Honour among thieves: the study of a cybercrime marketplace in action

  Someone programming a website in HTML  Credit: Mika Baumeister on Unsplash

Researchers at the Cambridge Cybercrime Centre have revealed what they’ve learned from analysing hundreds of thousands of illicit trades that took place in an underground cybercrime forum over the past two years.

Having seen a large rise in illegal transactions during the first national lockdown last spring, the researchers will warn at a workshop this afternoon that the second lockdown is likely to result in another surge in cybercrime activities. But they will also be offering insights on how such activity can be disrupted.

The researchers have been collecting the data on illicit trades from HackForums – the world’s largest and most popular online cybercrime community. Two years ago, it set up a market where contracts had to be logged for all transactions as an attempt to protect members of the community from scamming and frauds.

The contract system was introduced in 2018, and then made mandatory in spring 2019, for all market users. It logged all the illicit buying and selling of – among other things – malicious software (malware), currencies including Bitcoin and gift vouchers, eWhoring ‘packs’ (e.g. of photos and videos with sexual content), hacking tutorials and tools that allow users illegally to access or control remote servers.   

Ironically, HackForums had introduced the contract logging system in response to its members’ concerns that trades were being abused and they were being scammed. But in doing so, it unwittingly lifted the lid on the way such underground markets operate.

The data the contract logging generated has been collected by researchers here. And after analysing it and using statistical modelling approaches, the researchers have been able to shed important new light on the way a cybercrime market operates, hopefully to the benefit of the security community.

The researchers watched the market initially function as a forum where many individual users conducted one-off transactions. Then it changed. As the contract system became mandatory, within a few months, the market was becoming concentrated around a small group of ‘power-users’ offering goods and services that were attractive to many.

“This small group of users – representing about 5 per cent of all users – are involved in around 70 per cent of all the transactions,” said Anh Vu, a research assistant in the Cambridge Cybercrime Centre and co-author of the paper the Centre has just produced, Turning Up the Dial: the Evolution of a Cybercrime Market through Set-up, Stable, and Covid-19 Eras’ .

Read the full story

Image: Someone programming a website in HTML

Credit: Mika Baumeister on Unsplash

Reproduced courtesy of the University of Cambridge


The University of Cambridge is acknowledged as one of the world's leading higher education and research institutions. The University was instrumental in the formation of the Cambridge Network and its Vice- Chancellor, Professor Stephen Toope, is also the President of the Cambridge Network.

University of Cambridge (cam.ac.uk)