Cybercrimeology is a podcast about cybercrime, its research and its researchers. We talk to top researchers from around the world to learn about different forms of cybercrime and their research. We learn about cybercrime theory, organized crime online, Darknet drug markets, cybercrime awareness and crime prevention, technology-facilitated intimate partner violence and much more.
The podcast has been running since November of 2019 and there is still so much to learn. I am happy to have you along for the journey into this fascinating subject.
📻 Siste episoder av Cybercrimeology
Her er de nyeste episodene tilgjengelige via RSS-feeden:
Systematically Improving Cybersecurity Training (00:49:19)
Notes:Julia Prümmer describes her transition from legal psychology into cybersecurity research and how psychological methods shape her approach to cybersecurity training.The discussion explores the role of systematic reviews in mapping what a research field actually knows, rather than relying on highly visible or frequently cited studies.Findings from a large-scale systematic review of cybersecurity training methods are discussed, highlighting the diversity of training approaches used across the literature.The episode examines results from a meta-analysis assessing the overall effectiveness of cybersecurity training and the gap between improvements in precursors such as knowledge and intentions versus observable behaviour.Julia explains why many cybersecurity training programmes lack explicit behavioural theory and rely on trial-and-error design choices.A key theme is the distinction between cybersecurity behaviours that require active engagement, such as phishing detection, and behaviours that may benefit from habit formation, such as screen locking or password management.The conversation draws on research into email habits and phishing susceptibility to illustrate how habitual behaviour can increase vulnerability in certain contexts.Julia discusses the use of psychological theory, including habit formation and implementation intentions, to design and evaluate cybersecurity training interventions.The episode concludes with reflections on the future of cybersecurity training research and the need for behaviour-specific, theory-informed models.About our Guest:Julia Prümmerhttps://www.universiteitleiden.nl/medewerkers/julia-prummer#tab-1https://www.linkedin.com/in/julia-prümmer-376778159/Papers or resources mentioned in this episode Prümmer, J., van Steen, T., & van den Berg, B. (2024). A systematic review of current cybersecurity training methods. Computers & Security, 136, 103585.https://doi.org/10.1016/j.cose.2023.103585Prümmer, J. (2024). The role of cognition in developing successful cybersecurity training programs: Passive vs. active engagement. In D. D. Schmorrow & C. M. Fidopiastis (Eds.), Augmented cognition. HCII 2024 (Lecture Notes in Computer Science, Vol. 14695, pp. 185–199). Springer.https://scholarlypublications.universiteitleiden.nl/handle/1887/4093101Prümmer, J., van Steen, T., & van den Berg, B. (2025). Assessing the effect of cybersecurity training on end-users: A meta-analysis. Computers & Security, 150, 104206.https://doi.org/10.1016/j.cose.2024.104206Vishwanath, A. (2015). Examining the distinct antecedents of e-mail habits and its influence on the outcomes of a phishing attack. Journal of Computer-Mediated Communication, 20(5), 570–584.https://doi.org/10.1111/jcc4.12126Other If this topic of training as an intervention to reduce susceptibility to cybercrime, you might also enjoy the recent Episodes 123, 116, 110, 106, 60, and 59 that are all on related topics. If you are brave you can even go right back to Episodes 6, 7 and 8, there is a lot to listen to.
The Human beneath the Hoodie: Profiling pathways into cybercrime (00:33:48)
otes:Melissa completed her PhD after two decades of operational work, bringing a pracademic perspective to cyber profiling and offender pathways.Her research focuses on understanding the human behind the keyboard through developmental history, motivation and lived experience.Initial motivations among hackers often centre on curiosity, challenge seeking and belonging rather than financial gain.Many participants reported early interest in technology, solitary online activity and experiences they described as destabilising events.Melissa distinguishes between lawful and criminal pathways using indicators such as modifying games, low self-control and a history of property offending.Her work highlights misunderstandings about intent, the role of gamification and the abstraction of harm when offending takes place online.She argues that cybercrime is a societal problem requiring early education, parental and teacher capability building and partnerships with tech and gaming companies.Diversion programs are essential to guide youth with technical interest toward prosocial cybersecurity roles rather than criminalisation.About our guest:Dr Melissa Martineauhttps://www.linkedin.com/in/melissa-martineau-369bb5258/https://www.captechu.edu/webinar-series-melissa-martineauPapers or resources mentioned in this episode:Martineau, M. (2023). The pathways of cyber dependent offenders. Journal of Cybercriminology, 3(3), 32.https://www.mdpi.com/2673-6756/3/3/32Martineau, M. (2024). Distinguishing lawful and criminal hacker trajectories. Journal of Cybercriminology, 4(4), 45.https://www.mdpi.com/2673-6756/4/4/45Other:Dr Martineau wanted to share something called PRISMA (Preferred Reporting Items for Systematic reviews and Meta-Analyses) which is a helpful guideline designed to improve the reporting of systematic reviews. You can find out more about it here. http://www.prisma-statement.org
Courses, Clicks and Consequences: Empiricizing Enterprise Security (01:04:28)
Episode Notes:Dr Ho describes an empirical research agenda focused on how security actually operates in organisations. He explains his experience with getting this research off the ground to allow them to perform the research in this setting.Study setting and scope: eight-month randomised controlled trial at UC San Diego Health involving ~19,500 employees and ten distinct phishing campaign lures.Annual awareness training: the study found no significant relationship between how recently staff completed the mandated course and their likelihood of failing a simulated phishing campaign.Embedded training (when someone clicks a phishing simulation and is immediately redirected to training): the measurable improvement was very small (≈2% reduction in failure rate) and varied significantly by lure and engagement.Engagement challenge: The vast majority of embedded-training sessions were extremely short or incomplete, a key factor in explaining limited effect size.Variability of lure difficulty: Some phishing lures elicited very low click-rates (~1.8%) while others up to ~30.8%, indicating that the phishing stimulus matters as much as, or more than, the training intervention.Practical takeaway: Organizations should treat training (especially annually mandated modules) as only one part of a broader defence strategy, and design empirical measurement systems (including controls, realistic lures, and sustained engagement) before assuming large effect sizes.About our Guest:Dr Grant Ho Profile: https://cs.uchicago.edu/people/grant-ho/Papers or resources mentioned in this episode:Ho, G.; Mirian, A.; Luo, E.; Tong, K.; Lee, E.; Liu, L.; Longhurst, C.A.; Dameff, C.; Voelker, G.M. (2025). Understanding the Efficacy of Phishing Training in Practice: A Randomized Controlled Trial at a Large Health Organisation. Presented at the IEEE Symposium on Security & Privacy (May 2025). Full PDF: https://people.cs.uchicago.edu/~grantho/papers/oakland2025_phishing-training.pdfOther: I mentioned some figures about the spending on cybercsecurity education and training, You can find those here. Canadian Survey of Cyber Security and Cybercrime (CSCSC)https://www23.statcan.gc.ca/imdb/p2SV.pl?Function=getSurvey&SDDS=5244Get convenient Excel Tables of the Statistics from 2017 and 2019. https://www.serene-risc.ca/en/statistics-canadaOther Other:Dr Ho was great to chat with and has a long history of researching phishing, Some of his older work that is more technical in nature, as so we didn't talk about in the episode, but in the case that it might be interesting to you, here are some links: Ho, G., Sharma, A., Javed, M., Paxson, V., & Wagner, D. (2017). Detecting Credential Spearphishing Attacks in Enterprise Settings. In Proceedings of the 26th USENIX Security Symposium (USENIX Security ’17), Vancouver, BC, Canada, August 16-18, 2017. USENIX Association. ISBN 978-1-931971-40-9.PDF: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-ho.pdf USENIX+2USENIX+2Presentation page: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/hoUSENIX+1Ho, G., Cidon, A., Gavish, L., Schweighauser, M., Paxson, V., Savage, S., Voelker, G. M., & Wagner, D. (2019). Detecting and Characterizing Lateral Phishing at Scale. In Proceedings of the 28th USENIX Security Symposium (USENIX Security ’19), Santa Clara, CA, USA, August 14-16, 2019. USENIX Association. ISBN 978-1-939133-06-9.PDF: https://www.usenix.org/system/files/sec19-ho.pdf USENIX+1Presentation page: https://www.usenix.org/conference/usenixsecurity19/presentation/ho USENIX
