Print Email Facebook Twitter Measuring Cybercrime as a Service (CaaS) Offerings in a Cybercrime Forum Title Measuring Cybercrime as a Service (CaaS) Offerings in a Cybercrime Forum Author Akyazi, U. (TU Delft Organisation & Governance) van Eeten, M.J.G. (TU Delft Organisation & Governance) Hernandez Ganan, C. (TU Delft Organisation & Governance) Date 2021 Abstract The emergence of Cybercrime-as-a-Service (CaaS) is a critical evolution in the cybercrime landscape. A key area of research on CaaS is where and how the supply of CaaS is being matched with demand. Next to underground marketplaces and custom websites, cybercrime forums provide an important channel for CaaS suppliers to attract customers. Our study presents the first comprehensive and longitudinal analysis of types of CaaS supply and demand on a cybercrime forum. We develop a classifier to identify supply and demand for each type and measure their relative prevalence and apply this to a dataset spanning 11 years of posts on Hack Forums, one of the largest and oldest ongoing English-language cybercrime forum on the surface web. Of 28 known CaaS types, we only found evidence for only 9 of these in the forum.We saw no dramatic shifts in these offerings over time, not even after major underground marketplaces were being seized by law enforcement. Around 16% of first posts of the threads in the ‘Market’ section of the forum offers CaaS, whereas only 3% is focused on product-type criminal offerings. Within the types of CaaS, ‘bot/botnet as a service’, ‘reputation escalation as a service’ and ‘traffic as a service’ categories make up the majority (over 60%) for whole period in terms of both supply and demand. At least half of each CaaS offerings directs potential buyers to an instant messaging app or private message for transacting privately. In sum, we find that forums do in fact provide a channel for CaaS supply and demand to meet, but we see only a fraction of the CaaS landscape and there is no evidence in our data for the supposed growth of CaaS over time. We reflect on the implications of our findings for developing effective disruption strategies by law enforcement. Subject Cybercrime as a ServiceCaaSCybercrime ForumMachine LearningNatural Language Processing To reference this document use: http://resolver.tudelft.nl/uuid:01cb117a-339c-42e9-9691-8456a12e3947 Event Workshop on the Economics of Information Security, 2021-06-28 → 2021-06-29 Part of collection Institutional Repository Document type conference paper Rights © 2021 U. Akyazi, M.J.G. van Eeten, C. Hernandez Ganan Files PDF WEIS2021_Measuring_CaaS_O ... _Forum.pdf 1.32 MB Close viewer /islandora/object/uuid:01cb117a-339c-42e9-9691-8456a12e3947/datastream/OBJ/view