TY - JOUR
T1 - Botnet Business Models, Takedown Attempts, and the Darkweb Market
T2 - A Survey
AU - Georgoulias, Dimitrios
AU - Pedersen, Jens Myrup
AU - Falch, Morten
AU - Vasilomanolakis, Emmanouil
N1 - Publisher Copyright:
© 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2023/2/9
Y1 - 2023/2/9
N2 - Botnets account for a substantial portion of cybercrime. Botmasters utilize darkweb marketplaces to promote and provide their services, which can vary from renting or buying a botnet (or parts of it) to hiring services (e.g., distributed denial of service attacks). At the same time, botnet takedown attempts have proven to be challenging, demanding a combination of technical and legal methods, and often requiring the collaboration of a plethora of entities with varying jurisdictions. In this article, we map the elements associated with the business aspect of botnets and utilize them to develop adaptations of two widely used business models. Furthermore, we analyze the 28 most notable botnet takedown operations carried out from 2008 to 2021, in regard to the methods employed, and illustrate the correlation between these methods and the segments of our adapted business models. Our analysis suggests that the botnet takedown methods have been mainly focused on the technical side, but not on the botnet economic components. We aim to shed light on new takedown vectors and incentivize takedown actors to expand their efforts to methods oriented more toward the business side of botnets, which could contribute toward eliminating some of the challenges that surround takedown operations.
AB - Botnets account for a substantial portion of cybercrime. Botmasters utilize darkweb marketplaces to promote and provide their services, which can vary from renting or buying a botnet (or parts of it) to hiring services (e.g., distributed denial of service attacks). At the same time, botnet takedown attempts have proven to be challenging, demanding a combination of technical and legal methods, and often requiring the collaboration of a plethora of entities with varying jurisdictions. In this article, we map the elements associated with the business aspect of botnets and utilize them to develop adaptations of two widely used business models. Furthermore, we analyze the 28 most notable botnet takedown operations carried out from 2008 to 2021, in regard to the methods employed, and illustrate the correlation between these methods and the segments of our adapted business models. Our analysis suggests that the botnet takedown methods have been mainly focused on the technical side, but not on the botnet economic components. We aim to shed light on new takedown vectors and incentivize takedown actors to expand their efforts to methods oriented more toward the business side of botnets, which could contribute toward eliminating some of the challenges that surround takedown operations.
KW - Additional Key Words and PhrasesCybercrime
KW - attacks
KW - botnets
KW - business models
KW - darkweb
KW - economics
KW - forum
KW - marketplace
KW - takedowns
UR - http://www.scopus.com/inward/record.url?scp=85151528608&partnerID=8YFLogxK
U2 - 10.1145/3575808
DO - 10.1145/3575808
M3 - Journal article
AN - SCOPUS:85151528608
SN - 0360-0300
VL - 55
JO - ACM Computing Surveys
JF - ACM Computing Surveys
IS - 11
M1 - 219
ER -