The many minds of MITRE: building multidisciplinary human insider-risk research (00:44:11)
Trigger warning: This episode includes discussion of suicide in the context of researching measurable predictive indicators and the lack thereof in the context of cyber. Episode NotesDr Caputo's path from social psychology to applied security, including intelligence analysis and building a behavioural-science team at MITRE.What MITRE is: a not-for-profit operating six federally funded R&D centres that provide independent, public-interest research alongside government.Why early “indicator” hunting on endpoints often chased the last bad case; shifting to experiments and known-bad/created-bad data to learn patterns of behaviour change.The LinkedIn recruiter field experiment: ethically approved creation of recruiter personas, staged outreach in three messages, and follow-up interviews to understand reporting barriers.What user-activity monitoring can and cannot tell you; the role of human judgement and programme design.Insider-risk is not only “malicious users”: designing programmes for negligent, mistaken or outsmarted behaviours as well.Current lines of work include improving employee recognition and reporting of malicious elicitations and exploring whether insider-risk telemetry offers early signals of suicide risk.Why multidisciplinary teams beat solo efforts in insider-risk operations.About our guest:Dr. Deanna D. Caputo MITRE Insider Threat Research & Solutions profile: https://insiderthreat.mitre.org/dr-caputo/ LinkedIn: https://www.linkedin.com/in/dr-deanna-d-caputoPapers or resources mentioned in this episode:Caputo, D. D. (2024). Employee risk recognition and reporting of malicious elicitations: Longitudinal improvement with new skills-based training. Frontiers in Psychology. https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2024.1410426/full MITRE Insider Threat Research & Solutions. (2025). Suicide risk and insider-risk telemetry overview. https://insiderthreat.mitre.org/suicide-risk/ MITRE. (2024). Managing insider threats is a team sport. https://www.mitre.org/news-insights/impact-story/managing-insider-threats-team-sport MITRE Insider Threat Research & Solutions. (2024). Capability overview two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-CapabilityTwoPager-24-0659_2024-02-01.pdf MITRE Insider Threat Research & Solutions. (2024). Insider Threat Behavioural Risk Framework two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-InTFramework_TwoPager-24-0674_2024-03-18.pdf
Follow the Honey: Experiments in Cybercriminal Decision-Making (00:30:54)
Show Notes:Daniëlle began her academic path in psychology, later moving into criminology through her interest in decision making and online behaviour.Her PhD research at NSCR focuses on cybercriminal decision making, using honeypots and experiments in real online environments.Early experiments tested how different rewards affected access attempts on fake accounts.A major focus has been on the impact of Operation Cookie Monster (2023), which disrupted the Genesis Market. Danielle’s work examined how this law enforcement operation influenced behaviour and moderation practices on hacker forums.She emphasizes the value of experiments in the field, which allow researchers to test criminological theories with live offender behaviour, while balancing strict ethical and legal safeguards.About our guest:Danielle StibbeNSCR Profile Page: https://nscr.nl/en/medewerker/danielle-stibbe-msc/Google Scholar: https://scholar.google.com/citations?user=1fsHJEgAAAAJ&hl=enLinkedIn: https://www.linkedin.com/in/danielle-stibbe/?originalSubdomain=nlPapers or resources mentioned in this episode:Onaolapo, J., Mariconti, E., & Stringhini, G. (2016). What happens after you are pwnd: Understanding the use of leaked webmail credentials in the wild. Proceedings of the 2016 Internet Measurement Conference. https://doi.org/10.1145/2987443.2987475Europol (2023). Operation Cookie Monster: Genesis Market taken down in coordinated international action.https://www.europol.europa.eu/media-press/newsroom/news/operation-cookie-monster-genesis-market-taken-down-in-coordinated-international-actionOxford Handbook of Criminal Decision Making (2016). Eds. Bruinsma & Weisburd. Oxford University Press.Other:The open science framework https://osf.io
Crime Online: Hashtag Like and Subscribe, or don't (00:29:54)
Episode NotesAbout our guest:Dr. Francesco Carlo CampisiPhD in Criminology, Université de MontréalResearcher, International Centre for Comparative Criminology🔗 https://www.cicc-iccc.org/fr/personnes/etudiants-supervises/carlo-campisi🔗 https://www.linkedin.com/in/francesco-carlo-campisi-aa3576125/Topics discussed in this episode:From street gangs to digital deviance: a research trajectoryWhy “recruitment” doesn’t fit how modern movements growHow groups like QAnon and Anonymous influence participation onlineUsing social media metrics to measure engagementEmotional capital, visibility, and symbolic participationUpdating resource mobilization theory for digital contextsHashtag hijacking and online visibility strategiesStochastic terrorism and the challenge of lone-wolf violencePapers or resources mentioned in this episode:Campisi, F. (2024). Unveiling the digital underworld – Exploring cyberbanging and recruitment of Canadian street gang members on social media. Canadian Journal of Criminology and Criminal Justice, 66. https://doi.org/10.3138/cjccj-2023-0033Campisi, F., Fortin, F., & Néron, M.-E. (2022). Hacktivists from the inside: Collective identity, target selection and tactical use of media during the Quebec Maple Spring protests. Presented at the ICCC Symposium. Available on ResearchGateCampisi, F., & Beauregard, E. (2025). QAnon’s use of hashtag hijacking on X and its impact on online engagement. SSRN preprint. LinkMcCarthy, J. D., & Zald, M. N. (1977). Resource mobilization and social movements: A partial theory. American Journal of Sociology, 82(6), 1212–1241.Vigil, J. D. (1988). Barrio gangs: Street life and identity in Southern California. University of Texas Press. https://www.ojp.gov/ncjrs/virtual-library/abstracts/barrio-gangs-street-life-and-identity-southern-california-0Other:If you are curious about the video that was taken down, you should watch this video.https://www.youtube.com/watch?v=PIyrzMThHq8
The Human in_security - deception, weapons, crime & culture (00:27:37)
About our guest:Dr. Iain ReidSenior Lecturer in CybercrimeUniversity of Portsmouthhttps://www.port.ac.uk/about-us/structure-and-governance/our-people/our-staff/iain-reid Topics discussed in this episode:How principles of military deception map onto cybersecurityWhy the phrase “the human is the weakest link” oversimplifies riskWhat it’s like to research developer perspectives on secure softwareThe psychology of decision-making in phishing attacksHow time pressure influences risky digital behaviourThe limits of “security culture” as an organizational solutionHow cyber deception fits within defence-in-depth Papers or resources mentioned:Reid, I., Okeke-Ramos, A., & Serafin, M. (2024). Exploring the ethics of cyber deception technologies for defensive cyber deception. In P. Bednar, J. Kävrestad, E. Bergström, M. Rajanen, H. V. Hult, A. M. Braccini, A. S. Islind, & F. Zaghloul (Eds.), Proceedings of the 10th International Conference on Socio-Technical Perspectives in Information Systems (STPIS 2024) (pp. 140-148). (CEUR Workshop Proceedings). https://ceur-ws.org/Vol-3857Whaley, B. (2007). Stratagem: deception and surprise in war. Artech.Rowe, N.C., Rrushi, J. (2016). Measuring Deception. In: Introduction to Cyberdeception. Springer, Cham. https://doi.org/10.1007/978-3-319-41187-3_11Ashenden, D., Ollis, G., & Reid, I. (2022, October). Dancing, not Wrestling: Moving from Compliance to Concordance for Secure Software Development. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (pp. 1-9).Paris Call for Trust and Security in Cyberspacehttps://pariscall.international OtherI would like to thank Dudley the French Bulldog for the invaluable (unavoidable) contribution to this episode.
