Communities of Inquiry for Offenders: Learning Malware Development on Asynchronous Platforms

Abstract

ABSTRACT Malware as a service (MaaS) has become a profitable profession, allowing individuals who are not technologically competent, and criminal organizations, to purchase such malicious software to conduct a variety of attacks. This has created space for those with the technological abilities to make a business off the malware that they write, and it is therefore important to understand where these developers are learning the skills needed. The current study was carried out to assess how malware developers use an encrypted messaging platform for knowledge acquisition, more specifically knowledge about malware development. This was carried out through a qualitative analysis of questions and answers posted within Telegram channels that are related to malware, and malware development and distribution. Further to this, latent class analysis was conducted to aid in determining whether there are subsets of individuals posting this information. A total of 467 user questions and 518 user responses were captured from eight channels. Results from this study revealed that posters are usually responsive to questions posed within these communities, with seven different response themes identified: Criticized question, offered answer or advice, offered help or service, probing for further information, provided resource, and unhelpful response. Therefore, while not many people are seeking Telegram channels to learn, when they do pose questions, respondents are likely to offer helpful advice to aid in their learning of malware development.