EPIC-ARES

Darknet marketplaces (DNMs) are digital platforms for e-commerce that are primarily used to trade illegal and illicit products. They incorporate technological advantages for privacy protection and contribute to the growth of cybercriminal activities. In the past, researchers have explored methods to investigate multiple identities of vendors covering different DNMs. Leaving aside phenomena such as malicious forgery of identities or Sybil attacks, usernames and their corresponding PGP public keys are used to build brands around users and are considered a trusted method of vendor authentication across DNMs.

This paper aims to demonstrate a forensic method for linking users on a DNM called the Wall Street Market using shared PGP public keys. We developed a trading reputation system to evaluate the transaction behaviour of each user group sharing PGP keys (i.e., PGP groups). Based on the reputation indicators we introduced, we compared PGP groups with high, medium and low reputation levels. Our research suggests that the observed PGP groups exhibit varying organisational structures in relation to their reputation levels, including a more organised and dense cooperation or a looser form of cooperation. As this paper provides an in-depth understanding of user networks on a DNM associated with PGP keys, it is of particular interest for the detection of organised criminal groups on DNMs.

This paper explores the novel topic of data breach journalism and data breach news through the case of databreaches.net, a news outlet dedicated to data breaches and related cyber crime. Motivated by the issues in traditional crime news and crime journalism, the case is explored by the means of text mining. According to the results, the outlet has kept a steady publishing pace, mainly focusing on plain and short reporting but with generally high-quality source material for the news articles. Despite these characteristics, the news articles exhibit fairly strong sentiments, which is partially expected due to the presence of emotionally laden crime and the long history of sensationalism in crime news. The news site has also covered the full scope of data breaches, although many of these are fairly traditional, exposing personal identifiers and financial details of the victims. Also hospitals and the healthcare sector stand out. With these results, the paper advances the study of data breaches by considering these from the perspective of media and journalism.

X.509 certificates play a crucial role in establishing secure communication over the internet by enabling authentication and data integrity. Equipped with a rich feature set, the X.509 standard is defined by multiple, comprehensive ISO/IEC documents. Due to its internet-wide usage, there are different implementations in multiple programming languages leading to a large and fragmented ecosystem. This work addresses the research question “Are there user-visible and security-related differences between X.509 certificate parsers?”. Relevant libraries offering APIs for parsing X.509 certificates were investigated and an appropriate test suite was developed. From 34 libraries 6 were chosen for further analysis. The X.509 parsing modules of the chosen libraries were called with 186,576,846 different certificates from a real-world dataset and the observed error codes were investigated. This study reveals an anomaly in wolfSSL’s X.509 parsing module and that there are fundamental differences in the ecosystem. While related studies nowadays mostly focus on fuzzing techniques resulting in artificial certificates, this study confirms that available X.509 parsing modules differ largely and yield different results, even for real-world out-in-the-wild certificates.