Visualizing Conti: Revealing the Business of Ransomware-as-a-Service through New Analytical Techniques (00:27:50)
In this episode:How Estelle became involved in ransomware research between degreesThe scale and origin of the ContiLeaks datasetUsing machine learning and topic modelling to analyse criminal group communicationsWhat the internal chat data revealed about the organizational structure of ContiSurprising insights about roles, specializations, and tasking within a criminal enterpriseWhy making cybercrime research accessible through data visualization mattersAbout our guest:Estelle Ruellanhttps://www.linkedin.com/in/estelle-ruellan/Papers or resources mentioned in this episode:Ruellan, E., Paquet-Clouston, M., & Garcia, S. (2024).Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning. Crime Science, 13, 16. https://doi.org/10.1186/s40163-024-00212-yFlare Data Explorer – Explore cybercrime datasets visually:https://flare.io/flare-data-explorer/Other:Wikipedia – Conti (ransomware): https://en.wikipedia.org/wiki/Conti_(ransomware)Wikipedia – Topic model: https://en.wikipedia.org/wiki/Topic_model
Fake It Until You Break It: The pay-to-publish paper mills exploiting the over metrification of Science (00:39:53)
Notes:Paper mills are fraudulent commercial enterprises that fabricate scientific papers and sell authorship, citations, and other academic credentials—often at scale.Sarah Eaton and Sabina Alam first collaborated through COPE (Committee on Publication Ethics) and later worked together in United2Act, an international initiative focused on tackling paper mills.The conversation draws parallels between scientific paper mills and contract cheating in higher education, both of which undermine academic integrity for financial gain.Eaton and Alam discuss how metrics-based performance systems in universities and publishing environments create conditions ripe for abuse.Publishers and universities historically avoided transparency, but the scale of the problem has led to greater collaboration between stakeholders.The duo share insights into early warning signs of fraudulent submissions and describe the development of technological and administrative countermeasures.Particular attention is given to the harm paper mills cause: from corrupting citation networks to potentially endangering lives with fabricated data in medical journals.The “Andrew Vickers Curse” is discussed as a case study illustrating how citation manipulation by paper mills can entangle innocent researchers.The episode closes with a call for broader participation in the second phase of United2Act, particularly from research funders, IT specialists, and institutional stakeholders.About our guests:Dr. Sarah Elaine Eatonhttps://profiles.ucalgary.ca/sarah-eatonhttps://drsaraheaton.com/about/Dr. Sabina Alamhttps://www.taylorandfrancis.com/about/ethics-integrity/https://www.csescienceeditor.org/article/dr-sabina-alam-shaping-critical-thinking-about-science/ Papers or resources mentioned in this episode:United2Act initiative: https://united2act.orgMagazinov, Alexander. (2023). The Andrew Vickers Curse: secret revealed!, For Better Sciencehttps://forbetterscience.com/2023/07/31/the-vickers-curse-secret-revealed/ Other:Glossary of terms and acronyms:COPE – Committee on Publication Ethics: An international body that provides advice to editors and publishers on all aspects of publication ethics.STM – International Association of Scientific, Technical and Medical Publishers: A global trade association supporting academic publishing and information dissemination.Q1/Q2 Journal – Journals ranked in the top (Q1) or second (Q2) quartile based on impact metrics such as citation counts or journal reputation.Term paper mill – A business that sells pre-written or custom academic papers, often used in contract cheating by students.Contract cheating – A form of academic dishonesty where students outsource assessments to third parties.Retraction – The removal of a published article from the scientific record, typically due to error or misconduct.Desk reject – When a manuscript is rejected by a journal editor before it is sent out for peer review.Citation ring – A group of papers or authors who cite each other extensively to artificially inflate citation metrics.Paper Mills - Organisations or individuals that aim to profit from the creation, sale, peer review and/or citation of manuscripts at scale which contain low value or fraudulent content and/or authorship, with the aim of publication in scholarly journals.A big thank you to the United2Act people for coming out of their comfort zone and chatting to me about this. This bravery is how science as an interdisciplinary pursuit driven by curiosity and collaboration happens.
DeReact, DeFatigue and Deceive: Psychology for Better Cybersecurity Design (00:38:32)
Episode Notes:Dr. Reeves’ Background – Trained as a psychologist, his interest in cybersecurity emerged from a talk connecting human error to security breaches.Cybersecurity Fatigue Defined – A form of disengagement where employees lose motivation to follow security practices due to overload and conflicting advice.Not Just Apathy – Fatigue often affects people who initially cared about cybersecurity but were worn down by excessive or ineffective interventions.Training Shortcomings – Lecture-style, one-way training is frequently perceived as boring, irrelevant, or contradictory to users' experiences.Compliance vs. Effectiveness – Many organizations implement security training to meet legal requirements, even if it fails to change behavior.Reactance in Security – Users may intentionally ignore advice or rules to assert control, especially when training feels micromanaging or patronizing.Better Through Design – Reeves argues that secure systems should reduce the need for user decisions by simplifying or removing risky options altogether.Remove Rather Than Train – Limiting administrative rights is often more effective than trying to educate users out of risky behaviors.Mismatch With Reality – Generic training that conflicts with real policies or system restrictions can confuse or alienate users.Cognitive Load and Decision-Making – Under stress or fatigue, users rely on mental shortcuts (heuristics), which attackers exploit.Personal Example of Being Fooled – Reeves recounts nearly falling for a scam due to time pressure, illustrating how stress weakens judgment.Cybersecurity Buddy System – Recommends encouraging users to consult peers when making sensitive decisions, especially under pressure.Cyber Deception Strategies – Reeves now researches ways to mislead and trap attackers inside systems using decoys and tripwires.Applying Psychology to Attackers – The same behavioral models used to study users can help predict and manipulate attacker behavior.Empowering Defenders – Deception technologies can help security teams regain a sense of agency, shifting from reactive defense to proactive engagemenAbout our guest:Dr. Andrew Reeveshttps://www.linkedin.com/in/andrewreevescyber/https://research.unsw.edu.au/people/dr-andrew-reeveshttps://www.unsw.edu.au/research/ifcyberPapers or resources mentioned in this episode:Reeves, A., Delfabbro, P., & Calic, D. (2021). Encouraging employee engagement with cybersecurity: How to tackle cyber fatigue. SAGE Open, 11(1).https://doi.org/10.1177/21582440211000049Reeves, A., Calic, D., & Delfabbro, P. (2023). Generic and unusable: Understanding employee perceptions of cybersecurity training and measuring advice fatigue. Computers & Security, 128, 103137.https://doi.org/10.1016/j.cose.2023.103137Reeves, A., & Ashenden, D. (2023). Understanding decision making in security operations centres: Building the case for cyber deception technology. Frontiers in Psychology, 14, 1165705.https://doi.org/10.3389/fpsyg.2023.1165705Other:UNSW Institute for Cyber Security (IFCYBER)https://www.unsw.edu.au/research/ifcyber
