Online Hacking Forums

Primary Contributors:

Dr. Richard Frank
Alexander Mikhaylov

The emergence of the internet as a global, borderless communication platform has afforded a wide range of social and economic opportunities to people throughout the world. Criminals have exploited the ability to communicate instantaneously around the globe to facilitate cross- jurisdictional cyber-fraud and subsequently, online money laundering. Coordinating international fraud and money laundering schemes requires a medium of communication, such as online hacking and carding forums, where offenders meet to exchange information and to engage in their illegal business.

Online forums serve two functions: facilitating the exchange of information and acting as a marketplace. Several studies have taken a language-specific perspective, as Russian-speaking offenders have consistently been implicated in cybercrime. Online communities that can be accessed from anywhere in the world have the potential to have widely varying “user bases”, and online Russian-language social networks that are dedicated to trading stolen credentials remain understudied.

Project 1: An Analysis of Russian Hacking and Carding Forums

This study undertook an analysis of two large Russian-speaking hacking and carding forums (i.e., 1,530,404 posts and 468,827 posts) by analyzing the contexts of keyword usage. Here, publicly available forums were downloaded through software called the Open Discussion Forum Crawler (ODFC), and keywords of interest – pertaining to online money laundering – were extracted. Forums were located through searches using a Russian-language search engine, Yandex, by entering queries such as “buy dumps CC.” One of the forums hosted discussions on topics such as programming, exploits, and affiliate programs, while the other forum included topics such as digital currencies, money laundering, and illegal business.

Findings indicate that cyber-fraudsters are primarily interested in cashing out digitally stolen funds and do so mainly by resorting to the services of money mules and virtual casinos (see Figure 1). Cybercriminals need to cash out stolen funds in order to integrate them within the financial system under their own name. Online gambling is a perfect opportunity for money laundering, since many virtual casinos exist throughout different jurisdictions worldwide, making the laundered money hard to trace. Money mules, or “drops” in carder jargon are people whose credentials are used in criminal schemes (e.g. to receive a money transfer of stolen funds). Cybercrime is inherently transnational, which makes it important to study foreign communities that may not be described in English language literature.

Figure 1. Breakdown of Posts in the Cashout Category

Relevant Publications:

Mikhaylov, A., & Frank, R. (2016). Cards, Money and Two Hacking Forums: An Analysis of Online Money Laundering Schemes. In Proceedings of the 2016 European Intelligence and Security Informatics Conference (EISIC).