• Cybercrime is often treated as a distinct phenomenon, but there are strong continuities with offline crime that are frequently overlooked.
• Digital technologies change behaviour and scale, but do not fundamentally alter the social dynamics underlying crime.
• There is a significant gap between the harms experienced by individuals and the institutions available to respond to those harms.
• Federal law enforcement has expanded cyber capabilities, but local and state-level responses to individual victimization remain limited.
• Private sector actors, particularly financial institutions, play a major role in responding to financially motivated cybercrime.
• Non-financial cyber harms, such as sextortion or image-based abuse, often fall outside both private and public response systems.
• In the absence of clear response pathways, private companies are emerging to fill the gap, sometimes exploiting victims seeking help.
• Public attitudes toward police in cybercrime contexts are shaped by perceptions that police do not care or are unable to help.
• These attitudes mirror broader perceptions of policing, indicating continuity between offline and online trust dynamics.
• Perceptions of police capability differ depending on the type of cybercrime:
  • Computer-focused crimes (e.g., malware) are associated with lower perceived police usefulness
  • Interpersonal cybercrimes (e.g., sextortion) are associated with higher perceived police relevance
• Perceived likelihood of victimization reduces confidence in police effectiveness, while fear increases it.
• Gender differences emerge, with men less likely to believe police can help in cybercrime contexts.
• A central problem is definitional ambiguity:
  • There is no consistent definition of cybercrime across agencies
  • This limits measurement, comparison, and policy design
• Reporting systems are fragmented and often poorly understood by the public.
• Cybercrime often involves chains of offences, making classification and response assignment difficult.
• Comparative research suggests that investment and coordination can improve public confidence, but large-scale successes do not always translate to individual-level trust.

About our guest:

Rachel McNealey

https://www.linkedin.com/in/rachel-mcnealey-4b8720284/

Papers or resources mentioned in this episode:

McNealey, R. L., Figueroa, C. I., & Maher, C. A. (2025). “Police can't help you”: Exploring influences on perceptions of policing cybercrime. Journal of Criminal Justice, 101, 102542. https://doi.org/10.1016/j.jcrimjus.2025.102542

Hale, R., & Penzendstadler, N. (2025, March 20). Digital forensics firms promise help to sextortion victims. Some leave them worse off. USA Today. https://www.usatoday.com/story/life/health-wellness/2025/03/20/digital-forensics-sexortion-blackmail-recovery-services/81934584007/

Other:

• Internet Crime Complaint Center (IC3): https://www.ic3.gov/

• Dr Samuel Tanner began his doctoral research examining war crimes and armed militias involved in mass violence in the Balkans, conducting extensive fieldwork and interviews with participants on multiple sides of the conflict.
• A central puzzle of his PhD research was not denial of violence, but how individuals who acknowledged their participation struggled to explain how they came to commit acts of mass violence.
• This led to an intellectual shift from viewing violence as purely intentional to understanding it as embedded in structures, representations, and processes of sense-making.
• Following a postdoctoral year at MIT working with political scientist Roger Petersen, Dr Tanner deepened his focus on the relationship between political violence, identity narratives, and institutional structures.
• After joining the Université de Montréal, he shifted toward research on policing and later co-led a major project examining right-wing extremism in Canada beginning in 2013.
• The Canadian project revealed that relatively few participants were “true believers.” Many were navigating economic precarity, cultural uncertainty, and political confusion, often influenced by moral or ideological entrepreneurs.
• Fieldwork in this area involved significant challenges, including surveillance, threats, cancelled interviews, and difficulties accessing participants.
• During the COVID-19 pandemic, Dr Tanner and colleagues examined anti-restriction movements and observed how disinformation and fragmented information ecosystems shaped divergent interpretations of shared events.
• He argues that information is not neutral. Information produces order. The ways in which information is produced, amplified, and consumed shape how individuals interpret reality and coordinate socially.
• Social media platforms function as privatized public spaces, structuring discourse through governance mechanisms that are not democratically accountable.
• Dr Tanner’s more recent research focuses on the evolution of extremist discourse, particularly the emergence of “pop masculinism,” where gendered and anti-feminist narratives are embedded within popular culture, fitness culture, gaming aesthetics, and entrepreneurial self-discipline discourse.
• The “sigma” discourse operates as a gateway into broader manosphere ideologies by framing personal discipline and self-improvement in opposition to women, feminism, and equality discourse.
• Interviews with young men and women reveal perceptions of a growing gender gap, including feelings among some young men of status loss and lack of positive role models.
• Dr Tanner raises concern about the erosion of shared institutional facts and the desynchronization of social expectations, suggesting that social trust depends upon shared informational baselines.
• He argues for an expanded criminology attentive to digital environments, disinformation, and the governance of online prejudice, aligning with broader developments in digital criminology.
• Central to his work is the question: how do people make sense of their world when institutional anchors weaken and informational environments fragment?