Wake up Calling: Impacting businesses by communicating cybersecurity risk (00:21:52)
Episode NotesSMEs struggle with cybersecurity due to time, cost, and lack of expertise, despite recognizing its importance.An automated cybersecurity scan was developed to assess SME websites and email security without requiring them to opt-in.Physical reports were mailed instead of emailed to avoid phishing concerns and increase credibility.Reports included security ratings on ten key areas and recommendations for improvement.Businesses were encouraged to consult their existing IT providers for fixes rather than relying on external services.Different risk communication strategies were tested to encourage SMEs to act on the findings.“Anticipated Regret” messaging (“Fix it now or regret it later”) led to the highest cybersecurity improvements.All groups, including the control group, showed some improvement, suggesting broader awareness of cybersecurity issues.Engagement was low, with only a small number of businesses reaching out after receiving the report.Legal concerns about scanning businesses without consent were addressed—publicly available cybersecurity data can be legally assessed.Ethical approval confirmed the project was non-commercial and aimed solely at helping businesses improve security.A follow-up version of the project will introduce an opt-out option before scanning businesses.Industry associations may partner with the project to increase credibility and adoption.The intervention will be scaled up, with more businesses included and a longer time frame for assessing impact.Future plans include adapting the intervention internationally, using lessons learned to assist SMEs in other regions. About Our GuestDr. Susanne van ’t Hoff-de Goedehttps://www.linkedin.com/in/susanne-van-t-hoff-de-goede/https://www.thuas.com/research/centre-expertise/team-cyber-security Resources and Research MentionedExamining Ransomware Payment Decision-making Among SMEsMatthijsse, S. R., Moneva, A., van ’t Hoff-de Goede, M. S., & Leukfeldt, E. R.European Journal of Criminology.Explaining Cybercrime Victimization Using a Longitudinal Population-based Survey Experimentvan ’t Hoff-de Goede, M. S., van de Weijer, S., & Leukfeldt, R.Journal of Crime and Justice, 47(4), 472-491 (2024).How Safely Do We Behave Online? An Explanatory Study into the Cybersecurity Behaviors of Dutch Citizensvan der Kleij, R., van ’t Hoff-de Goede, S., van de Weijer, S., & Leukfeldt, R.In: International Conference on Applied Human Factors and Ergonomics (2021), pp. 238-246.The Online Behaviour and Victimization Studyvan ’t Hoff-de Goede, M. S., Leukfeldt, E. R., van der Kleij, R., …In:Cybercrime in Context: The human factor in victimization, offending, and … (2021). OtherDutch Government Cybersecurity Resourcehttps://english.ncsc.nl(English-language site for the Netherlands’ National Cyber Security Centre)Secure Internetting (in Dutch)https://veiliginternetten.nl/
Anomie.exe: Geography, Strain and the Motivated Cyber Offender (00:22:00)
Episode Summary (Dot Points)Understanding Cybercrime through Strain and Anomie TheoriesDr. Dearden explains how strain theory and anomie theory provide insights into cybercriminal motivations.Discussion on economic and social pressures that push individuals toward cybercrime, including unemployment, inequality, and lack of upward mobility.The Role of Honeypots in Cybercrime ResearchOverview of honeypots—deceptive systems designed to attract cyber attackers.How honeypots help researchers observe and analyze hacker behaviors in real-world settings.Differences in hacking techniques and motivations across different regions.Regional Variations in Cybercriminal ActivitiesWhy cybercrime is not uniformly distributed worldwide despite the internet being a global network.Case studies on West African romance scams, Russian cyber operations, and Indian call center frauds.The interplay between legitimate and illegitimate economies in cybercrime hotspots.Cybercrime and Economic OpportunityFindings from recent research on how financial strain vs. greed influences cybercrime.The role of cryptocurrency in enabling financial cybercrimes and providing anonymity to offenders.Discussion on how cybercrime prevention strategies need to address offender motivations, not just security vulnerabilities.Future Research and Policy ImplicationsThe need for broader, structural changes to mitigate cybercrime, rather than relying solely on reactive security measures.How cross-national studies and criminological data collection can improve cybercrime prevention strategies.Upcoming projects on measuring cyber-offending patterns and regional differences in hacking behavior.About Our GuestDr. Thomas Deardenhttps://liberalarts.vt.edu/departments-and-schools/department-of-sociology/faculty/thomas-dearden.htmlPapers and Resources Mentioned in This EpisodeDearden, T. E., & Gottschalk, P. (2024).Convenience Theory and Cybercrime Opportunity: An Analysis of Online Cyberoffending.Deviant Behavior.DOI LinkParti, K., & Dearden, T. (2024).Cybercrime and Strain Theory: An Examination of Online Crime and Gender.International Journal of Criminology and Sociology. https://doi.org/10.6000/1929-4409.2024.13.19Dearden, T. E., Parti, K., & Hawdon, J. (2022).Institutional Anomie Theory and Cybercrime: Cybercrime and the American Dream.Journal of Contemporary Criminal Justice. https://doi.org/10.1177/10439862211001590 Related Episodes Featuring Dr. DeardenEpisode 39 : Strained Dreams: Cybercrime and Institutional Anomiehttps://www.cybercrimeology.com/episodes/strained-dreams-cybercrime-and-institutional-anomie Other:The Human Factors in cybercrime Conference: https://www.hfc-conference.comWe had a chat in a room with a bunch of people just outside having their own great conversations. Kind of nice to get a little bit of that vibe into the mix. Conferences can be a lot of fun ;)/.To the best of my knowledge, no bovines were harmed during the recording of this episode.
