Do Hacker Forums Contribute to Security Attacks?

  • Qiu-Hong Wang
  • Wei T. Yue
  • Kai-Lung Hui
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 108)

Abstract

There has been an increased amount of discussion about firms needing to account for the hacker’s perspective in protecting their information assets. However, we still have very little idea about how attack information is disseminated within the hacker community. In this paper, we study the role of hacker forums in disseminating vulnerability information that leads to attacks. We found that the discussions in online hacker forums correlate significantly with the number of cyber-attacks observed in the real world. Furthermore, hacker forums also play a moderating role in disseminating vulnerability and threat information. As cyber security becomes an increasingly prominent issue for firms, our study indicates that there is a need to study the behaviors of the participants in the hacker forum further in order to better understand the risks that they pose.

Keywords

Trojan Horse Attack Type Security Attack Threat Information System Vulnerability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Arora, A., Krishnan, R., Telang, R., Yang, Y.: An Empirical Analysis of Software Vendors’ Patch Release Behavior: Impact of Vulnerability Disclosure. Information Systems Research 21(1), 115–132 (2010)CrossRefGoogle Scholar
  2. 2.
    Assimakopoulos, D., Yan, J.: Sources of Knowledge Acquisition for Chinese Software Enginners. R&D Management 36(1), 97–106 (2006)CrossRefGoogle Scholar
  3. 3.
    Baskerville, R.: Hacker Wars: E-Collaboration by Vandals and Warriors. International Journal of e-Collaboration 2(1), 1–16 (2006)CrossRefGoogle Scholar
  4. 4.
    Cavusoglu, H., Cavusoglu, H., Raghunathan, S.: Efficiency of V7ulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge. IEEE Transactions on Software Engineering 33(3), 171–185 (2007)CrossRefGoogle Scholar
  5. 5.
    Cavusoglu, H., Raghunathan, S., Yue, W.T.: Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment. Journal of Management Information Systems 25(2), 281–304 (2008)CrossRefGoogle Scholar
  6. 6.
    Evers, J.: Hacking for Dollars (July 6, 2005), CNETNEWS.com
  7. 7.
    Galbreth, M.R., Shor, M.: The Impact of Malicious Agents on the Enterprise Software Industry. MIS Quarterly 34(3), 595–612 (2010)Google Scholar
  8. 8.
    Gordon, L.A., Loeb, M.P., Sohail, T.: Market Value of Voluntary Disclosures Concerning Information Security. MIS Quarterly 34(3), 567–594 (2010)Google Scholar
  9. 9.
    Jordan, T., Taylor, P.: A Sociology of Hackers. The Sociological Review 46(4), 757–780 (1998)CrossRefGoogle Scholar
  10. 10.
    Liu, P., Zang, W., Yu, M.: Incentive-Based Modeling and Inference of Attacker Intent, Objectives, and Strategies. ACM Transactions on Information and System Security 8(1), 78–118 (2006)CrossRefGoogle Scholar
  11. 11.
    Mahmood, M.A., Siponen, M., Straub, D., Rao, H.R., Raghu, T.S.: Moving Toward Black Hat Research in Information Systems Security: An Editorial Introduction to the Special Issue. MIS Quarterly 34(3), 431–433 (2010)Google Scholar
  12. 12.
    Png, I., Wang, Q.-H.: Information Security: Facilitating User Precautions Vis-a-Vis Enforcement Against Attackers. Journal of Management Information Systems 26(2), 97–121 (2009)CrossRefGoogle Scholar
  13. 13.
    Png, I., Wang, C.-Y., Wang, Q.-H.: The Deterrent and Displacement Effects of Information Security Enforcement: International Evidence. Journal of Management Information Systems 25(2), 125–144 (2008)CrossRefGoogle Scholar
  14. 14.
    Ransbotham, S., Mitra, S., Ramsey, J.: Are Markets for Vulnerabilities Effective?. MIS Quarterly (forthcoming)Google Scholar
  15. 15.
    Sherman, L.W.: Defiance, deterrence, and irrelevance: A theory of the criminal sanction. Journal of Research in Crime and Delinquency 30, 445–473 (1993)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Qiu-Hong Wang
    • 1
  • Wei T. Yue
    • 2
  • Kai-Lung Hui
    • 3
  1. 1.School of ManagementHuazhong University of Science of TechnologyWuhanChina
  2. 2.College of BusinessCity University of Hong KongHong Kong
  3. 3.School of Business and ManagementHong Kong University of Science and TechnologyHong Kong

Personalised recommendations