Online Research, Can We Believe Online Interviews?

Based on my readings of research ethics in a graduate course on research in the information systems field.

While reading through the content for the research ethics unit, the point about honesty in online interviews was particularly relevant and of interest to me.

As part of my RLO (Reusable Learning Object) I decided to conduct some online interviews with people I found engaging in online dark markets and chat rooms. One of the main points was the question of can you really trust what online people tell you? Given they may take on some other online persona. When engaging in online research it’s sometimes recommended that phone interviews be preferred over text when possible. Yet with the topic of cybercrime this becomes even more difficult as the suggestion of a voice-to-voice call may be enough to scare away a potential interview subject.

We can’t blindly trust and believe what we are told, or that we are even talking to who we think we are talking to. Yet these types of interviews are still useful. By conducting several interviews and gathering data we can sometimes detect lies, and then the lies themselves become a data point for analysis. We can gain new insights by considering why a lie might have been told.

I took inspiration from a book I’m reading on a similar topic called Industry of Anonymity: Inside the Business of Cybercrime, the book explores different aspects of cybercrime and a lot of the research was done by talking with and interviewing participants in the industry online. In total he must have interviewed 50-100 different people on topics related to cybercrime, both criminals and police in units who fight it.

He prefaces the book with a section on the exact topic of can we trust it. He mentions that interviewees may have their own motivations to distort stories. Either to ingratiate themselves, hide their identity, or smear people they had a falling out with. Even beyond intentional misleading there is always the issue of people not remembering things as they really happened.

However when you compile 50-100 of such interviews the resulting collection is more powerful than any single interview. When the topic is similar you’ll see trends among stories from unrelated people which gives real insights into the industry.

I completed my first interview this week with the developer of an “email bombing as a service” business. One of the first questions I asked was about their background. According to them they’re a high-school girl who has been programming for 3 years. A story which is possible but unlikely. According to Jonathan Lusthaus the author previously mentioned, little is known about the demographics of cybercriminals, except for the fact that well over 95% are male.

Yet the possibility of someone “posing” as a high-school girl and creating a new persona only adds to our insights into how these online marketplaces operate. The creation of an unlikely persona may help the real person behind the computer screen keep their identity secret while at the same time act as a sort of marketing gimmick, gaining attention by pretending to be a hacker wonder girl. Of course there is always the possibility that she’s telling the truth.

As a sort of trade with this hacker/developer I agreed to post a blog promoting their service in exchange for the interview. The full interview can be found here, though it will also be included as part of a subsection of my RLO on the topic of cyber-crime and security.