The Ethical Hacker Pathway: Exploring Positive Cyber Behavior (00:23:21)
Key Points Discussed:Defining Ethical Hacking: Ethical hackers use their skills to identify and report vulnerabilities, often to enhance cybersecurity in various capacities, including voluntary work, bug bounty programs, or professional roles.Research Focus: Dr. Weulen Kranenbarg’s studies highlight a significant overlap between positive and negative cyber behaviors, particularly among IT students, and explore how individuals transition toward ethical hacking.Ethical Hacking as a Pathway:Early positive experiences, such as reporting vulnerabilities to schools or organizations, can strongly influence individuals toward ethical hacking.Responses from organizations play a critical role—positive reinforcement encourages further ethical behavior, while negative experiences can deter individuals.Challenges in Defining Ethics:Ethical hackers themselves debate the boundaries of what constitutes ethical behavior, such as whether making vulnerabilities public is acceptable if organizations fail to act.The term "ethical hacker" is often contentious within the community.Role of Education: Schools struggle to address and guide ethical behavior among IT students effectively. Clear vulnerability disclosure policies and ethics education in IT programs are crucial.Future Research Directions: Dr. Weulen Kranenbarg plans to conduct life-history interviews with hackers to better understand their pathways and influences toward ethical behavior.About our Guest:Dr Marleen Weulen Kranenbarghttps://research.vu.nl/en/persons/marleen-weulen-kranenbarg Papers or Resources Mentioned:Weulen Kranenbarg, M. (2018). Cyber-offenders versus traditional offenders: An empirical comparison. Vrije Universiteit Amsterdam. Retrieved from https://research.vu.nl/en/publications/cyber-offenders-versus-traditional-offenders-an-empirical-comparisonWeulen Kranenbarg, M., Ruiter, S., & Nieuwbeerta, P. (2018). Cyber-offending and traditional offending over the life-course: An empirical comparison. Crime & Delinquency, 64(10), 1270–1292. https://doi.org/10.1177/0011128718763134Weulen Kranenbarg, M., Holt, T. J., & van Gelder, J.-L. (2021). Contrasting cyber-dependent and traditional offenders: A comparison on criminological explanations and potential prevention methods. In J. van Gelder, H. Elffers, D. Reynald, & D. Nagin (Eds.), Routledge International Handbook of Criminology and Criminal Justice Studies (pp. 234–249). Routledge. Retrieved from https://research.vu.nl/en/publications/contrasting-cyber-dependent-and-traditional-offenders-a-comparisoWeulen Kranenbarg, M., & Noordegraaf, J. (2023). Why do young people start and continue with ethical hacking? A qualitative study on individual and social aspects in the lives of ethical hackers. Criminology & Public Policy, 22(3), 465–490. https://doi.org/10.1111/1745-9133.12640Additional Resources:Capture the Flag (CTF) events:Hack the Box - A popular online platform offering a variety of CTF challenges to test and improve cybersecurity skills.https://www.hackthebox.comNorthSec - A popular in-person CTF competition designed for everyone excited about cybersecurity.https://nsec.ioBug Bounty Programs:HackerOne - A leading bug bounty platform connecting ethical hackers with organizations to find and fix vulnerabilities.https://www.hackerone.comBugcrowd - A platform that hosts bug bounty programs for a wide range of companies and industries.https://www.bugcrowd.com
Building the Basics: Preparing Officers for the Present and Researching Training for the Future (00:25:05)
About Our Guest:Dr. Tom Holthttps://cj.msu.edu/directory/holt-tom.htmlKey Topics Discussed:Dr. Tom Holt emphasized the urgent need for consistent and evidence-based cybercrime training in law enforcement, pointing out disparities in how local agencies handle these crimes.He highlighted the challenges agencies face in responding to cyber-enabled and cyber-dependent crimes, particularly in rural areas.Dr. Holt discussed the development of training modules covering both basic digital evidence handling and specialized topics tailored to agency needs.The conversation underscored the importance of bridging resource gaps between rural and urban agencies.Dr. Holt explained how police leadership’s support is crucial for improving the adoption and effectiveness of training programs.The prevalence of interpersonal cybercrimes like sextortion and fraud, often encountered by local officers, was addressed.Dr. Holt elaborated on long-term evaluation plans for these training programs, aiming to measure their impact on officers and agencies.He also discussed the potential for a national standard curriculum to bring consistency to cybercrime training across the U.S.Papers and Resources Mentioned:Articles on the Training Center Initiative:Cybercrime Training at MSU –https://cj.msu.edu/community/cyber-center/cyber-center-home.htmlProgram announcement - https://msutoday.msu.edu/news/2024/msu-receives-$1M-to-create-center-for-cyber-security-trainingOther:This episode was recorded on location in at HEC Montreal. The occasional background noise from students only adds to the vibrant atmosphere of the discussion. So you can’t complain about the noise being distracting, consider it an authentic experience!
The Open Science Revolution: Building Trust with Transparency (00:28:24)
Episode NotesEpisode SummaryIntroduction to Open Science – Asier Moneva introduces open science, emphasizing transparency and replicability as essential to modern research.Importance of Transparency – He explains how transparency builds trust, enabling other researchers to assess rigor and replicate findings accurately.Preregistration and Registered Reports – Asier discusses these practices, which require researchers to specify methodologies and hypotheses before data collection to reduce bias.Challenges in Adoption – He notes that implementing open science practices can be challenging due to academic pressures and resource limitations.The “Publish or Perish” Culture – We highlight how the pressure to publish quickly can conflict with the time-intensive requirements of open science.Academic Incentives and Misaligned Goals – We critique the academic reward system that often favors quantity over quality, which can detract from scientific rigor.Advantages for Public Accessibility – Open science also enhances public accessibility, making research available beyond academia and helping inform public policy.Ethical Considerations in Research – Asier emphasizes that open science fosters ethical research practices by reducing questionable practices like p-hacking and selective reporting.Benefits of Open Science for Collaboration – The approach encourages collaboration across disciplines and institutions, providing a more comprehensive understanding of complex issues.Real-World Example of Retraction – He mentions a case where a research paper was retracted due to lack of transparency, illustrating the importance of open science practices.Role of Preprints in Open Science – Asier advocates for preprints as a way to share research and receive feedback before formal publication.Challenges with Platform Fragmentation – He observes that the proliferation of research-sharing platforms can hinder accessibility if findings are scattered across multiple sources.Future of Registered Reports – Asier sees registered reports as a future standard, as they align research design with ethical and rigorous science.Open Science as a Solution to Publication Bias – Open science practices help address publication bias by promoting the dissemination of all research findings, regardless of outcomes.Closing Thoughts on Transparency – Open science is about ensuring reproducibility and holding science accountable, aiming to make research as transparent and accessible as possible.About Our Guest:Asier Monevahttps://asiermoneva.comhttps://nscr.nl/en/medewerker/asier-moneva/https://www.thuas.com/research/research-groups/team-cybercrime-cybersecurityhttps://github.com/amonevahttps://osf.io/7ce24/Resources and References Mentioned in This Episode:The Open Science Framework (OSF)The OSF is an open-source platform supporting transparent and reproducible research across disciplines.The Open Science Framework:https://osf.io/Paper Introducing Registered ReportsThis foundational paper outlines the concept of registered reports, a publishing model aimed at reducing bias and enhancing research rigor.Paper introducing "registered reports":https://psycnet.apa.org/fulltext/2014-20922-001.htmlRetraction Case StudyA recent retraction of a notable article on the replicability of social-behavioral research findings offers insights into challenges within open science practices.RETRACTED ARTICLE: High replicability of newly discovered social-behavioural findings is achievable:https://www.nature.com/articles/s41562-023-01749-9Retraction Note: High replicability of newly discovered social-behavioural findings is achievable:https://www.nature.com/articles/s41562-024-01997-3Podcast episode discussing the retraction in depth:https://open.spotify.com/episode/3rygrbUNocfCEEGd1Byn0V?si=vJDuzQT3S7yJqDEUMycF1w&t=178Other:This episode was recorded in a hotel lobby corner with music playing in the background. If the audio sounds a little unusual at times it is because of the noise removal being used to remove that noise being combined with other ‘sound enhancement’ features. I had to go back in and play around with the audio directly before I was even a little happy. The tools work well but they are a little unpredictable. I am increasingly wary of ‘it just works’ audio editing tools. I would have left it in, but the bots chasing copyright infringement are ravenous and indiscriminate.
