Profiling underground merchants based on network behavior

Srikanth Sundaresan, Damon McCoy, Sadia Afroz, Vern Paxson

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Online underground forums serve a key role in facilitating information exchange and commerce between gray market or even cybercriminal actors. In order to streamline bilateral communication to complete sales, merchants often publicly post their IM contact details, such as their Skype handle. Merchants that publicly post their Skype handle potentially leak information, since Skype has a known protocol flaw that reveals the IP address(es) of a user when they are online. In this paper, we collect Skype handles of merchants from three underground forums-AntiChat, BlackHat World and Hack Forums-and longitudinally monitor their network behavior. Our analysis of their network behavior provides a rich profile of their likely locations, network behavior, work habits, and other dynamics. In particular, we show that these merchants do not frequently use VPN services, and even when they do, they often leak their likely geolocation by also directly using residential and cellular IP addresses.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 2016 APWG Symposium on Electronic Crime Research, eCrime 2016
    PublisherIEEE Computer Society
    Pages62-70
    Number of pages9
    ISBN (Electronic)9781509029228
    DOIs
    StatePublished - Jun 8 2016
    Event2016 APWG Symposium on Electronic Crime Research, eCrime 2016 - Toronto, Canada
    Duration: Jun 1 2016Jun 3 2016

    Publication series

    NameeCrime Researchers Summit, eCrime
    Volume2016-June
    ISSN (Print)2159-1237
    ISSN (Electronic)2159-1245

    Other

    Other2016 APWG Symposium on Electronic Crime Research, eCrime 2016
    CountryCanada
    CityToronto
    Period6/1/166/3/16

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Computer Science Applications
    • Information Systems
    • Information Systems and Management

    Fingerprint Dive into the research topics of 'Profiling underground merchants based on network behavior'. Together they form a unique fingerprint.

  • Cite this

    Sundaresan, S., McCoy, D., Afroz, S., & Paxson, V. (2016). Profiling underground merchants based on network behavior. In Proceedings of the 2016 APWG Symposium on Electronic Crime Research, eCrime 2016 (pp. 62-70). [7487943] (eCrime Researchers Summit, eCrime; Vol. 2016-June). IEEE Computer Society. https://doi.org/10.1109/ECRIME.2016.7487943