Behind the scenes of the underworld: Hierarchical clustering of two leaked carding forum databases

Abstract

Cybercriminals operate in obscurity to avoid detection of their illegal deeds. This fact makes studying them more difficult. Many cybercriminals meet in illicit online market places such as carding forums. The forums are often visible, but the actual transactions are carried out in private messages beyond view. However, there is no honor among thieves, and sometimes a carding forum server database will be hacked and leaked to the public. Existing research has been conducted on such leaked databases, but much of it is quantitative, rather than offering any qualitative interpretation into the nature of the forum user base. This research sought to analyze two such leaked carding forum databases by applying hierarchical clustering of 10,714 registered user accounts, grouping users based on 19 variables consisting of comment history style, site engagement activity, and explicit status markers. The results yielded 16 categories of users from four different domains composed of general consumers, location-based consumers, producers, and an “other” category. Following categorization, qualitative analyses were conducted to further shed insight into the nature of the two forums.

Alex Kigerl

Research Associate

I am an RNA development expert, specializing in data management and analysis.