Cinematic Cybersecurity: What are movies teaching us about passwords? (00:28:30)
Episode Notes:The research focuses on analyzing the representation of passwords and cyber threats in films, particularly how password guessing and hacking scenes influence public perceptions of security.Movies both reflect societal attitudes towards cybersecurity and shape them, as many viewers learn about cyber behaviors through entertainment rather than formal education.The research indicates that films often oversimplify or dramatize hacking scenes, leading to unrealistic expectations about password security.A key finding from the research is that while weak passwords (e.g., “12345”) are mocked in films, even strong passwords are often guessed or hacked with ease, sending the wrong message to audiences about the value of strong security practices.There may be value to educating the public about cybersecurity in the same way people are taught first aid in Germany—everyone should know the basics.One of the challenges of using crowd-sourced subtitle data for academic research was that it required additional work to assure reviewers that the research is ethical.About our Guest:Maike Raphaelhttps://www.itsec.uni-hannover.de/en/usec/team/raphael Papers or resources mentioned in this episode:Raphael, M. M., Kanta, A., Seebonn, R., Dürmuth, M., & Cobb, C. (2024). Batman hacked my password: A subtitle-based analysis of password depiction in movies. In Proceedings of the Twentieth Symposium on Usable Privacy and Security (pp. 199-211). USENIX Association. https://www.usenix.org/conference/soups2024/presentation/raphael Other relevant resources:Information and supplementary materials on the paper "Batman Hacked My Password"https://www.itsec.uni-hannover.de/de/usec/forschung/medien/password-depiction-in-moviesIf you are interested in the right to download the subtitles. The data source (opensubtitles.org) statement regarding copyright.https://www.opensubtitles.org/en/dmcaThe website has an API with the no limit to the total number of subitles that can be downloaded, only rate limiting. The research team didn't obtain the subtitles this way, but the source they got them from may have. In either case it shows opensubtitles.org views about how their service can be used. https://opensubtitles.stoplight.io/docs/opensubtitles-api/e3750fd63a100-getting-startedOther:I had a bunch of movie clips that I was going to include as examples, but with the way that platforms handle DMCA I just don't want to have to bother with trying to assert a claim to fair use. If you are interested I would recommend having a look at the password scene from Horse Feathers (1932) with Groucho Marx, and there is a scene in Iron Man 3 (2013) where Tony Stark asks James Rhodes for his password, and everyone laughs at the bad password. I recommend you watch Kung Fury from 2015 for their parody treatment of the "hackerman". It is actually on YouTube https://youtu.be/bS5P_LAqiVg?si=-OL8Mr1OLY9Dd081
Signals, Deception, and AI: Navigating Trust in the Digital World (00:44:09)
About our Guest:Judith Donathhttps://cyber.harvard.edu/people/jdonathKey Discussion Points:Understanding Signaling Theory:The foundation of signaling theory in communication.The balance between honest and deceptive signals.Evolutionary Biology and Communication:Darwin's insights on animal communication.Zahavi's Handicap Principle and its role in ensuring signal honesty.Maynard Smith's Index Signals and their reliability without cost.AI and the Evolution of Communication:The impact of AI on the reliability of communication signals.Challenges posed by deepfakes in video and audio.The arms race between deception technologies and verification methods.Cultural and Institutional Roles:How culture and institutions uphold the reliability of signals.The interplay between technological advancements and societal norms.Future of Communication in the Digital Age:Strategies for developing secure communication channels.Balancing privacy with the need for verification.The role of trusted sources in maintaining signal integrity.Papers and Books Mentioned:Turing, A. M. (1950). Computing machinery and intelligence. Mind, 59(236), 433-460. https://doi.org/10.1093/mind/LIX.236.433Zahavi, A. (1975). Mate selection—a selection for a handicap. Journal of Theoretical Biology, 53(1), 205-214. https://doi.org/10.1016/0022-5193(75)90111-3Veblen, T. (1899). The Theory of the Leisure Class. New York: Macmillan.https://moglen.law.columbia.edu/LCS/theoryleisureclass.pdfhttps://dn720401.ca.archive.org/0/items/theoryofleisurec01vebl/theoryofleisurec01vebl.pdfWeizenbaum, J. (1966). ELIZA—A computer program for the study of natural language communication between man and machine. Communications of the ACM, 9(1), 36-45. https://doi.org/10.1145/365153.365168Donath, J. S. (2002). Identity and deception in the virtual community. In Communities in cyberspace (pp. 37-68). Routledge.https://vivatropolis.com/papers/Donath/IdentityDeception/IdentityDeception.pdfCurrent Progress on the forthcoming book: Signals, Truth & Designhttps://vivatropolis.com/judith/signalsTruthDesign.htmlDonath, J. (2014). The social machine: designs for living online. MIT Press.https://direct.mit.edu/books/monograph/4037/The-Social-MachineDesigns-for-Living-OnlineOther:The Story about the Ferrari executive Deepfake attempthttps://www.carscoops.com/2024/07/ferrari-ceo-impersonator-uncovered-by-colleague-in-deepfake-call/We geeked out for a moment on Programming languages. Learn about them here.The C languagehttps://en.wikipedia.org/wiki/C_(programming_language)Introduction to Chttps://www.w3schools.com/c/c_intro.phpAPL Languagehttps://en.wikipedia.org/wiki/APL_(programming_language)Learn APLhttps://xpqz.github.io/learnapl/intro.htmlTry APLhttps://tryapl.orgLISP Languagehttps://en.wikipedia.org/wiki/Lisp_(programming_language)Learn LISPhttps://www.geeksforgeeks.org/introduction-to-lisp/
Mapping the Digital Threat: The Geography of Cybercrime (00:32:34)
Notes:Background in Sociology: Dr. Miranda Bruce started in sociology, focusing on the dynamics of power and institutions.PhD Research: Her PhD explored the Internet of Things (IoT) using post-structuralist French theory to understand technological reality.Transition to Cybercrime: Transitioned from IoT research to a project on the geography of cybercrime, partnering with a local Australian university and the University of Oxford.Cybercrime as a Local Phenomenon: Emphasized that cybercrime is not just a global issue but has significant local dimensions.Mapping Cybercrime: Developed methods to map cybercrime hotspots to understand where cybercrime is coming from and why.Importance of Local Factors: Identified that local factors play a crucial role in the proliferation of cybercrime in specific areas.Intervention Strategies: Stressed that intervention strategies must be tailored to local conditions as one-size-fits-all approaches are ineffective.Challenges in Measuring Cybercrime: Discussed the difficulties in accurately measuring where cybercrime originates due to technical limitations.Survey of Experts: Utilized expert surveys from cybercrime intelligence and investigations to gather data on cybercrime hotspots.Bias in Data Collection: Addressed potential biases in the data collection process and took steps to ensure diverse and reliable sources.Use of Proxy Data: Chose expert survey data over technical measures or legal cases to get more accurate insights into cybercrime geography.Findings: Key findings indicated that countries like Russia, Ukraine, China, the United States, and Nigeria are significant sources of cybercrime.Analysis of Results: Plans to analyze the collected data to create theoretical models explaining why cybercrime is prevalent in certain areas.Future Research Directions: Aims to develop detailed case studies and collaborate with policymakers to use the data for effective interventions.Open Data: Highlighted the importance of making the data open source to enable further research and collaboration across disciplines.About our guests:Dr Miranda Bruce:https://www.sociology.ox.ac.uk/people/miranda-brucehttps://www.unsw.edu.au/staff/miranda-bruce Papers or resources mentioned in this episode:Bruce, M., Lusthaus, J., Kashyap, R., Phair, N., & Varese, F. (2024). Mapping the global geography of cybercrime with the World Cybercrime Index. PLOS ONE. https://doi.org/10.1371/journal.pone.0249850Bruce, M., & Phair, N. (2020). Mapping the geography of cybercrime: A review of indices of digital offending by country. IEEE European Symposium on Security and Privacy. https://doi.org/10.1109/EuroSPW51379.2020.00013Other:If you were interested in the topic of this episode, you might also enjoy episode 36 "Cyber criminals are people too".
