“Help,I’ve Been Hacked!”: Insights from a Corpus of User-Reported Cyber Victimization Cases on Twitter

Abstract

Understanding users is critical to develop secure IT systems and effective cybersecurity solutions. Unfortunately, research that analyzes user cybersecurity behaviors and experiences is limited. Motivated by work in public health that relies on Twitter user-reported health conditions, we explore using Twitter to understand user victimization experiences. Observing that users often self-report victimization (Help, I’ve been hacked!), we construct a corpus of 2,910 Tweets representing user reports of victimization experiences. We label these reports with information about the affected device or account and the associated consequences, as expressed by the users themselves. We begin to uncover trends in compromise in addition to startling attitudes and behaviors that security practitioners must contend with when developing cybersecurity solutions. To the best of our knowledge, this is one of the first papers to construct and analyze a dataset of cyber victimization user reports.

Get full access to this article

View all access options for this article.

References

Sheng

Holbrook

Kumaraguru

Cranor

L. F.

Downs

(2010, April). Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 373-382). ACM.

Parrish

J. L.

Jr Bailey

J. L.

Courtney

J. F

. (2009). A personality based model for determining susceptibility to phishing attacks. Little Rock: University of Arkansas, 285-296.

Darwish

El Zarka

Aloul

(2012, December). Towards understanding phishing victims' profile. In 2012 International Conference on Computer Systems and Industrial Informatics (pp. 1-5). IEEE.

Mohebzada

J. G.

El Zarka

BHojani

A. H.

Darwish

(2012, March). Phishing in a university community: Two large scale phishing experiments. In 2012 International Conference on Innovations in Information Technology (IIT) (pp. 249-254). IEEE.

Gratian

Bandi

Cukier

Dykstra

Ginther

. (2018). Correlating human traits and cyber security behavior intentions. Computers & Security, 73, 345-358.

Lalonde Levesque

Nsiempba

Fernandez

J. M.

Chiasson

Somayaji

. (2013, November). A clinical study of risk factors related to malware infections. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (pp. 97-108). ACM.

Coppersmith

Dredze

Harman

(2014). Quantifying mental health signals in Twitter. In Proceedings of the workshop on computational linguistics and clinical psychology: From linguistic signal to clinical reality (pp. 51-60).

Eichstaedt

J. C.

Schwartz

H. A.

Kern

M. L.

Park

Labarthe

D. R.

Merchant

R. M.

Weeg

(2015). Psychological language on Twitter predicts county-level heart disease mortality. Psychological science, 26(2), 159-169.

Sabottke

Carl

Suciu

Octavian

Dumitras

Tudor

. (2015). Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits. In Proceedings of the 24th USENIX Security Symposium (pp. 1041-1056). USENIX.

10.

Mittal

Sudip

Kumar Das

Prajit

Mulwad

Varish

Joshi

Anupam

Finin

Tim

. (2016). Cybertwitter: Using twitter to generate alerts for cybersecurity threats and vulnerabilities. In Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. (pp. 860-867). IEEE.

11.

Achrekar

Gandhe

Lazarus

S. H.

Liu

(2011, April). Predicting flu trends using twitter data. In 2011 IEEE conference on computer communications workshops (INFOCOM WKSHPS) (pp. 702-707). IEEE.

12.

Golbeck

(2018, July). Predicting Alcoholism Recovery from Twitter. In International Conference on Social Computing, Behavioral-Cultural Modeling and Prediction and Behavior Representation in Modeling and Simulation (pp. 243-252). Springer, Cham.

13.

Zangerle

Specht

(2014, March). Sorry, I was hacked: a classification of compromised twitter accounts. In Proceedings of the 29th Annual ACM Symposium on Applied Computing (pp. 587-593). ACM.

14.

Grier

Thomas

Paxson

Zhang

(2010, October). @ spam: the underground on 140 characters or less. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 27-37). ACM.

15.

Foley

Timonen

(2015). Using grounded theory method to capture and analyze health care experiences. Health services research, 50(4), 1195-1210.

16.

Bort

(2017, November). 50 startups that will boom in 2018, according to VCs. Retrieved from http://www.businessinsider.com/50-startups-to-boom-in-2018-according-to-vcs-2017-11.

17.

Polvi

Looman

Humphries

Pease

(1991). The time course of repeat burglary victimization. The British Journal of Criminology, 31(4), 411-414.