Where Do Malicious Actors Learn Their Skills?

Download the PDF

Where Do Malicious Actors Learn Criminal Skills?

  • On their own
  • By reading tutorials and guides
  • From people they know in real life
  • Through social learning
  • On Public Online Forums
    • Usually thousands, if not more, participants
    • Free to register
    • Indexed by search engines
  • On Private Online Forums
    • Hundreds of participants, though sometimes there could be more
    • Paid registration, or registration opened with an invite from a current participant
    • Content is kept private for forum participants only

What are the Stages of Knowledge Creation?

Knowledge is created on forums through participants solving problems collectively and learning from each other in 4 stages:

  1. Triggering: A participant asks a public question
  2. Exploration: Participants offer possible solutions to the question
  3. Integration: Participants test out possible solutions
  4. Resolution: The best solution is presented to all participants

Knowledge Creation on Public and Private Forums

Private Forums are difficult to investigate and monitor due to access restrictions. How important is it to monitor private forums to understand where malicious actors learn their skills?

  • Threads on public forums reach resolution stage in 8% of the time vs 37% for private forums
  • Possible solutions are only tested 11% of the time in public forums; 4 times higher on private forums

What is the Time to Know on Forums?

Time is of the essence for malicious actors. The time between asking a question and designing the optimal solution is slow on public forums:

  • 196 days on average on public forums
  • 60 days on average on private forums

Ecosystem Fragility

Public forums: coefficient of 0.08.

Private forums: coefficient of 0.37.

The GINI coefficient is the accepted method to measure the concentration of power in a community.

  • A coefficient close to 0 means that all power (knowledge creation) is concentrated in a single person
  • A coefficient close to 1 means that all power (knowledge creation) is distributed across many participants
  • A low coefficient means a forum is vulnerable to attacks if their powerful contributor leaves the forum

Extending Coverage to Private Forums

  • A good digital risk protection service should cover private forums
  • Private forums are where more knowledge is created
  • Private forums are more stable settings and worth the investment in time and resources