Policing Street Trolls: Navigating Cop Baiting and Digital Extremism (00:33:29)
Notes: Dual Research Focus: Dr. Huey historically focused on policing and victimization, particularly in marginalized communities.Burnout and Shift: Burnout from trauma research led her to shift focus to applied policing research around 2012-2013.Economics of Policing: The federal government's focus on the costs of policing and the "economics of policing" initiative influenced her new research direction.Research Gaps: Realized that existing policing research in Canada had little practical value for informing policing practice and policy.Evidence-Based Policing: Joined the Society for Evidence-Based Policing (SEBP) in the UK to produce actionable research for police and policymakers.Right-Wing Extremism: Discussed the rise of right-wing extremism and its new tactic of targeting police officers, including cop baiting.Cop Baiting Incidents: Examples include interventions by Romana Didulo at the Peterborough Police Service and incidents in Vancouver during trans rights celebrations.Operational Stress: Emphasized the operational stress injuries faced by police officers due to regular exposure to horrific incidents.Public Misconceptions: Highlighted the issue of public and media criticism of police without a full understanding of the complexities involved.Misinformation: Explained how misinformation and disinformation spread about police actions, leading to doxxing and harassment of officers.Cyber Sleuths: Described incidents where online activists exposed personal information about police officers, increasing the risks they face.Convoy Protests: Referenced research on convoy protests and the targeting of police, emphasizing the reality versus media portrayal.False Narratives: Pointed out the persistence of false narratives, such as those surrounding the death of Regis Korchinski-Paquet, which continue to spread online despite being disproven.Call for Applied Research: Called for more applied research to address specific issues in policing and cyber-security rather than broad theoretical studies, stressing the need for better public education to combat misinformation.About our guests:Dr. Laura Hueyhttps://sociology.uwo.ca/people/profiles/Huey.htmlPapers or resources mentioned in this episode:Huey, L., & Ferguson, L. (2024). ‘No one wants to end up on YouTube’: sousveillance and ‘cop-baiting’ in Canadian policing. Policing and Society, 1–18. https://doi.org/10.1080/10439463.2024.2329239Huey, L., & Ferguson, L. (2024). “All These Crazies”: Right-Wing Anti-Authoritarian Politics and the Targeting of Public Police. Deviant Behavior, 1–20. https://doi.org/10.1080/01639625.2024.2338890Huey, L. (2024) The Cascade Effect: An Oral History of the Policing of the Convoy Protests, Independant: 979-8882979859Other:Dr Huey provided her own ‘bleep’ noises for this episode to save me the work of having to add them in post production.
Timing is Everything: Context-Based Cybersecurity Training (00:34:40)
Notes:Joakim Kävrestad is an Assistant Professor of Computer Science at Jönköping University, with a background in networking and cybersecurity.He shifted his focus to the societal and psychological aspects of cybersecurity, emphasizing human behavior.Joakim developed Context-Based Micro-Training (CBMT) to provide cybersecurity training at relevant moments, improving user engagement and retention.CBMT integrates training into real-world scenarios, such as reading emails or creating passwords, to address common cyberattack methods.Traditional cybersecurity training methods are critiqued for their lack of effectiveness in retaining user attention and knowledge.Joakim used a design science approach to refine CBMT, involving over 1800 survey participants and 300 experiment participants in the process.Evaluations show that CBMT supports secure user behavior and is well-received by users.The importance of usability in security practices is emphasized, highlighting that user-friendly training increases adoption and compliance.CBMT provides a guide for practitioners on implementing effective cybersecurity training and supports procurement decisions.Future research should explore the interplay between training and other support mechanisms, as training alone is insufficient to ensure comprehensive cybersecurity.About our guests:Joakim Kävrestadhttps://ju.se/personinfo.html?sign=KAVJOAhttps://www.linkedin.com/in/joakimkavrestad/Papers or resources mentioned in this episode:Kävrestad, J., Hagberg, A., Nohlberg, M., Rambusch, J., Roos, R., & Furnell, S. (2022). Evaluation of Contextual and Game-Based Training for Phishing Detection. Future Internet, 14(4), 104. https://doi.org/10.3390/fi14040104Kävrestad, J. (2022). Context-Based Micro-Training: Enhancing Cybersecurity Training for End-Users (Doctoral dissertation). University of Skövde. ISBN 978-91-984919-9-9. Link to dissertationKävrestad, J., & Nohlberg, M. (2020). Context-Based Micro-Training: A Framework for Information Security Training. 14th International Symposium on Human Aspects of Information Security and Assurance (HAISA), Mytilene, Lesbos, Greece, 71-81. https://doi.org/10.1007/978-3-030-57404-8_6Other:The button that makes a noise at a street crossing is called a “pedestrian call button” Interestingly they work differently in different countries, They look different, they feel different, they make different noises, some of them have haptic indicators, some call for the lights to change, some don’t, some make sound all the time others just provide more accessible indicators when pressed.
Hackting Out: Defacement and Hate Online amid Global Conflicts (00:24:59)
Notes:Introduction to Cybercrime Research: Dr. Hutchings and Ahn Vu introduce their work at the Cambridge Cybercrime Centre.Global Conflicts and Cyber Activities: Discussion on how global conflicts, such as those in Ukraine and Israel-Gaza, spur cybercrime activities like website defacements and DDoS attacks.Cyber Tactics During Warfare: Insights into how cyber tactics are employed quickly after conflicts start, with a focus on how these activities serve both political propaganda and cybercriminal interests.Deplatforming Hate Groups: In-depth analysis of the challenges faced when deplatforming hate groups, specifically referencing the Kiwi Farms case.Temporary Effects of Cyber Attacks: Observations on the short-lived nature of heightened cyber activities post-conflict, with a decline in interest and activities after initial spikes.Challenges of Cybercrime Research: Discussion on the difficulties in tracking and attributing cyber attacks, particularly those by decentralized and loosely organized groups.Unintended Consequences of Deplatforming: Exploration of how attempts to silence harmful online communities can lead to increased attention and unintended reinforcement of these groups.Closing Thoughts: Dr. Hutchings and Ahn Vu summarize the ongoing challenges and the evolving landscape of cybercrime in the context of international security and online governance.About our guests:Dr. Alice Hutchings:https://www.cl.cam.ac.uk/~ah793/Anh V. Vuhttps://www.cst.cam.ac.uk/people/vv301 Papers or resources mentioned in this episode:Anh V. Vu, Alice Hutchings, Ross Anderson. No Easy Way Out: the Effectiveness of Deplatforming an Extremist Forum to Suppress Hate and Harassment. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'24)Anh V. Vu, Daniel R. Thomas, Ben Collier, Alice Hutchings, Richard Clayton, Ross Anderson. Getting Bored of Cyberwar: Exploring the Role of Low-level Cybercrime Actors in the Russia-Ukraine Conflict. In Proceedings of the ACM World Wide Web Conference (WWW'24)Other:No AI's were harmed during the creation of this episode, however they were definitely involved in the work of editing and drafting copy.If you want to hear more from Dr. Hutchings, you can find her way back on episode 4 .... 101 episodes ago ....Apologies if the end of the episode seemed a little loud.
