Spartan Devils Honeynet Project- Chapter Status Report for 2013

ORGANIZATION

1. In 2008, our chapter formed with members of the former Charlotte, NC chapter: Thomas J. Holt (Michigan State University), Gail Ahn (Arizona State University), and Max Kilger. We also added Lance James to this new chapter to get his unique insights.

2. This is also the current roster of members in our chapter.

DEPLOYMENTS

1. Our chapter is somewhat unique in that we are interested in understanding the attacker community using both social science research practices and information technology. To that end, Tom created an open-source research laboratory at Michigan State to examine the global hacker community staffed by students and faculty. At this point we are attempting to establish and deploy Honeynet infrastructures at Arizona State University and Michigan State University.

2. Thus far, we have identified over 50 websites involved in the sale and distribution of malware and stolen data across the globe using the open source laboratory. We are beginning to develop research reports on these various communities across the globe and better understand how they intersect.

RESEARCH AND DEVELOPMENT

1. Max Kilger and Tom Holt are currently working on a papers based around analyses of the attitudinal and behavioral predictors for participation in political attacks against their home country and foreign governments using college samples.
Tom Holt is continuing to develop papers and presentations based on his funded grant from the National Institute of Justice to examine the market for stolen data using a sample of Russian web forums. This project is designed to understand the current market for and operating practices of the carding community. The final report for this project should be published on-line in the next two months.

2. We have not developed any distinctive analysis tools at the moment.

3. We are very interested in developing collaborative research relationships with any chapters interested in examining both the social and technical aspects of cyberattacks.

4. Specifically, we are interested in expanding and testing various theories with international samples and would like to develop collaborative projects with various chapters to examine the hacker communities in their nations using data from forums, blogs, and other on-line communications tools.

FINDINGS

1. We have identified a wide range of malware and carding sites and have begun an analysis of various sites to understand the economics, subculture, and social organization of the underground. For an example of some of this research, you can view some of the recent publications in Global Crime or Social Science Computer Review.

2. Thus far, we are seeing some interesting changes in the quantity of malware, including exploit kits available on-line, and an increase in the amount of dumps and account data sold.

3. We are using social science research techniques and tools, including SPSS for quantitative analyses and grounded theory analysis techniques for qualitative analyses of data.

4. Our analysis techniques are generating interesting findings from a social science point of view, though we need to establish our Honeynet infrastructure.

PAPERS AND PRESENTATIONS

1. We have published and presented various academic papers, and are preparing an interdisciplinary research conference to be held at MSU on March 20, 2014 to promote greater collaboration between the social and technical sciences.

2. If any chapters are interested in expanding their analyses through the use of social science research principals, we would be happy to collaborate.

3. Selected Presentations/Publications

Holt, Thomas J., Olga Smirnova, and Yi-Ting Chua. 2013. "An exploration of the factors affecting the advertised price for stolen data." Proceedings of the eCrime Research Summit, September 17-18, 2013. http://ecrimeresearch.org/events/eCrime2013/accepted

Holt, Thomas J., and Adam M. Bossler. 2013. “Examining the Relationship Between Routine Activities and Malware Infection Indicators.” Journal of Contemporary Criminal Justice, 29: 420-436.

Kilger, Max. 2013. The future of emerging cyberthreats and the potential effects on commerce and national security. Congresso Seguridad en Computo 2013. November 14, 2013. Mexico City, Mexico. https://congreso.seguridad.unam.mx/2013/conferencias/index.html

Holt, Thomas J. 2013. “Exploring the social organization and structure of stolen data markets.” Global Crime, 14: 155-174.

Holt, Thomas J. 2013. "Exploring the Phenomena of Civilian Cyber-warriors." Invited Presentation at the TSAS Canadian Network for Research on Terrorism, Security, and Society Conference, Ottawa, Ontario, Canada, May 3, 2013. http://tsas.sites.olt.ubc.ca/files/2013/05/Abstract-Day-2.pdf

Holt, Thomas J., and Bernadette Schell. 2013. Hackers and Hacking: A Reference Handbook. Santa Barbara, CA: ABC-CLIO, LLC.

GOALS
1. To establish a Honeynet infrastructure for malware analysis at ASU and MSU.

2. Pursue additional interdisciplinary research proposals centered around honeynet-based resources for submission to federal agencies to increase the profile of the project generally.

3. we hope to continue to publish several articles and books based on our research.

Groups:
• Spartan Devils Chapter