HackerScope: The Dynamics of a Massive Hacker Online Ecosystem

by   Risul Islam, et al.

Authors of malicious software are not hiding as much as one would assume: they have a visible online footprint. Apart from online forums, this footprint appears in software development platforms, where authors create publicly-accessible malware repositories to share and collaborate. With the exception of a few recent efforts, the existence and the dynamics of this community has received surprisingly limited attention. The goal of our work is to analyze this ecosystem of hackers in order to: (a) understand their collaborative patterns, and (b) identify and profile its most influential authors. We develop HackerScope, a systematic approach for analyzing the dynamics of this hacker ecosystem. Leveraging our targeted data collection, we conduct an extensive study of 7389 authors of malware repositories on GitHub, which we combine with their activity on four security forums. From a modeling point of view, we study the ecosystem using three network representations: (a) the author-author network, (b) the author-repository network, and (c) cross-platform egonets. Our analysis leads to the following key observations: (a) the ecosystem is growing at an accelerating rate as the number of new malware authors per year triples every 2 years, (b) it is highly collaborative, more so than the rest of GitHub authors, and (c) it includes influential and professional hackers. We find 30 authors maintain an online "brand" across GitHub and our security forums. Our study is a significant step towards using public online information for understanding the malicious hacker community.



There are no comments yet.


page 1

page 3


SourceFinder: Finding Malware Source-Code from Publicly Available Repositories

Where can we find malware source code? This question is motivated by a r...

Eight Years of Rider Measurement in the Android Malware Ecosystem: Evolution and Lessons Learned

Despite the growing threat posed by Android malware, the research commun...

Issued for Abuse: Measuring the Underground Trade in Code Signing Certificate

Recent measurements of the Windows code-signing certificate ecosystem ha...

Optimizing Away JavaScript Obfuscation

JavaScript is a popular attack vector for releasing malicious payloads o...

A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth

Illicit crypto-mining leverages resources stolen from victims to mine cr...

Lifting The Grey Curtain: A First Look at the Ecosystem of CULPRITWARE

Mobile apps are extensively involved in cyber-crimes. Some apps are malw...

Emulating malware authors for proactive protection using GANs over a distributed image visualization of dynamic file behavior

Malware authors have always been at an advantage of being able to advers...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.