Private Clubs For Hackers
How Private Forums Shape The Malware Market
Abstract
Offenders seek online private discussion forums where participants are screened before gaining access to connect with sophisticated peers and evade detection. Past research finds that most public discussion forum participants have a low level of technical skill and rely on more established participants for the tools and techniques they need to commit their offences. To date, research has mostly focused on public discussion forums of online offenders as gaining access to private forums comes with many challenges. The aim of this research is to describe and understand the impacts of the private nature of discussion forums on their participants’ activities. Our driving hypothesis is that private discussion forums are host to more sophisticated participants that will, in turn, offer and have access to more sophisticated tools. To understand the impacts of the private nature of discussion forums, we selected two discussion forums available on the internet whose focus is the sale of malware; one of them is private, while the other is public. Our analysis suggests that while there are differences between private and public discussion forums, there are few significant differences between both inters of the products they advertise.
References
Décary-Hétu, D. (2017). Online crime monitoring. In The Routledge International Handbook of Forensic Intelligence and Criminology (pp. 238-248). Routledge.
Décary-Hétu, D., Morselli, C., & Leman-Langlois, S. (2012). Welcome to the scene: A study of social organization and recognition among warez hackers. Journal of Research in Crime and Delinquency, 49(3), 359-382.
Denning, D. E. (1996). Concerning hackers who break into computer systems. High noon on the electronic frontier: Conceptual issues in cyberspace, 137164.
Dunham, K., & Melnick, J. (2008). “Malicious Bots : An Inside Look into the Cyber-Criminal Underground of the Internet” (1er éd.). Auerbach Publications. Online: https://doi.org/10.1201/9781420069068
Dupont, B., Côté, A. M., Boutin, J. I., Fernandez, J. (2017). “Darkode: Recruitment patterns and transactional features of “the most dangerous cybercrime forum in the world”.” American Behavioral Scientist, 61(11), 1219–1243. Online: https://doi.org/10.1177/0002764217734263
Dupont, B., Côté, A.-M., Savine, C., Décary-Hétu, D. (2016). “The ecology of trust among hackers”. Global Crime, 17(2), 129–151. Online: https://doi.org/10.1080/17440572.2016.1157480
Dupont, B., Côté, A. M., Boutin, J. I., & Fernandez, J. (2018). Darkode: Recruitment patterns and transactional features of “the most dangerous cybercrime forum in the world”. American Behavioral Scientist, 61(11), 1219-1243.
Dupont, B. & J. Lusthaus. (2021). “Countering Distrust in Illicit Online Networks : The Dispute Resolution Strategies of Cybercriminals”. Social Science Computer Review, Online: https://doi.org/10.1177/0894439321994623
Haslebacher, A., Onaolapo, J., Stringhini, G. (2017). “All your cards are belong to us: Understanding online carding forums”. In 2017 APWG symposium on electronic crime research (eCrime), 41–51. Online: https://www.uvm.edu/~jonaolap/papers/ecrime17carding.pdf
Herley, C. & D. Florencio. (2010). “Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy” In Moore, T., Pym, D., Ioannidis, C. (Eds.) Economics of Information Security and Privacy, 33-53. Online: 10.1007/978-1-4419-6967-5_3
Holt, T. J. (2013). “Examining the forces shaping cybercrime markets online”. Social Science Computer Review, 31(2), 165–177. Online: https://doi.org/10.1177/0894439312452998
Holt, T. J. & B. Dupont. (2018). “Exploring the Factors Associated With Rejection From a Closed Cybercrime Community”. International Journal of Offender Therapy and Comparative Criminology, 63(8), 1127‑1147. Online: https://doi.org/10.1177/0306624X18811101
Holt, K. (2020). “As internet forums die off, finding community can be harder than ever.” Online: https://www.engadget.com/2020-02-27-internet-forums-dying-off.html.
Holt, T. J., Strumsky, D., Smirnova, O., & Kilger, M. (2012). Examining the social networks of malware writers and hackers. International Journal of Cyber Criminology, 6(1).
Holt, T., Smirnova, O., Chua, Y. T. (2016). “Exploring and estimating the revenues and profits of participants in stolen data markets”. Deviant Behavior, 37(4), 353–367. Online: https://doi.org/10.1080/01639625.2015.1026766
Holt, T. & E. Lampke. (2010). “Exploring stolen data markets online: Products and market forces”. Criminal Justice Studies, 23(1), 33–50. Online: https://doi.org/10.1080/14786011003634415
Kigerl, A. (2020). “Behind the Scenes of the Underworld: Hierarchical Clustering of Two Leaked Carding Forum Databases”. Social Science Computer Review. Online: https://doi.org/10.1177/0894439320924735
Lavigne, M. (2021). “C.E.I. (Communauté des États indépendants)”, Encyclopaedia Universalis. Online: http://www.universalis-edu.com/encyclopedie/communaute-des-etats-independants/
Leukfeldt, R., Kleemans, E., Stol, W. (2017). “Cybercriminal networks, social ties and online forums: Social ties versus digital ties within phishing and malware networks”. British Journal of Criminology, 57(3), 704–722. Online: https://doi.org/10.1093/bjc/azw009
Luhrs, C. & L. McAnally-Salas. (2016). “Collaboration Levels in Asynchronous Discussion Forums: A Social Network Analysis Approach”. Journal of Interactive Online Learning, 14(1): 29-44.
Lusthaus, J. (2013). “How organised is organised cybercrime?” Global Crime, 14(1), 52–60. Online: https://doi.org/10.1080/17440572.2012.759508
Lusthaus, J. (2019). “Beneath the dark web: Excavating the layers of cybercrime’s underground economy”. In 2019 IEEE European symposium on security and privacy workshops, 474–480. Online: 10.1109/EuroSPW.2019.00059
Madarie, R., Ruiter, S., Steenbeek, W., & Kleemans, E. (2019). “Stolen account credentials : An empirical comparison of online dissemination on different platforms”. Journal of Crime and Justice, 42(5), 551‑568. Online: https://doi.org/10.1080/0735648X.2019.1692418
Montegiani, C. (2017). L’apprentissage social chez les pirates informatiques: Analyse de l’influence des relations d’entraide et de conflit sur le processus d’apprentissage. Université de Montréal. Online: https://papyrus.bib.umontreal.ca/xmlui/bitstream/handle/1866/19590/Montegiani_Caroline_2017_Travail_dirige.pdf?sequence=1
Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G. (2011). “An analysis of underground forums”. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement, 71-80. Online: https://doi.org/10.1145/2068816.2068824
Rafaeli, S. (1984). “The Electronic Bulletin Board: A Computer-Driven Mass Medium”. Social Science Micro Review, 2(3): 123-136. Online: https://doi.org/10.1177/089443938600200302
Reuter, P. (1983). “Disorganized crime: The economics of the visible hand”. MIT Press.
Shakarian, J., Gunn, A. T., & Shakarian, P. (2016). Exploring malicious hacker forums. In Cyber deception (pp. 259-282). Springer, Cham.
Yip, M., Shadbolt, N., Webber, C. (2013). “Why forums? An empirical analysis into the facilitating factors of carding forums”. In Proceedings of the 5th annual ACM web science conference, 453-462. Online: https://dl.acm.org/doi/abs/10.1145/2464464.2464524.
Copyright (c) 2022 Renaud Zbinden, Sandra Langel, Olivier Beaudet-Labrecque, David Décary-Hétu, Luca Brunoni

This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.