Developing a Conceptual Framework for Modeling Deviant Cyber Flash Mob: a Socio-Computational Approach Leveraging Hypergraph Constructs
Total Page:16
File Type:pdf, Size:1020Kb
Journal of Digital Forensics, Security and Law Volume 9 Number 2 Article 10 2014 Developing a Conceptual Framework for Modeling Deviant Cyber Flash Mob: A Socio-Computational Approach Leveraging Hypergraph Constructs Samer Al-khateeb University of Arkansas, Little Rock Nitin Agarwal University of Arkansas, Little Rock Follow this and additional works at: https://commons.erau.edu/jdfsl Part of the Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, and the Information Security Commons Recommended Citation Al-khateeb, Samer and Agarwal, Nitin (2014) "Developing a Conceptual Framework for Modeling Deviant Cyber Flash Mob: A Socio-Computational Approach Leveraging Hypergraph Constructs," Journal of Digital Forensics, Security and Law: Vol. 9 : No. 2 , Article 10. DOI: https://doi.org/10.15394/jdfsl.2014.1175 Available at: https://commons.erau.edu/jdfsl/vol9/iss2/10 This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of (c)ADFSL Scholarly Commons. For more information, please contact [email protected]. Developing a Conceptual Framework for ... JDFSL V9N2 This work is licensed under a Creative Commons Attribution 4.0 International License. DEVELOPING A CONCEPTUAL FRAMEWORK FOR MODELING DEVIANT CYBER FLASH MOB: A SOCIO-COMPUTATIONAL APPROACH LEVERAGING HYPERGRAPH CONSTRUCTS Samer Al-khateeb, and Nitin Agarwal Department of Information Science University of Arkansas at Little Rock Little Rock AR 72204, USA fsxalkhateeb, [email protected] ABSTRACT In a Flash Mob (FM) a group of people get together in the physical world perform an unpredicted act and disperse quickly. Cyber Flash Mob (CFM) is the cyber manifestation of flash mob coordinated primarily using social media. Deviant Cyber Flash Mob (or, DCFM) is a special case of CFM, which is categorized as the new face of transnational crime organizations (TCOs). The DCFM phenomenon can be considered as a form of a cyber-collective action that is defined as an action aiming to improve group's conditions (such as, status or power). In this paper, we conduct a conceptual analysis of the DCFMs and model the factors that lead to success or failure with groundings in collective action and collective identity formation theories. Mathematical constructs of hypergraph are leveraged to represent the complex relations observed in the DCFM social networks. The model's efficacy is demonstrated through a test scenario. Keywords: cyber crime, cyber security, deviant cyber flash mob DCFM, collective action, social media, predictive model. 1. INTRODUCTION lic place, perform an unusual act, and quickly disperse. These group acts are often conducted The widespread use of contemporary forms of for the purposes of entertainment, satire, and information and communications technology artistic expression. (Oxford-Dictionary, July 8, (ICTs), such as social media, have transformed 2004). The first flash mob was created in Man- the way people interact, communicate, and share hattan in 2003, by Bill Wasik, who is a senior information. This has afforded a fundamen- editor of the Harper's Magazine. The purpose of tal paradigm shift in the coordination abilities that flash mob as Wasik claimed was ``a social of people leading to manifestations of cyber- experiment designed to poke fun at hipsters and collective actions (Agarwal, Lim, & Wigand, to highlight the cultural atmosphere of confor- 2014; Agarwal et al., 2012) in various forms, mity and of wanting to be an insider or part whether they are social movements for sociopo- of the next big thing" (Wasik, December 16, litical transformation, campaigns for better gov- 2011). There are many examples of flash mobs ernance through citizen journalism and engage- happened after 2003 i.e. Dare to fight a ninja, ment, or flash mobs (FM) for promoting a cause Freeze mob in Paris, and Happy Birthday for a or simply entertainment. A flash mob (FM) is a bus driver,.. etc (Kirkland, December 21, 2011). group of individuals who get together in a pub- c 2014 ADFSL Page 113 JDFSL V9N2 Developing a Conceptual Framework for ... Figure 1 Different Forms and Scopes of Cyber Collective Action, i.e., Flash Mobs (FM), Cyber Flash Mobs (CFM), and Deviant Cyber Flash Mobs (DCFM). Some FMs were organized locally some of them CA in July 9, 2013 (Holbrook, July 19, 2013). internationally like the largest pillow fight flash Deviant CFM (or, DCFM) can be considered mob which was called the International Pillow as a form of a cyber-collective action that is de- Fight Day. It took place on March 22, 2008 and fined as an action aiming to improve a group's it was recorded as the world's largest flash mob conditions (such as, status or power) (Ludlow, to date with over 25 cities participating around January 13, 2013). These DCFMs are catego- the globe (Reporter, April 4, 2011). rized as the new