Dissecting Hacker Behaviors in Online Communities and the Threats that They Pose

Project: Research

View graph of relations

Description

Although modern organizations consider the management of risks to information security to be a critical issue, IT security professionals in the front-line often lack clear ideas about the nature of the threats that they face. These days, firms carry an immense burden of preventing information security breaches as attacks are increasingly sophisticated and multifaceted, and understanding these threats is the first major step in the management of information security risks. Given that hackers routinely share attack techniques and tools online, it is interesting to find out whether hacker forums represent a good resource for firms in learning more about the security threats. Also, observing activities in hacker forums could improve understanding of the type of attack information being shared online, the characteristics of the people who share the information and to what degree their knowledge constitutes real risks to firms.The objective of this project is two-fold: to shed more lights on the inner workings of the hacker forums and to study whether the information shared in the online forums translates into real risks for firms. The research requires extensive effort in collecting data from hacker forums, and communicating with corporate IT security professionals to gauge the nature of the threats encapsulated in the messages posted in hacker forums. Following the IT security risk management framework (Stoneburner, Goguen and Feringa, 2002), a comprehensive approach is designed to answer the question of whether online hacker forums pose security risks to firms. The approach focus on the two critical factors in threat analysis typically seen in IT security risk management – threat source (message author) and threat action (message content) – decipher how each of these factors would impact the actual level of risks faced by firms.Understanding these issues is critical for firms in formulating effective protection strategies. First, the significance of information disseminated through hacker forums is illustrated. The types of authors who would potentially pose the highest level of risks to firm are also identified. The overall threat sources and threat actions observed in the study can also help firms to better understand the nature of the risks faced. These insights are critical as they could serve as inputs in formulating risk mitigation strategies. Finally, the framework designed in the study presents a first attempt to investigate how security firms or professional organizations can rely on online hacker forums to monitor risks.

Detail(s)

Project number9041721
Grant typeGRF
StatusFinished
Effective start/end date1/01/1230/09/14