Investigating and Comparing Discussion Topics in Multilingual Underground Forums
This work addresses a problem for cybersecurity professionals and law enforcement by enabling better analysis of criminal forums, though it is incremental as it applies existing methods to a new domain.
The paper tackles the challenge of language barriers in analyzing multilingual underground forums by using unsupervised methods to cluster conversational topics, uncovering that language barriers create sub-communities with distinct knowledge and motivations, such as Russian-speaking users having exclusive access to certain information.
Underground forums play a crucial role in the criminal ecosystem, facilitating the exchange of knowledge and the trade of illegal tools and services. By analyzing the skills, motivations, focus, and operations of cyber-criminals active in these forums, cybersecurity professionals and law enforcement can better understand their tactics, assess the risks they pose to society, and develop more effective countermeasures. A significant challenge in analyzing these forums arises from language barriers, either because they blend different languages or because they use community-specific slang. In this paper, we address this challenge through the use of a combination of unsupervised methods that group together semantically related conversational themes (i.e., topics) into clusters. We apply our methodology to analyze a prolific, invite-only, Russian-English criminal forum that has been operating for over 18 years. This way, we uncover pockets of knowledge, i.e., knowledge only shared in one sub-community. This knowledge is accessible only to those speaking a language (e.g., Russian), thereby showing that language barriers (e.g., for users that do not speak Russian) can create sub-communities with different knowledge and motivations. We further demonstrate how our method can identify the semantic meaning of dark jargon from its context, and discuss other potential applications of our approach.