康迪公司:利用机器学习了解大型勒索软件即服务运营商的内部讨论情况

IF 3.1 Q1 CRIMINOLOGY & PENOLOGY
Estelle Ruellan, Masarah Paquet-Clouston, Sebastián Garcia
{"title":"康迪公司:利用机器学习了解大型勒索软件即服务运营商的内部讨论情况","authors":"Estelle Ruellan, Masarah Paquet-Clouston, Sebastián Garcia","doi":"10.1186/s40163-024-00212-y","DOIUrl":null,"url":null,"abstract":"Ransomware-as-a-service (RaaS) is increasing the scale and complexity of ransomware attacks. Understanding the internal operations behind RaaS has been a challenge due to the illegality of such activities. The recent chat leak of the Conti RaaS operator, one of the most infamous ransomware operators on the international scene, offers a key opportunity to better understand the inner workings of such organizations. This paper analyzes the main discussion topics in the Conti chat leak using machine learning techniques such as Natural Language Processing (NLP) and Latent Dirichlet Allocation (LDA), as well as visualization strategies. Five discussion topics are found: (1) Business, (2) Technical, (3) Internal tasking/Management, (4) Malware, and (5) Customer Service/Problem Solving. Moreover, the distribution of topics among Conti members shows that only 4% of individuals have specialized discussions while almost all individuals (96%) are all-rounders, meaning that their discussions revolve around the five topics. The results also indicate that a significant proportion of Conti discussions are non-tech related. This study thus highlights that running such large RaaS operations requires a workforce skilled beyond technical abilities, with individuals involved in various tasks, from management to customer service or problem solving. The discussion topics also show that the organization behind the Conti RaaS operator shares similarities with a large firm. We conclude that, although RaaS represents an example of specialization in the cybercrime industry, only a few members are specialized in one topic, while the rest runs and coordinates the RaaS operation.","PeriodicalId":37844,"journal":{"name":"Crime Science","volume":null,"pages":null},"PeriodicalIF":3.1000,"publicationDate":"2024-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning\",\"authors\":\"Estelle Ruellan, Masarah Paquet-Clouston, Sebastián Garcia\",\"doi\":\"10.1186/s40163-024-00212-y\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ransomware-as-a-service (RaaS) is increasing the scale and complexity of ransomware attacks. Understanding the internal operations behind RaaS has been a challenge due to the illegality of such activities. The recent chat leak of the Conti RaaS operator, one of the most infamous ransomware operators on the international scene, offers a key opportunity to better understand the inner workings of such organizations. This paper analyzes the main discussion topics in the Conti chat leak using machine learning techniques such as Natural Language Processing (NLP) and Latent Dirichlet Allocation (LDA), as well as visualization strategies. Five discussion topics are found: (1) Business, (2) Technical, (3) Internal tasking/Management, (4) Malware, and (5) Customer Service/Problem Solving. Moreover, the distribution of topics among Conti members shows that only 4% of individuals have specialized discussions while almost all individuals (96%) are all-rounders, meaning that their discussions revolve around the five topics. The results also indicate that a significant proportion of Conti discussions are non-tech related. This study thus highlights that running such large RaaS operations requires a workforce skilled beyond technical abilities, with individuals involved in various tasks, from management to customer service or problem solving. The discussion topics also show that the organization behind the Conti RaaS operator shares similarities with a large firm. We conclude that, although RaaS represents an example of specialization in the cybercrime industry, only a few members are specialized in one topic, while the rest runs and coordinates the RaaS operation.\",\"PeriodicalId\":37844,\"journal\":{\"name\":\"Crime Science\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":3.1000,\"publicationDate\":\"2024-06-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Crime Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1186/s40163-024-00212-y\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"CRIMINOLOGY & PENOLOGY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Crime Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1186/s40163-024-00212-y","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"CRIMINOLOGY & PENOLOGY","Score":null,"Total":0}
引用次数: 0

