Private Clubs For Hackers

How Private Forums Shape The Malware Market

  • Renaud Zbinden Institut de lutte contre la criminalité économique
  • Sandra Langel Institut de lutte contre la criminalité économique
  • Olivier Beaudet-Labrecque Institut de lutte contre la criminalité économique
  • David Décary-Hétu Université de Montréal
  • Luca Brunoni Institut de lutte contre la criminalité économique


Offenders seek online private discussion forums where participants are screened before gaining access to connect with sophisticated peers and evade detection. Past research finds that most public discussion forum participants have a low level of technical skill and rely on more established participants for the tools and techniques they need to commit their offences. To date, research has mostly focused on public discussion forums of online offenders as gaining access to private forums comes with many challenges. The aim of this research is to describe and understand the impacts of the private nature of discussion forums on their participants’ activities. Our driving hypothesis is that private discussion forums are host to more sophisticated participants that will, in turn, offer and have access to more sophisticated tools. To understand the impacts of the private nature of discussion forums, we selected two discussion forums available on the internet whose focus is the sale of malware; one of them is private, while the other is public. Our analysis suggests that while there are differences between private and public discussion forums, there are few significant differences between both inters of the products they advertise.


Décary-Hétu, D. (2017). Online crime monitoring. In The Routledge International Handbook of Forensic Intelligence and Criminology (pp. 238-248). Routledge.

Décary-Hétu, D., Morselli, C., & Leman-Langlois, S. (2012). Welcome to the scene: A study of social organization and recognition among warez hackers. Journal of Research in Crime and Delinquency, 49(3), 359-382.

Denning, D. E. (1996). Concerning hackers who break into computer systems. High noon on the electronic frontier: Conceptual issues in cyberspace, 137164.

Dunham, K., & Melnick, J. (2008). “Malicious Bots : An Inside Look into the Cyber-Criminal Underground of the Internet” (1er éd.). Auerbach Publications. Online:

Dupont, B., Côté, A. M., Boutin, J. I., Fernandez, J. (2017). “Darkode: Recruitment patterns and transactional features of “the most dangerous cybercrime forum in the world”.” American Behavioral Scientist, 61(11), 1219–1243. Online:

Dupont, B., Côté, A.-M., Savine, C., Décary-Hétu, D. (2016). “The ecology of trust among hackers”. Global Crime, 17(2), 129–151. Online:

Dupont, B., Côté, A. M., Boutin, J. I., & Fernandez, J. (2018). Darkode: Recruitment patterns and transactional features of “the most dangerous cybercrime forum in the world”. American Behavioral Scientist, 61(11), 1219-1243.

Dupont, B. & J. Lusthaus. (2021). “Countering Distrust in Illicit Online Networks : The Dispute Resolution Strategies of Cybercriminals”. Social Science Computer Review, Online:

Haslebacher, A., Onaolapo, J., Stringhini, G. (2017). “All your cards are belong to us: Understanding online carding forums”. In 2017 APWG symposium on electronic crime research (eCrime), 41–51. Online:

Herley, C. & D. Florencio. (2010). “Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy” In Moore, T., Pym, D., Ioannidis, C. (Eds.) Economics of Information Security and Privacy, 33-53. Online: 10.1007/978-1-4419-6967-5_3

Holt, T. J. (2013). “Examining the forces shaping cybercrime markets online”. Social Science Computer Review, 31(2), 165–177. Online:

Holt, T. J. & B. Dupont. (2018). “Exploring the Factors Associated With Rejection From a Closed Cybercrime Community”. International Journal of Offender Therapy and Comparative Criminology, 63(8), 1127‑1147. Online:

Holt, K. (2020). “As internet forums die off, finding community can be harder than ever.” Online:

Holt, T. J., Strumsky, D., Smirnova, O., & Kilger, M. (2012). Examining the social networks of malware writers and hackers. International Journal of Cyber Criminology, 6(1).

Holt, T., Smirnova, O., Chua, Y. T. (2016). “Exploring and estimating the revenues and profits of participants in stolen data markets”. Deviant Behavior, 37(4), 353–367. Online:

Holt, T. & E. Lampke. (2010). “Exploring stolen data markets online: Products and market forces”. Criminal Justice Studies, 23(1), 33–50. Online:

Kigerl, A. (2020). “Behind the Scenes of the Underworld: Hierarchical Clustering of Two Leaked Carding Forum Databases”. Social Science Computer Review. Online:

Lavigne, M. (2021). “C.E.I. (Communauté des États indépendants)”, Encyclopaedia Universalis. Online:

Leukfeldt, R., Kleemans, E., Stol, W. (2017). “Cybercriminal networks, social ties and online forums: Social ties versus digital ties within phishing and malware networks”. British Journal of Criminology, 57(3), 704–722. Online:

Luhrs, C. & L. McAnally-Salas. (2016). “Collaboration Levels in Asynchronous Discussion Forums: A Social Network Analysis Approach”. Journal of Interactive Online Learning, 14(1): 29-44.

Lusthaus, J. (2013). “How organised is organised cybercrime?” Global Crime, 14(1), 52–60. Online:

Lusthaus, J. (2019). “Beneath the dark web: Excavating the layers of cybercrime’s underground economy”. In 2019 IEEE European symposium on security and privacy workshops, 474–480. Online: 10.1109/EuroSPW.2019.00059

Madarie, R., Ruiter, S., Steenbeek, W., & Kleemans, E. (2019). “Stolen account credentials : An empirical comparison of online dissemination on different platforms”. Journal of Crime and Justice, 42(5), 551‑568. Online:

Montegiani, C. (2017). L’apprentissage social chez les pirates informatiques: Analyse de l’influence des relations d’entraide et de conflit sur le processus d’apprentissage. Université de Montréal. Online:

Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G. (2011). “An analysis of underground forums”. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement, 71-80. Online:

Rafaeli, S. (1984). “The Electronic Bulletin Board: A Computer-Driven Mass Medium”. Social Science Micro Review, 2(3): 123-136. Online:

Reuter, P. (1983). “Disorganized crime: The economics of the visible hand”. MIT Press.

Shakarian, J., Gunn, A. T., & Shakarian, P. (2016). Exploring malicious hacker forums. In Cyber deception (pp. 259-282). Springer, Cham.

Yip, M., Shadbolt, N., Webber, C. (2013). “Why forums? An empirical analysis into the facilitating factors of carding forums”. In Proceedings of the 5th annual ACM web science conference, 453-462. Online: