达莉亚·马纳托娃与让·坎普_关系重要重构勒索软件团伙的组织与社会结构.pdf

1、#BHUSA BlackHatEventsRelationships Matter:Reconstructing the Organizational and Social Structure of a Ransomware GangSpeaker(s):Dalya Manatova and L Jean CampIndiana University#BHUSA BlackHatEventsL Jean CampProfessor,IUFellow,IEEEFellow,ACMFellow,AAASWe areDalya ManatovaDoctoral ResearcherOstrom Fe

2、llowIndiana University#BHUSA BlackHatEventsModern eCrimeAttackers are described asExcitingArtistsInnovativeAnonymousReputation&profit maximizing#BHUSA BlackHatEventsIs OrganizedeCrime as a service is a commodityBoringCoordinatedStandardizedBrandedResilience maximizing#BHUSA BlackHatEventseCrimerime

3、“communities”“communities”Have their own social systemFriendships natural connectionsHierarchies-connections imposed by the structureReputations social validationPatterns of communication actual behaviors of interaction#BHUSA BlackHatEventseCrimerime “communities”“communities”SpecializeTend to clust

4、er in specific forumsBy topicBy type of crimeBy languageCrime type clusters in a diverse underground forum#BHUSA BlackHatEventsWe know that We know that eCrimerime “communities”“communities”Tend to treat forums as marketplacesExamples of arbitration threads in a Russian forum(translated)Source:#BHUS

5、A BlackHatEventseCrime “Communities”“Communities”ffffff.OrganizationsOrganizationsAre organizations with RolesTasksScaleScopeSocial networksResilience-ability to adapt to the environmentSource:#BHUSA BlackHatEventsTools&Techniques for Understanding Sustainable eCrimeLinguisticSocialOrganizationalYou

6、r attack chain is their task management#BHUSA BlackHatEventsCybercrime groups are business organizations.So,lets study them as such#BHUSA BlackHatEventsStrategicResilienceOperationalResilienceH.Tosi,Theories of Organization.SAGE 2006Formal or informal guidelines for actions Acceptable(or not)behavio