A social network analysis and comparison of dark web forums

Ildiko Pete, Jack Hughes, Maria Bada, Yi Ting Chua

Contact: ytc36@cam.ac.uk

Background and Introduction Current research on social networks encompasses a wide range of online underground communities with interests spanning from malware writing to gaming. Most research on these communities rely on information collected from forums accessible via the open/surface web. With increasing monitoring and regulation by platforms, communities with criminal interests are moving to the part of the Internet known as the ``dark web''. The dark web refers to a section of the Internet that is only accessible via the use of special tools, such as Tor (The Onion Router), and hosts content ranging from whistle-blowing and privacy, to drugs, terrorism, and hacking. The structures of dark web networks have historically been understudied as a result of the difficulty in data collection associated with the setup of the dark web. Previous research on dark web forums has focused on specific areas, such as child exploitation and terrorist content. However, the dark web presents a richer ecosystem of communities and research efforts needs to include other dark web communities with criminal interests. This is a growing concern as cryptomarkets for drugs, firearms, and cybercrime begin to migrate towards the dark web. Thus, we perform a structural analysis and comparison of six dark web forums to provide insights into their organisational structures that underlie information and resource flows within these communities. Methodology Using post discussion data from six dark web forums, from the CrimeBB dataset, we construct six interaction graphs. CrimeBB is available for researcher use from the Cambridge Cybercrime Centre (CCC) and contains more than 69m posts and 1.6m accounts from 16 underground dark and surface web forums. The forums we include in the current study serve, either wholly or partially, as platforms for discussing hacking related subjects and as marketplaces. They include The Hub (89k posts), Dread (250k posts), Runion (240k posts), Torum (28k posts), Deutschland Im Deep Web (12k posts), and SuprBay (59k posts). These scraped datasets cover almost the entirety of these forums, and therefore we store the corresponding networks in a graph database, using Neo4j. The study starts with an exploratory analysis of the constructed networks to constrain the available data to the largest relevant and useful subset. This is also to eliminate noise from the network shown by the initial constructions of the social graphs. In this process we eliminate nodes irrelevant in the current analysis and we focus on interactions between February and July 2019 inclusive to highlight the most recent activities and social networks within these forums. We observe the structure of each network and highlight structural characteristics and patterns, such as cliques. Then, we compare each network using these metrics. Later, the study focuses on identification of nodes of importance, which we approach through network centrality analysis. In carrying out this study, our findings contribute to a deeper understanding of these communities, which may lay the foundation for future research on intervention or disruption activities and techniques.

← Schedule