The Mass Effect: How Opportunistic Workers Drift into Cybercrime

The presentation discusses the use of a forum by individuals involved in cybercrime activities and the analysis of their conversations using automatic analysis techniques.

• Individuals involved in cybercrime activities used a forum to develop android portals to spread infected apks.
• The individuals were identified through a map of their interactions on the forum and their conversations were analyzed using automatic analysis techniques.
• The analysis revealed three themes: adverse business environment, amateur work, and leniency towards criminality.
• The individuals did not mention their involvement in cybercrime activities in their public interactions on the forum.
• The presentation raises the question of whether informal spaces like forums have users involved in cybercrime activities.

The individuals involved in cybercrime activities used a forum to develop android portals to spread infected apks. The presentation showed a screenshot of one of their websites where users could download various apks with special features, including banking trojans. The individuals were identified through a map of their interactions on the forum and their conversations were analyzed using automatic analysis techniques. The analysis revealed that the individuals faced an adverse business environment, lacked technical skills, and were lenient towards criminality. Interestingly, the individuals did not mention their involvement in cybercrime activities in their public interactions on the forum.

By focusing on the most visible cybercriminals, our security community often overlooks the impact of massive groups supporting criminal activities. Yet, these groups act like the "mass effect", where a primary pathology generates an inflating mass that pressures its surrounding, increasing the initial problem's scale. This research was motivated by a desire to uncover the context and motivations of individuals involved in spreading the Geost banking Trojan, and ended with large-scale statistical analyses of behaviors in an informal online market, one of the largest out there. The market was found to host dubious activities through a hide in plain sight approach. The research unexpectedly opened-up an alternative way of conceptualizing cybercrime economies, one that includes an ordinary working class, involved in any economic activity for the sake of little crumbs of profit. More than that, we realized that the motives of these individuals did not represent the excitement that is traditionally depicted by cybersecurity storytelling, nor they embodied the criminal ethos. What is concerning is rather their aggregated effect, their growing mass.This presentation shares our research journey, depicting the actors involved in the operation of a botnet, their motivations, challenges, and an analysis of the informal market in which they grounded their criminal activities. By using machine learning techniques and a statistical analysis of the informal market population, we found other similar opportunistic entrepreneurs. The analysis also indicated that the informal market may be a revolving door to underground, more criminally-prone, communities. Through this research, we hope to provide researchers, law enforcement officials and policy makers a better grasp on this type of cybercrime economy and a point of view that is closer to what these individuals actually experience.