Spartan Devils Chapter Status Report 2009-2011

ORGANIZATION

1. In 2008, our chapter formed with members of the former Charlotte, NC chapter: Thomas J. Holt (Michigan State University), Gail Ahn (Arizona State University), and Max Kilger. We also added Lance James to this new chapter to get his unique insights.

2. This is also the current roster of members in our chapter.

DEPLOYMENTS

1. Our chapter is somewhat unique in that we are interested in understanding the attacker community using both social science research practices and information technology. To that end, Tom created an open-source research laboratory at Michigan State to examine the global hacker community staffed by students and faculty. At this point we are attempting to establish and deploy Honeynet infrastructures at Arizona State University and Michigan State University.

2. Thus far, we have identified over 50 websites involved in the sale and distribution of malware and stolen data across the globe using the open source laboratory. We are beginning to develop research reports on these various communities across the globe and better understand how they intersect.

RESEARCH AND DEVELOPMENT
1. Max Kilger and Tom Holt are currently working on a project to examine the attitudinal and behavioral predictors for participation in political attacks against their home country and foreign governments using college samples. We are also developing relationships with the Taiwan and Italian Chapters to create a truly international sample of participants. Anyone interested in joining this project should contact either Tom or Max for further detail.

Tom Holt also received a grant from the National Institute of Justice to examine the market for stolen data using a sample of Russian web forums. This project is designed to understand the current market for and operating practices of the carding community.

2. We have not developed any distinctive analysis tools at the moment.

3. We are very interested in developing collaborative research relationships with any chapters interested in examining both the social and technical aspects of cyberattacks.

4. Specifically, we are interested in expanding and testing various theories with international samples and would like to develop collaborative projects with various chapters to examine the hacker communities in their nations using data from forums, blogs, and other on-line communications tools.

FINDINGS

1. We identified the network structure of the Russian hacker community using data generated from LiveJournal blogs, and found that the most skilled and proficient actors were centrally located and distributed throughout the larger network of peers. This may account for the rapid dissemination of ideas across the community. In addition, there appear to be few ways to statistically identify high skilled actors based on expressed interests in malware or hacking concepts. The preliminary findings were presented at Defcon 17 and the presentation can be viewed or streamed from http://www.defcon.org/html/links/dc-archives/dc-17-archive.html

2. In addition, we have identified a wide range of malware and carding sites and have begun an analysis of various sites to understand the economics, subculture, and social organization of the underground. For an example of some of this research, you can stream presentations by Tom Holt on the economics of cyberattack or Max Kilger’s thoughts on the underground from the 2011 Cyber Infrastructure Protection conference in New York City at http://www.totalwebcasting.com/view/?id=ccnygsoe

3. Thus far, we are seeing some interesting changes in the quantity of malware, including exploit kits available on-line, and an increase in the amount of dumps and account data sold.

4. We are using social science research techniques and tools, including SPSS for quantitative analyses and grounded theory analysis techniques for qualitative analyses of data.

5. Our analysis techniques are generating interesting findings from a social science point of view, though we need to establish our Honeynet infrastructure.

PAPERS AND PRESENTATIONS

1. We have published and presented various academic papers, and are preparing a presentation for the Defcon 2011 conference on our preliminary findings of the unique predictors of civilian participation in attacks against government targets.

2. If any chapters are interested in expanding their analyses through the use of social science research principals, we would be happy to collaborate.

3. Selected Presentations/Publications

Holt, Thomas J. 2011. “Examining the Language of Carders.” Pp. 127-143 in Corporate Hacking and Technology Drive Crime: Social Dynamics and Implications, Thomas J. Holt and Bernadette Schell, eds. Hershey PA: IGI-Global.

Holt, Thomas J. and Bernadette Schell. Editors. 2011. Corporate Hacking and Technology Driven Crime: Social Dynamics and Implications. Hershey, PA: IGI Global Publishers.

Holt, Thomas J. Editor . 2010. Crime On-Line: Correlates, Causes, and Context. Chapel Hill, NC: Carolina Academic Press.
Taylor, Robert W., Eric J. Fritsch, John Liederbach, and Thomas J. Holt. 2010. Digital Crime and Digital Terror, 2nd Edition. Upper Saddle River, NJ: Pearson Prentice Hall.

Holt, Thomas J., and Eric Lampke. 2010. “Exploring stolen data markets on-line: Products and market forces.” Criminal Justice Studies 23: 33-50.

Holt, Thomas J. 2010. “Leveraging Open Source and Unclassified Research For Tactical and Strategic Applications.” Invited presentation at the U.S. Department of Defense European Command Information Assurance Conference, Stuttgart, Germany, February 24, 2010.

Chu, Bill, Thomas J. Holt, and Gail Joon Ahn. 2009. “Examining the creation, distribution, and function of malware on-line.” National Institute of Justice.

Holt, Thomas J. 2009. “Understanding the Market for Malware and Stolen Data.” Invited presentation at John Jay School of Criminal Justice, October 16, 2009.

Holt, Thomas J., Max Kilger, Deborah Strumsky, and Olga Smirnova. 2009. “Identifying, Exploring, and Predicting Threats in the Russian Hacker Community.” Presented at the Defcon 17 Convention, Las Vegas, Nevada.

Holt, Thomas J. 2009. “The Attack Dynamics of Political and Religiously Motivated Hackers.” Proceedings of the Cyber Infrastructure Protection Conference, City University of New York. June 4-5, 2009.

GOALS

1. To establish a Honeynet infrastructure for malware analysis at ASU and MSU.

2. Develop a truly international research project examining the factors affecting individual participation in attacks against nation-states through the “cyberwarrior project.”

3. In the next year we hope to publish several articles and books based on our research.