Location, Location, Location: Mapping Potential Canadian Targets in Online Hacker Discussion Forums

The goal of this paper was to analyze hacker forums to better understand the threats they pose to Canadian critical systems specifically and cyber-security more generally.

To facilitate the data collection, a customized web-crawler was developed to specifically capture the structured content posted to forums.

Three hacker forums were selected for analysis that represented different facets of the hacker community: carding (data theft), coding (malware development and deployment), and security (distribution of vulnerabilities).

We identified and geolocated user disclosed IP addresses to try to identify critical systems and determine the extent as well as context in which critical systems were openly discussed by forum users.

In total, 311,501 analyzable IP addresses were extracted from the data with 3,168 (1%) geolocated to Canada. The prevalence of Canadian IP addresses does not indicate their potential for exploitation, although it does highlight a perceived heightened interest in Canadian critical systems by hacker forum users.

Potential at-risk systems included government agencies, universities across Canada, and private industries within the transportation network, namely aviation and shipping firms.


Richard Frank, Mitch Macdonald, and Bryan Monk


11 February 2016 / 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)

DOI: 10.1145/2808797.2808878