Analysis of 250,000 hacker conversations

Imperva released a report analyzing the content and activities of an online hacker forum with nearly 220,000 registered members, although many are dormant.

This forum is used by hackers for training, communications, collaboration, recruitment, commerce and even social interaction. Commercially, this forum serves as a marketplace for selling of stolen data and attack software.

The chat rooms are filled with technical subjects ranging from advice on attack planning to solicitations for help with specific campaigns. This forum is also a place where curious neophytes can find “how-to-hack” tutorials on various methods.

The report not only provides insight into hacker psychology, but also details the technical strategies they learn, develop and deploy.

“Studying hacker forums is important to providing insights into hacker psychology and technical strategies,” explained Imperva CTO Amichai Shulman. “Hacker forums are still not well understood by many in the security community, and we believe that studying and quantifying what happens in these online communities can lead to the development of strategies to combat cybercrime.”

The findings include:

• Examples of hacker communications, collaboration, recruitment, commerce and social interaction activities.
• Attack discussions on this forum increased over the four-year period of analysis, growing an average of 157% year over year between 2007 and 2010.
• The most discussed topics in this forum from June 2010 to June 2011 were Dos/DDoS attacks, with 22% of discussions, followed by SQL injections, which comprised 19% of all discussions.
• 25% of discussions from June 2010 to June 2011 focused on “beginning” hacking, with members devoting 6% of their time sharing “how-to” tutorials and discussing basic methodologies, indicating a strong, steady interest from new talent.
• Mobile hacking has seen very strong growth in this forum from 2007 to 2010, with iPhone hacking leading the way.

The complete report is available here.