to the next question. Facebook for example, does massive analysis of social networks works? Is it their business model? It is their business model? Is that qualitatively different than the approach to social network analysis that you described? Or is it only difference in scale? Now, so basically,
they really most interesting thing with social network analysis is that applies to everything. So you can use it, you know, for your personal relationships. If you want to find a girlfriend, if you want to, you know, make sure you have a promotion at work, if you want to be successful in a criminal career, whether you're talking about ends or planets, it's all you know, all connected together. And many of the rules that apply, you know, to the very, very small stuff also apply to really huge networks. So basically, what Facebook is doing is exactly what we just did. You know, when they're suggesting to you and new people to become friends with it's because you know, it's based on either I'm awfully similarity with other people, or just because you're close to these people. So these aren't metrics and go into But proximity and network is and similarity are two very important concepts. And that's pretty much something that is because doing, and that's something that we'll be looking into doing. But it's exactly.
Very good. Right. We're out of time, David, and on behalf of all the whole 2020 attendees, presenters and volunteers want to thank you, David, for sharing your project with us. And if there's anything else that you want to add how people can contact you.
They did that at att accredited systems. And we'll be happy to answer any more questions. Thank you for listening and enjoy the weekend, everyone. All right, thank you very
much. We're getting ready for the next top of the hour. Our next talk is sex, big data and user autonomy. Stay tuned for fresh books and first tracks take it away Ground Control