Introduction

For companies and institutions of all kinds, matters regarding the protection of Intellectual Property (IP) and Personally Identifiable Information (PII) from cyber-breaches and data-leaks are demanding higher financial investment. With the discovery of Stuxnet, offensive and defensive cyber-capabilities have become a tool in military arsenals worldwide and are on the cusp of shifting the global landscape of military power. With the expanding yield of cyber-related activities, understanding the actors creating, manipulating, and distributing malicious code becomes a paramount necessity.

After discussing the commercial importance of cyber threat intelligence in Chapter 2, we will begin learning how these cyber threat intelligence systems are built. The first logical step, which will be covered in this chapter, is to introduce the online hacker communities from which so much cyber threat intelligence derives. In this chapter, we report on the results of an exploration of black hat hacker forums on both the Internet and crypto-networks (in particular those accessed via the Tor-browser). We report on the structure, content, and standards of behavior within these forums. Throughout, we highlight how these communities augment the activities of the malicious hackers who participate.

Some of the English-language forums we will discuss are accessible though the Tor-network only, while the web forums addressing Russian speakers are most often found on the surface-layer Internet. These arenas of communication between malicious hackers allow insights into concerns, motivations, and goals as well as the environment in which they act. An intimate understanding of these communities will greatly aid proactive cybersecurity [9], by allowing cybersecurity practitioners to better understand their adversaries.While the structure of these forums largely resembles similar platforms, it is in the content and members that they differ.

Valuable insight into the structure and culture of hacker communities can be gained by focusing on forums where hacking techniques and exploits are created, shared [104], and distributed [23, 41]. Furthermore, these platforms often enforce rules of conduct, discuss the legitimacy of future endeavors, and negotiate targets [51, 9]. As such, forums constitute arenas in which the propagation of hacking techniques as well as discussion on cracking and ethics take place [41, 25]. Concerns, ambitions, and modi operandi of malicious hackers are showcased in forums, suggesting that a profound understanding of these communities will aid in early detection of cyber-attacks. The study in this chapter represents initial research in this direction.