Discover Patterns of Life and Activity in Hacker Forums

Presented by

Christopher Ahlberg, Chief Executive Officer, Recorded Future

About this talk

Cyber criminals, hacktivists, and the occasional state actor tend to congregate in underground forums and come in many forms, but often focus geographically and linguistically, as well as stick to certain areas — carding, reverse engineering, hacking, etc. In this webinar Recorded Future CEO and Co-Founder Christopher Ahlberg will share an analysis of a very large corpus of forum posts from the surface and deep Web spanning more than three years — including forums originating in the United States, Russia, Palestine/Gaza, Ukraine, Iran, China (in local language), and more. Based on this corpus we establish a series of patterns of actor behavior that can be used for targeting illicit behavior and actors, establish research pivot points, and detect actor focus on products, technologies, and vulnerabilities. The analysis will lay out techniques for how to analyze forum and actor behavior based on meta data analysis, without detailed human analysis of individual messages/posts. Christopher will also demonstrate how we can use natural language processing, temporal pattern analysis, social network analysis, and other techniques to establish patterns both inside and across forums (tracking actor traversals of the Web), and crossing boundaries of the clear/deep/dark Web. This exclusive presentation will cover: * Description of the large, specially collected corpus. * Message analysis techniques. * Established patterns of life and patterns of message traffic in forums. * Comparing hacker groups by geography and by their interests and behaviors. * Visualization techniques for pattern analysis. * Techniques for tracking evolutions of vulnerabilities, exploits, and exploit kits across forums. A sample pattern (along with many others) that we'll demonstrate is how in a high-value, private hacker forum, the classic Patch Tuesday/Exploit Wednesday pattern is alive and well — with traffic spiking on Wednesdays, post Tuesday patch releases.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (60)
Subscribers (16986)
Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources and provides invaluable context that’s delivered in real time and packaged for human analysis or instant integration with existing security technology.