Identifying Information Useful for Cyber-Attacks Against Canadian Critical Infrastructure in Online Discussion Forums by Noelle Warkentin BA (Honours), University of Manitoba, 2013 Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Arts in the School of Criminology Faculty of Arts © Noelle Warkentin 2021 SIMON FRASER UNIVERSITY Summer 2021 Copyright in this work is held by the author. Please ensure that any reproduction or re-use is done in accordance with the relevant national copyright legislation. Declaration of Committee Name: Noelle Warkentin Degree: Master of Arts Title: Identifying Information Useful for Cyber-Attacks Against Canadian Critical Infrastructure in Online Discussion Forums Committee: Chair: Sheri Fabian University Lecturer, School of Criminology Richard Frank Supervisor Associate Professor, School of Criminology Bryan Kinney Committee Member Associate Director, School of Criminology Aunshul Rege External Examiner Associate Professor, Department of Criminal Justice Temple University ii Abstract Critical infrastructures (CI) are connecting their systems to networks at an increasing rate, providing the opportunity for malicious actors to conduct cyber-attacks against these companies. In an attempt to understand the threats facing Canada’s CI, information collected from online discussion forums was analyzed to discover frequently targeted CI companies and locations in Canada, the types of information shared within these forums, and who the main authors are in sharing threat-related posts. After analyzing IP addresses collected from 20 online discussion forums, the province of Quebec was identified as a hot-spot for cyber-threats, while the information and technology sector was targeted most frequently among sectors. A thematic analysis of posts containing keywords revealed that information useful for conducting cyber-attacks against CI is being shared within these forums. Lastly, findings from this study found two authors may be considered high-threat, in that the majority of their posts were threatening towards CI. Keywords: critical infrastructure; cyber security; hacking; thematic analysis; online discussion forums iii Acknowledgements I would like to acknowledge my family and close friends who have supported me endlessly on my endeavors in not only completing this thesis, but also throughout my studies. In particular, my mom has inspired me to achieve my goals, and was also my constant source of support during the graduate program. If I hadn’t watched her make her way through university when I was a child, I’m not sure I would be where I am today, and I am forever grateful for her guidance. Of course, I must also thank my supervisor, Dr. Richard Frank, for providing me with the opportunities that have led me to study cyber-threats against critical infrastructure. Having never studied cyber related crimes during my undergraduate years, I never would have realized my interest in this field if it weren’t for him. Not only has he helped spark my curiosity in cyber-threats and cybercrimes, he has also helped me immensely by assisting me in developing my skills as a researcher, and as a writer. iv Table of Contents Declaration of Committee .................................................................................................... ii Abstract ............................................................................................................................... iii Acknowledgements ............................................................................................................. iv Table of Contents .................................................................................................................v List of Tables ...................................................................................................................... vii List of Figures.................................................................................................................... viii List of Maps ......................................................................................................................... ix List of Acronyms ..................................................................................................................x Chapter 1. Introduction ............................................................................................... 1 1.1. What is Critical Infrastructure? ................................................................................. 2 1.2. Threats Facing Critical Infrastructure ....................................................................... 2 1.3. What are the Cyber-Threats? ................................................................................... 4 1.4. Canadian Critical Infrastructure Cyber-Security ....................................................... 6 1.5. Prior Attacks Against Critical Infrastructure .............................................................. 7 1.6. Motivations and Methods of Malicious Actors .......................................................... 8 Reconnaissance ....................................................................................................... 8 Weaponize ................................................................................................................ 9 Delivery 9 Exploitation................................................................................................................ 9 Installation ................................................................................................................. 9 Command and Control............................................................................................ 10 Act on Objectives .................................................................................................... 10 1.7. Reconnaissance in Discussion Forums ................................................................. 10 1.8. The Current Study................................................................................................... 11 1.8.1. Geographical ............................................................................................. 12 1.8.2. Keyword .................................................................................................... 12 1.8.3. High-Threat Authors.................................................................................. 12 Chapter 2. Selecting Online Discussion Forums ................................................... 14 2.1. Forums Identified .................................................................................................... 14 Extremist Forums .................................................................................................... 15 Fraud Forums ......................................................................................................... 15 Hacker Forums ....................................................................................................... 15 2.2. Forum Data Collection ............................................................................................ 17 Chapter 3. Geographical Analysis ........................................................................... 18 3.1. Geographical Methods............................................................................................ 18 3.1.1. IP Address Extraction ............................................................................... 18 3.1.2. Location Frequencies ............................................................................... 19 3.1.3. Company Information ............................................................................... 20 3.1.4. Author Frequencies................................................................................... 20 v 3.1.5. Combined Post Analysis ........................................................................... 21 3.1.6. Thread Analysis ........................................................................................ 21 3.2. Geographical Results ............................................................................................. 22 3.2.1. Location Frequencies ............................................................................... 23 3.2.2. Company Information ............................................................................... 27 3.2.3. Author Frequencies................................................................................... 28 3.2.4. Combined Post Analysis ........................................................................... 29 3.2.5. Thread Analysis ........................................................................................ 30 Chapter 4. Keyword Analysis ................................................................................... 32 4.1. Keyword Methods ................................................................................................... 32 4.1.1. Selecting Keywords .................................................................................. 32 4.1.2. Keyword Search ........................................................................................ 33 4.1.3. Keyword Analysis ...................................................................................... 34 4.2. Keyword Results ..................................................................................................... 35 4.2.1. Keyword Search ........................................................................................ 35 4.2.2. Keyword Analysis .....................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages86 Page
-
File Size-