Bridging realities: The Convergence of Ideology and Cybercrime (00:31:23)
Episode Notes:Dr. Tom Holt discussed the nascent stages of cybercrime research during his doctoral studies, highlighting its evolution into a more recognized and competitive field.He emphasized the growth of cybercrime studies and the challenges of carving a niche within an expanding academic and professional landscape.Dr. Holt pointed out the potential of interdisciplinary collaboration between social sciences and computer science as crucial for advancing cybercrime research.The importance of online subcultures and ideological spaces in cybercrime dynamics was discussed, noting their influence on criminal activities and group formations.He delved into the realm of ideologically motivated cyber attacks, underscoring the need for better legal and enforcement frameworks to address such threats.Dr. Holt provided examples of cyber attacks by extremist groups, showing a strategic shift towards cyber tactics for ideological, not financial, reasons.The conversation highlighted the critical role of comprehensive data in understanding the scope and nature of cyberterrorism and ideological cyber attacks.Reflecting on his career, Dr. Holt offered insights on the importance of continuous learning and interdisciplinary collaboration for researchers in the cybercrime field.About our guests:Dr. Tom Holthttps://cj.msu.edu/directory/holt-thomas.htmlhttps://www.linkedin.com/in/tom-holt-3242a322/Papers or resources mentioned in this episode:Cassandra Cross & Thomas J. Holt (2023) More than Money: Examining the Potential Exposure of Romance Fraud Victims to Identity Crime, Global Crime, 24:2, 107-121, DOI: 10.1080/17440572.2023.2185607Holt, T. J., Turner, N. D., Freilich, J. D., & Chermak, S. M. (2022). Examining the Characteristics That Differentiate Jihadi-Associated Cyberattacks Using Routine Activities Theory. Social Science Computer Review, 40(6), 1614-1630. https://doi.org/10.1177/08944393211023324Thomas J. Holt, Jin Ree Lee, Joshua D. Freilich, Steven M. Chermak, Johannes M. Bauer, Ruth Shillair& Arun Ross (2022) An Exploratory Analysis of the Characteristics of Ideologically Motivated Cyberattacks, Terrorism and Political Violence, 34:7, 1305-1320, DOI: 10.1080/09546553.2020.1777987Thomas J. Holt, Joshua D. Freilich & Steven M. Chermak (2022) Examining the Online Expression of Ideology among Far-Right Extremist Forum Users, Terrorism and Political Violence, 34:2, 364-384,DOI: 10.1080/09546553.2019.1701446Other:Wait for wisdom, Learn to listen, Succession is Success.
Caught in the Web: Virtual Kidnapping and Digital Scams (00:24:46)
Notes:Dr Chang's background in law and sociology led him to specialize in criminology, particularly cybercrime, after observing its emerging relevance.He chose to pursue his PhD in Australia due to scholarship opportunities and the chance to work with a leading cybercrime researcher.Dr Chang discusses virtual kidnapping, a scam where victims are manipulated into isolating themselves, enabling scammers to demand ransom from their families.He highlights the challenges of combating cybercrime, including jurisdictional issues and the need for international police collaboration.Dr Chang emphasizes the importance of public awareness and education to prevent scams, as well as better victim support systems.The interview also touches on the role of financial institutions in preventing scams and the potential future threats posed by technologies like AI and ChatGPT in cybercrime.About our guests:Dr Lennon Changhttps://www.deakin.edu.au/about-deakin/people/lennon-changPapers or resources mentioned in this episode:Chang, L. Y.-C., Zhong, L.-Y., & Grabosky, P. (2020). Virtual Kidnapping: Online Scams with ‘Asian Characteristics’ During the Pandemic. In Crime and Justice in Digital Society (pp. 112-113). ResearchGate. Note: APA format typically requires publisher information, which is not provided in this excerpt.Other:The intro an outro was drafted using generative AI. I think it gave a different flavour.
Automating CSAM Investigation: Research to Practice (00:35:50)
Notes:The software developed by Bryce Westlake, Russell Brewer and colleagues aims to assist law enforcement agencies in identifying perpetrators of child sexual abuse material (CSAM) offences by using multiple biometric markers.The unique function of the software is its capability to synthesize, triage, and systematically review all evidence holdings that law enforcement might seize, thereby automating the process and speeding up investigations.The software can ingest a variety of media files, extract multiple biometric features from those files, and identify subjects contained within, matching them across data sets, reducing investigator exposure to CSAM and speeding up the investigative process.One of the key aspects addressed by the software is the ability to identify new content, overcoming the limitations of current reactive methods used in combating CSAM (i.e. matching file hashes).The software is leverages social networking analysis and other techniques to assist investigators to identify links between offenders, victims, places and objects, potentially opening new avenues or focusing detective work.The project aims to connect law enforcement agencies nationally and globally, enabling them to share information and collaborate on cases, despite the challenges posed by different laws and data transmission regulations.The software's ability to systematically catalog and review all available data provides a more comprehensive and unbiased investigative process as choices about which media is reviewed, reducing the impact of investigator intuition and fragmented intelligence.The software has received funding for research and development, leading to the creation of a functional prototype for law enforcement in Australia and they are now looking at having it implemented by police more widely. The development of AI technology has a positive impact on the technology, as new matching tools are "plug and play".One of the challenges faced in implementing the software is convincing law enforcement to adopt new technologies and methods, as they may be hesitant to change from established routines, despite the potential benefits of the new system.About our guests:Russell Brewerhttps://researchers.adelaide.edu.au/profile/russell.brewer#professional-activitiesBryce Westlakehttps://www.brycewestlake.comhttps://www.sjsu.edu/justicestudies/about-us/directory/westlake-bryce.php Papers or resources mentioned in this episode:Brewer R et al. 2023. Advancing child sexual abuse investigations using biometrics and social network analysis. Trends & issues in crime and criminal justice no. 668. Canberra: Australian Institute of Criminology. https://doi.org/10.52922/ti78948Westlake B et al. 2022. Developing automated methods to detect and match face and voice biometrics in child sexual abuse videos. Trends & issues in crime and criminal justice no. 648. Canberra: Australian Institute of Criminology. https://doi.org/10.52922/ti78566DEVELOPING AUTOMATED SOFTWARE TOOLS: To Detect Child Sexual Abuse Material Online.https://adelaidecybercrime.org/softwareOther:This interview
Twenty24: Top Tips & Tricks for Better Presentations (00:32:10)
About our guests:Russell Brewerhttps://researchers.adelaide.edu.au/profile/russell.brewerLennon Changhttps://www.deakin.edu.au/about-deakin/people/lennon-changBenoit Duponthttps://www.benoitdupont.net/en/Steven Kemphttps://www.udg.edu/ca/directori/pagina-personal?ID=2003705Rutger Leukfedthttps://www.universiteitleiden.nl/en/staffmembers/rutger-leukfeldt#tab-1Katalin Parti,https://liberalarts.vt.edu/departments-and-schools/department-of-sociology/faculty/katalin-parti.htmlBryce Westlake.https://www.brycewestlake.com Papers or resources mentioned in this episode:Harari, Y. N. (2015). Sapiens. Harper.https://www.ynharari.com/book/sapiens-2/Other:I edited this one on the road, apologies if the quality is not quite what you are used to.The next episode will be at the start of next month.
