DeepAI AI Chat
Log In Sign Up

HackerScope: The Dynamics of a Massive Hacker Online Ecosystem

by   Risul Islam, et al.

Authors of malicious software are not hiding as much as one would assume: they have a visible online footprint. Apart from online forums, this footprint appears in software development platforms, where authors create publicly-accessible malware repositories to share and collaborate. With the exception of a few recent efforts, the existence and the dynamics of this community has received surprisingly limited attention. The goal of our work is to analyze this ecosystem of hackers in order to: (a) understand their collaborative patterns, and (b) identify and profile its most influential authors. We develop HackerScope, a systematic approach for analyzing the dynamics of this hacker ecosystem. Leveraging our targeted data collection, we conduct an extensive study of 7389 authors of malware repositories on GitHub, which we combine with their activity on four security forums. From a modeling point of view, we study the ecosystem using three network representations: (a) the author-author network, (b) the author-repository network, and (c) cross-platform egonets. Our analysis leads to the following key observations: (a) the ecosystem is growing at an accelerating rate as the number of new malware authors per year triples every 2 years, (b) it is highly collaborative, more so than the rest of GitHub authors, and (c) it includes influential and professional hackers. We find 30 authors maintain an online "brand" across GitHub and our security forums. Our study is a significant step towards using public online information for understanding the malicious hacker community.


page 1

page 3


SourceFinder: Finding Malware Source-Code from Publicly Available Repositories

Where can we find malware source code? This question is motivated by a r...

Eight Years of Rider Measurement in the Android Malware Ecosystem: Evolution and Lessons Learned

Despite the growing threat posed by Android malware, the research commun...

Issued for Abuse: Measuring the Underground Trade in Code Signing Certificate

Recent measurements of the Windows code-signing certificate ecosystem ha...

A Benchmark Comparison of Python Malware Detection Approaches

While attackers often distribute malware to victims via open-source, com...

Optimizing Away JavaScript Obfuscation

JavaScript is a popular attack vector for releasing malicious payloads o...

Lifting The Grey Curtain: A First Look at the Ecosystem of CULPRITWARE

Mobile apps are extensively involved in cyber-crimes. Some apps are malw...

Marked for Disruption: Tracing the Evolution of Malware Delivery Operations Targeted for Takedown

The malware and botnet phenomenon is among the most significant threats ...