摘要

勒索软件即服务(RaaS)正在扩大勒索软件攻击的规模和复杂性。由于此类活动的非法性,了解 RaaS 背后的内部运作一直是个挑战。最近,国际上最臭名昭著的勒索软件运营商之一 Conti RaaS 运营商的聊天记录泄露,为更好地了解此类组织的内部运作提供了一个重要机会。本文利用自然语言处理(NLP)和潜迪里希特分配(LDA)等机器学习技术以及可视化策略分析了 Conti 聊天记录泄露事件中的主要讨论主题。发现了五个讨论主题:(1) 业务;(2) 技术;(3) 内部任务/管理;(4) 恶意软件;(5) 客户服务/问题解决。此外,Conti 成员的话题分布显示,只有 4% 的人有专门的讨论,而几乎所有的人(96%)都是全能型的,这意味着他们的讨论围绕这五个话题展开。结果还表明,相当一部分 Conti 讨论与技术无关。因此,本研究强调,运营如此大型的 RaaS 业务需要一支技术能力之外的员工队伍,其中包括参与从管理到客户服务或解决问题等各种任务的人员。讨论主题还表明,康迪 RaaS 运营商背后的组织与大型公司有相似之处。我们的结论是,尽管 RaaS 是网络犯罪行业专业化的一个范例,但只有少数成员专门从事一个主题,而其他成员则负责运行和协调 RaaS 操作。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning

Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning
Ransomware-as-a-service (RaaS) is increasing the scale and complexity of ransomware attacks. Understanding the internal operations behind RaaS has been a challenge due to the illegality of such activities. The recent chat leak of the Conti RaaS operator, one of the most infamous ransomware operators on the international scene, offers a key opportunity to better understand the inner workings of such organizations. This paper analyzes the main discussion topics in the Conti chat leak using machine learning techniques such as Natural Language Processing (NLP) and Latent Dirichlet Allocation (LDA), as well as visualization strategies. Five discussion topics are found: (1) Business, (2) Technical, (3) Internal tasking/Management, (4) Malware, and (5) Customer Service/Problem Solving. Moreover, the distribution of topics among Conti members shows that only 4% of individuals have specialized discussions while almost all individuals (96%) are all-rounders, meaning that their discussions revolve around the five topics. The results also indicate that a significant proportion of Conti discussions are non-tech related. This study thus highlights that running such large RaaS operations requires a workforce skilled beyond technical abilities, with individuals involved in various tasks, from management to customer service or problem solving. The discussion topics also show that the organization behind the Conti RaaS operator shares similarities with a large firm. We conclude that, although RaaS represents an example of specialization in the cybercrime industry, only a few members are specialized in one topic, while the rest runs and coordinates the RaaS operation.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Crime Science
Crime Science Social Sciences-Cultural Studies
CiteScore
11.90
自引率
8.20%
发文量
12
审稿时长
13 weeks
期刊介绍: Crime Science is an international, interdisciplinary, peer-reviewed journal with an applied focus. The journal''s main focus is on research articles and systematic reviews that reflect the growing cooperation among a variety of fields, including environmental criminology, economics, engineering, geography, public health, psychology, statistics and urban planning, on improving the detection, prevention and understanding of crime and disorder. Crime Science will publish theoretical articles that are relevant to the field, for example, approaches that integrate theories from different disciplines. The goal of the journal is to broaden the scientific base for the understanding, analysis and control of crime and disorder. It is aimed at researchers, practitioners and policy-makers with an interest in crime reduction. It will also publish short contributions on timely topics including crime patterns, technological advances for detection and prevention, and analytical techniques, and on the crime reduction applications of research from a wide range of fields. Crime Science publishes research articles, systematic reviews, short contributions and theoretical articles. While Crime Science uses the APA reference style, the journal welcomes submissions using alternative reference styles on a case-by-case basis.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信