Cybercriminal network disruption

Dark Net Markets (DNMs) enable the sale of illegal goods and services online, including but not limited to drugs and narcotics, firearms, stolen or cloned credit cards, banking, and personal information, and cybercriminal services such as spam, malware, botnets, etc. These online marketplaces are now often privileged over offline ones for illegal trade, due to the increased range of products, reduced prices, and protection from violence and threats they offer to buyers, and the anonymity and financial opportunities they provide to vendors and administrators. Law Enforcement have therefore been charged with disrupting them and reducing these illegal trades, helped by industry and non-profits sharing complementary intelligence and findings. As well as shutting down platforms by removing their technical infrastructure and arresting participants, Law Enforcement at the local, national, and international levels have used slander and Sybil operations, aimed at instilling mistrust between DNM users by respectively leaving false feedback to vendors and making fake reputable accounts default on their trades. However, unlike the other aforementioned operations, no empirical research has yet been undertaken on the effectiveness of these slander and Sybil strategies.

The main objectives of this project are therefore to understand and model potential DNM users' responses to these disruption operations. This research will combine 1) interviews with Law Enforcement agents, industry, and non-profit experts about their experiences of several disruption operations, 2) an analysis of forum data spanning several years and forums, including the types of disputes that arise between participants and their resolution (or lack thereof), and 3) laboratory experiments, never before used in the field of cybercrime, which replicate online criminal marketplaces in order to test these operations' respective effectiveness in a scientific and controlled environment.

This project builds upon already-existing literature about the functioning of cybercriminal networks, their organisation and trust patterns, and their potential disruption methods, including theories of criminology, sociology, business, and economics. It is part of the EPSRC Cyber Security Theme along with Sociology.

This project is supervised by Dr Jonathan Lusthaus and Prof Federico Varese in the Department of Sociology at the University of Oxford. Cisco was also involved in the experimental portion of the thesis from January to December 2019.

It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:

* The IT industry; vendors of hardware and software, and within this the IT Security industry;

* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;

* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;

* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;

* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;

* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.

Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.