Descriptive Analytics: Examining Expert Hackers in Web Forums

In recent years, understanding the people behind cybercrime from a hacker-centric perspective has drawn increased attention. Preliminary exploration in online hacker social dynamics has found that hackers extensively exchange information with others in online communities, including vulnerabilities, stolen data, etc. However, there is a lack of research that explores automated identification and characterization of expert hackers within online communities. In this research, we identify expert hackers and characterize their specialties by devising a scalable and generalizable framework leveraging two categories of features to analyze hacker forum content. The framework encompasses text analytics for key hacker identification and analysis. In the Text Analytics module, we employ an interaction coherence analysis (ICA) framework, to extract interactions among the users in hacker communities as topological feature. In Expert Identification & Analysis, we characterize each hacker with content features extracted with lexicon matching and structural features from the ICA component. Results reveal an interaction network and content-based clustering of key actors within the studied hacker community. Our project contributes to both social media analytics and cybersecurity research as we provide a complete analytical framework to analyze the key hackers from both an interaction network perspective and discussion content perspective. This framework can benefit cyber security researchers and practitioners by offering an inclusive angle for analyzing hacker social dynamics.