The winning formula

In July, coordinated law enforcement efforts in 20 countries, including the US and the UK, scored a notable success against the global cybercrime marketplace when the computer hacking forum known as Darkode was ‘taken down’.

“Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the US and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said US Attorney David Hickton at the time.

The FBI’s Deputy Director Mark Giuliano described the global operation, codenamed Shrouded Horizon, as a milestone in their efforts to “shut down criminals’ ability to buy, sell and trade malware, botnets and personally identifiable information” used to steal from individuals around the world.

It represented the largest joint international law enforcement effort ever directed at an online cyber-criminal forum, with more than 12 ‘associates’ arrested.

“Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers, which was believed by many, including the hackers themselves, to be impenetrable,” added US Attorney Hickton.

Darkode was an online, password-protected forum in which hackers and other cybercriminals convened to buy, sell, trade and share information, ideas and tools to carry out unlawful intrusions on computers and electronic devices.

Before becoming a member of Darkode, prospective members were allegedly vetted through a process in which an existing member invited a prospective member to the forum for the purpose of presenting the skills or products that he or she could bring to the group. Darkode members supposedly used each other’s skills and products to infect computers and electronic devices of victims around the world with malware and thereby gain access to, and control over, those devices.

Crucial to the success of Operation Shrouded Horizon, which was supported by Europol’s European Cybercrime Centre (EC3), was the FBI’s infiltration of the Darkode’s membership.

Researchers in the US have been using social network analysis tools to better understand the activity of cybercrime forums and conclude the key to “taking down these online criminal masterminds”, as illustrated by Operation Shrouded Horizon, is “understanding how they organise and where to squeeze them”.

They broke down several years’ worth of conversations between members of four cybercrime forums that were anonymously made public a few years ago to identify these ‘pressure points’.

Vaibhav Garg, PhD, part of the research team at the US Drexel University’s Privacy, Security and Automation Lab (PSAL), explained: “We tried to answer the question ‘what does organised crime really mean in cyberspace?’ To understand how criminals are ‘organised’ with people halfway around the world.”

Using six centrality-finding formulas, the variations of which are part of the algorithms running Google’s search engine, Klout’s ranking system (that uses social media analytics to rank its users according to online social influence) and Facebook’s analytics, the team produced visual representations of the forums’ organisation.

The formulas measure the relative connectedness of any one member in a network to other members. On the internet a higher score in these analyses might mean a higher page ranking in a Google search. Among social networks, it could equate to a better Klout score.

In a cybercrime forum, the researchers said it could point out the leaders. The calculation tallies the number of people a person is directly linked to via a conversation or a transaction. More connected cybercriminals hold a great deal of power in cybercrime forums because they are able to interact directly with a number of other members without going through an intermediary, said the research team. Adding another person to an interaction begins to erode trust – and in a forum where people are operating anonymously, trust is a commodity in short supply.

“The main challenge to cybercrimin