An interview to Prof. Thomas J. Holt, School of Criminal Justice, Michigan State University
Ogni giorno navigando in rete condividiamo informazioni. Queste informazioni possono essere utilizzate da persone malevoli per scopi dannosi. Trojan bancari, turismo sessuale e cyberbullismo sono tre contesti che fanno della rete una “trappola”.
Every day surfing the net we share information. This information can be used by malicious people for malicious purposes. Banking Trojans, Sex Tourism and Cyber Bullying are three contexts that make the network a “trap”.
How much we risk buying on-line or visiting bank websites?
In terms of just going to banks or to traditional retailers there’s not much risk at least from the websites themselves. The risk comes in terms of how you’re connecting to the site. If you’re using an open wireless connection at a restaurant or somewhere else that may not be secured then it’s harder to guarantee your information is secure. Your credit card data or your username and password can be stolen, which would enable data theft if you have an account on a site that stores your information/ And on the other hand if you’re going to a retailer that you’re not familiar with or you’ve never purchased from before or that is offering prices that seems too low or that have negative reviews in other places, that’s where there’s a higher degree of risk.
What are social organisation and structure of stolen data markets?
There’s sort of two organisations at once, so the formal organization component of it is traditionally the forum operator. Whoever it is who owns the website and serves as a sort of super administrator or moderator and then the others below them who are moderators or testers or product checkers those individuals seem to be somewhat more sophisticated. They may be earning a profit by selling services through their website and then there are the individual vendors within the forum itself. That layer between the vendor and the buyer is its own type of organization as well, so the vendor and the buyer interact with the forum moderators management and at that individual level for the vendor we tend to see people operating either individually or in small groups mostly selling products or offering services that the virus can use. The organisation and the buyers are a little harder to understand without more information than what can be gleaned from the open posts in forums. Our assumption is that it’s mostly individuals who are buying products and then working with other service providers. so it creates kind of a loose network that doesn’t have a specific kind of formal structure. Instead it’s all based on individual rules between the vendors and the buyers
What about the darknet, is it related?
Sure, we can see the same things on the dark web. Anything posted on Tor is going to operate in a similar fashion, the only difference is that we see a few more people operating their own shops, so a shop would be a single website that you own and operate where you sell your product so you don’t have to advertise through a forum. Instead you just sell your resources directly to the public- there’s no need for interaction with forum management. It’s just user to retailer in terms of transactions.
Are we prone to buy malicious data in the darknet?
Yeah we see people selling data both on the open web and the dark web, it’s not limited to just one environment.
How online data collected can be used by sex tourists?
Mostly the way that we understand it is through the people who are posting reviews. Let’s suppose that I’m interested in sex tourism or I’m in a country already, I can post reviews through websites about the services that I get so I can talk about a specific sex worker or the club that they operate in or bar or whatever it might be. So by travelling if I’m interested in going to that country I can read all those reviews. I can know what places to go to, what providers to ask specifically for. I may even be able to get information about hotels or taxis or retailers who might also be able to help me get different things, so the information that is available online serves as kind of a resource for the tourist to know what to do who to ask for and they can even understand a little bit about who may be living locally within the country who can help them as well. There might be individuals from the United States or Canada or various other countries who are living there as well and can help you and maybe even be willing to go out with you to go and do different things.
Do you think that it’s a really easy to grab all these information?
Oh yes it’s extremely easy. In fact all the forums that we go to don’t require user names or passwords. You can review everything without having to directly interact with anyone
Like open source intelligence (OSINT)?
If I am identified as a fragile individual, becoming victim of bullying, can I stop the persecution? May I suffer permanent psychological damage?
Yes people who are bullied we see, I think it’s about twentyfive to thirty percent depending on the age of the group, report things like suicidal thoughts or social withdrawal, so it does have an impact on the individual. The experience of bullying is difficult The harder part is getting the bullying to stop, so if you have contacted the bully or the harasser and ask them to end the bullying it may not and at that point you can try to block them on the social media or block their number if they’re texting you, but that still doesn’t eliminate the potential for someone to charge you on Facebook or email or other platforms, so it can be hard to get away from that kind of bully.
Could the police station help you?
Depends on the local law because in the US, for instance, bullying is not necessarily criminal in all states. They may be able to work with the school to get someone to stop but it doesn’t necessarily mean that the bully will end what they’re doing. They may try other methods of bullying or may try indirect attempts to bully you, and we know many kids don’t want to report bullying to teachers or parents because of fear of either losing their devices (somebody taking away their phone or their laptop) and they may be more willing to talk to their friends about the experience because they feel like their friends can relate. They can understand why and how this happens.
In conclusion may we define the Net as a trap?
Yeah. It’s a very difficult place because these things that you can experience are dangerous, and then they may occur frequently. They may be something that law enforcement doesn’t fully understand or take seriously or there may not even be laws in place yet depending on the type of offence that we’re dealing with, so it can be a very very hard issue to deal with, the idea of Internet is kind of a trap.
 Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context.