快猫短视频

Thought police: Spotting cyber criminals before they break the law

Hackers regularly purchase malware online for carrying out cyber-attacks, but a new system could automatically spot those considering doing so before they do it
A child at a computer
It may be possibly to automatically spot people looking for malware online
Maskot / Alamy

The internet can seem a lawless place. But a new technique for could help police intervene before people do something illegal.

Big cyberattacks like the NotPetya ransomware that hit countries around the world in 2017 grab the headlines. But cybercrime is a constant problem, with many smaller attacks carried out by people with little technical know-how using malware traded online. Building and selling these cyberweapons has become an easy money-spinner for criminal organisations.

The perceived lack of policing online and the ease with which malware can be downloaded mean that the use of hacking tools that let you carry out 肠测产别谤听补迟迟补肠办蝉 is now spreading even , according to at least one study.

Alice Hutchings, Sergio Pastrana and their colleagues at the University of Cambridge want to identify individuals who may be thinking of buying such malicious software and intervene to stop them from doing something they may regret.

The team used natural language processing software to analyse conversations on Hackforums, a site with around 3 million users. 鈥淚t鈥檚 probably the largest English-speaking underground forum,鈥 says Pastrana.

They started with a database of 113 individuals that were previously identified as being involved with cybercrime, and looked for other forum users who showed similar patterns of activity.

By analysing the conversations of those users automatically, looking for discussions about malware and hacking tools, they were able to narrow down the list of potential offenders to those most likely to engage in criminal activity. Where conversations took place was also a factor. For example, posts in groups about hacking or trading slightly increased the likelihood and posts in groups about gaming slightly decreased it.

The team was able to identify a further 80 individuals who would become involved in cybercrime, with no false positives. It鈥檚 possible that some fell through the net, however. It鈥檚 hard to say if we found everybody without examining the entire forum by hand, says Pastrana. The team is working to address this.

The researchers looked at 10 years of data from 250,000 users. This completely changes how criminologists work, says Hutchings. 鈥淚t would have been a lifetime鈥檚 work to manually code the data.鈥

Automatic snoopers

The team plans to share their database with other researchers. But Hutchings is also collaborating with the UK National Crime Agency to help shape its response to cybercrime. Given the widespread use of hacking tools among young people, the Home Office has said that it would rather intervene than prosecute where possible. This makes it important to spot potential criminal activity early.

When individuals are identified, they might receive a written warning or a home visit from a police officer. Sometimes people do not even realise what they are doing is criminal, says Hutchings. 鈥淚t might just be a teenager who wants to use malware to take down an opponent in an online game.鈥

When the UK鈥檚 National Crime Agency began tackling cybercrime it was surprised聽just how聽young many of the creators of hacking tools were. 鈥淲hen we started arresting the individuals who were developing the malicious software it transpired that a disproportionate amount of them were not just young but ridiculously young 鈥 a lot of them were under 20,鈥 says Greg Francis at the NCA鈥檚 National Cyber Crime Unit Prevent team.

Of course, snooping on online activity comes with ethical baggage. Hutchings notes that Hackforums is public and that users have pseudonyms. What鈥檚 more, forum users know they are being watched. When the team published a paper about their cybercriminal database it was discussed on the forum.

There鈥檚 only so much you can learn by tracking conversations carried out in public, as a common pattern is for chat to move to private channels once introductions have been made on the main forum. 鈥淚鈥檇 be very interested what happens privately but that creates additional ethical issues,鈥 says Hutchings.

The team presented at the International Symposium on Research in Attacks, Intrusions and Defenses in Heraklion, Crete, earlier this month.

Topics: cyberattacks / Hacking / Technology