Police Investigation And Social Network Analysis: A Case Study Of A Botnet


Deviance on the Internet has exploded over the last decades. While we are constantly reminded that viruses, worms and malware are everywhere, the threat of botnets is one of the biggest trends in cybercrime. A botnet is a network of infected computers that are taken over and remotely controlled by hackers. It is now common to see such networks reach sizes of more than 100,000 computers that can then be used to send spam, launch distributed denial of service attacks and infect even more machines. Botnets clearly have a deep impact on the World Wide Web. Law-enforcement agencies, unfortunately, still struggle when it comes to identify and investigate the hackers that control the botnets. A rare exception is the case of a North-American police force that arrested many hackers that controlled such networks. The agency agreed to give us access to the unfiltered conversations between the hackers. This raw data is truly unique since it comes from chat logs of hackers who had no idea that these conversations would one day be used against them. This data is thus untainted by surveillance or observation.

The objective of this presentation is to evaluate the relevance of social networks analysis in the context of police investigations on cybercrimes. Using such techniques and tools, we have identified peripheral actors who might have been of interest but were set aside by the investigators. We then compared these actors to those who were indeed arrested and we looked at the similarities and the differences between these two groups. From these results we managed to identify the strengths of the social network analysis as applicable in the day-to-day investigation process. We offer practical applications of the tools we used to enhance the traditional investigative techniques. These techniques are meant as a way to better identify the targets of investigations as well as get a better understanding of complex criminal networks and organizations.

Ce contenu a été mis à jour le 8 août 2016 à 18 h 08 min.