face of transnational crime or- ganizations (TCOs) (e.g., ``hacktivist'' groups) Cyber flash mobs (CFM) which are the cy- that can pose significant risks to political, social, ber manifestation of flash mobs (see Figure 1), and economic stability (Ackerman et al., 2013). are known to be coordinated via social me- The DCFM activities can stretch beyond the cy- dia, telecommunication devices, or viral emails berspace, i.e., in physical spaces. For example, (Nicholson, 2005). CFMs are self-organized there are two very well known DCFMs that are groups of individuals who get together in cy- mentioned here to highlight the differences in berspace, perform an unpredicted act, and the scope of their activities: quickly disperse. Some of the CFMs are or- ganized for entertainment purpose others can 1. The Comment Flash Mob. (Digits, lead to robberies and thefts. The latter form February 21, 2012) The case refers to a of CFM is known as ``Deviant CFM" such as February 2012 attack on a number of Wall the ``Bash Mob" that happened in Long Beach, Street Journal (WSJ)s Facebook pages by Page 114 c 2014 ADFSL Developing a Conceptual Framework for ... JDFSL V9N2 one of the groups that claimed to be linked hit machines and raked in the cash. to the Anonymous hacking group. The at- The entire operation is conducted in multi- tacks were a result of the allegations by ple stages. In the early stages, one or more a German WSJ article that suggested the geeks install computer viruses inside net- group had links with Al-Qaeda. The group works, then spend days or weeks gathering solicited participation in the attack and detailed information about a bank's opera- requested the following message be pro- tions as they plan the job. As they get ready moted (by copy and pasting on several to carry out the job, ``carders" produce fake WSJ pages), along with strategies to avoid payment cards by coding the stolen account getting blocked while posting the message, numbers onto magnetic strips. Those cards ``Dear editors of the German Wall Street are distributed to large numbers of ``cash- Journal, you equated Anonymous with Al- ers", who withdraw money from ATMs. Qaeda in your February 2012 article and ``Mules" help move the loot across borders, the related coverage. With this type of cov- sometimes in the form of luxury goods that erage you may be able to stir up fear in they purchase with the cash. The ringlead- the United States, but not in the land of ers, who rake in the biggest profits, typically poets and thinkers! With this comment, are at the least risk of getting caught, while we oppose the deliberate dissemination of the carders, cashers and mules take on the false information and express our displea- highest risk of arrest. After making seven ar- sure with your lobby journalism. We are rests in the New York City, who comprised Anonymous. We are millions. We do not the New York cell of the operation, US At- forgive. We do not forget. Expect us!" torney for the Eastern District of New York, The attack quickly spread to other German Loretta Lynch said, ``the gangs moved at WSJ Facebook pages before going viral and the speed of data across the Internet." affecting the main WSJ Facebook pages. These DCFMs are interesting not only for According to reports, the attacks subsided scientific research, but also pose non-negligible in a few hours affecting user experience in concerns for public safety and national security. numerous ways, before the group turned Therefore, in this study, we propose to seek their attention to a Saudi blogger activist. answers to the following research question: 2. The Flash Mob Cyber Heist. (Dye & • How decentralized on-line individual actions Finkle, May 9, 2013) A more disturbing transform into collective actions resulting example is the $45 million ``flash mob cyber in Deviant Cyber Flash Mob (DCFM) be- heist" that took place in two phases on Dec haviors? 21, 2012 ($5 million) and February 19, 2013 ($40 million) in 27 countries. Hundreds Consequently, this question leads us to seek an- of ``cashers" around the globe armed with swers for: prepaid debit cards (that were manipulated 1. What are the necessary conditions that lead by hackers to have no withdrawal limits) to the emergence of these phenomena? hit the ATMs. Full technical details of the cyber heist are still obscure, however, cyber 2. Can we explain the motivation needed for security experts believe such acts typically the subsistence of such coordinated acts? come together in Internet forums, where 3. How can we build predictive models of hackers can exchange or sell information DCFM behaviors? and recruit others. A great deal of technical groundwork had to be laid to create the Seeking answers to the aforementioned ques- complex network access needed but the final tions, we make the following contributions in stage was quick as a swarm of individuals this article: c 2014 ADFSL Page 115 JDFSL V9N2 Developing a Conceptual Framework for ..