An Argument for Linguistic Expertise in Cyberthreat Analysis: LOLSec in Russian Language eCrime Landscape

Abstract

In this position paper, we argue for a holistic perspective on threat analysis and other studies of state-sponsored or state-aligned eCrime groups. Specifically, we argue that understanding eCrime requires approaching it as a sociotechnical system and that studying such a system requires combining linguistic, regional, professional, and technical expertise. To illustrate it, we focus on the discourse of the Conti ransomware group in the context of the Russian invasion of Ukraine. We discuss the background of this group and their actions and argue that the technical approach alone can lose the important aspects specific to the cultural and linguistic context, such as language, slang and humor. We provide examples of how the discourse and threats from such groups can be easily misunderstood without appropriate linguistic and domain expertise.