About our guest:

Dr Samuel Tanner

https://crim.umontreal.ca/repertoire-departement/professeurs/professeur/in/in15014/sg/Samuel Tanner/

Papers or resources mentioned in this episode:

Tanner, Samuel & Gillardin, François (2025).Toxic Communication on TikTok: Sigma Masculinities and Gendered Disinformation.Social Media + Society, 11(1).https://doi.org/10.1177/20563051251313844

Open access PDF:https://doi.org/10.1177/20563051251313844

Leman-Langlois, Stéphane, Campana, Aurélie & Tanner, Samuel (2024).The Great Right North: Inside Far-Right Activism in Canada. McGill-Queen’s University Press. (Book overview: https://www.jstor.org/stable/jj.20829378)

People mentioned in this episode:

Jean-Paul Brodeur — Presses de l’Université de Montréal (institutional collection page)

https://pum.umontreal.ca/collections/jean-paul-brodeur/

Roger D. Petersen — MIT Political Science profile

 https://polisci.mit.edu/people/roger-petersen

Aurélie Campana — Université Laval (Faculté des sciences sociales) 

 https://www.fss.ulaval.ca/notre-faculte/repertoire-du-personnel/aurelie-campana

Stéphane Leman-Langlois — Université Laval (Faculté des sciences sociales) 

 https://www.fss.ulaval.ca/notre-faculte/repertoire-du-personnel/stephane-leman-langlois

François Gillardin — Centre international de criminologie comparée (CICC), Université de Montréal

 https://www.cicc-iccc.org/fr/personnes/etudiants-supervises/gillardin

Francis Dupuis-Déri — UQAM Professor 

 https://professeurs.uqam.ca/professeur/dupuis-deri.francis

Anastasia Powell — RMIT University 

 https://www.rmit.edu.au/profiles/p/anastasia-powell

Other:

The term enrobage naïf (or naïf enrobage, as said) refers to a veneer of naivety; in this case, a problematic discourse wrapped in innocent or everyday cultural forms, akin to a wolf in sheep’s clothing.

• Dr Bekkers describes his academic pathway from psychology to criminology and explains why his research focus has consistently been on offenders and their behaviour rather than on offences or technologies.
• Cybercrime offenders are often portrayed as a homogeneous group of highly skilled hackers, but research shows they are a heterogeneous population with distinct motivations, skills, and pathways into crime.
• A key distinction can be made between financially motivated cybercrime, such as online fraud, and more technically complex cyber-dependent crimes such as hacking, DDoS attacks, and website defacement.
• Financially motivated cybercrime offenders often resemble traditional offline offenders and may commit both online and offline crimes, with similar risk factors, peer influences, and personality profiles.
• Technically skilled cyber offenders tend to show different characteristics, including higher levels of self-control and intrinsic motivations such as curiosity, challenge, and skill development.
• Research suggests that traditional criminological theories still help explain some forms of cybercrime, particularly financially motivated offences, while other forms require additional or adapted theoretical approaches.
• Gaming environments may act as pathways into certain forms of cybercrime by facilitating skill development, exposure to deviant peers, and access to illicit online forums, though gaming may also be protective in some contexts.
• Parental supervision and open communication may play a role in shaping online behaviour, similar to the role of guardianship and social control in offline offending.
• Law enforcement responses differ depending on the type of cybercrime, with financially motivated offences often handled by local police and more technical crimes investigated by specialized units.
• Dr Bekkers highlights the need for longitudinal research and greater engagement with offenders to better understand pathways into cybercrime and to inform prevention and intervention strategies.

About our guest:

Dr Luuk Bekkers

https://www.thuas.com/research/research-groups/team-cybercrime-cybersecurity

https://www.linkedin.com/in/luuk-bekkers-79621b162/

Papers or resources mentioned in this episode:

Bekkers, L. M. J., Moneva, A., & Leukfeldt, E. R. (2025). Distinct group, distinct traits? A comparison of risk factors across cybercrime offenders, traditional offenders and non-offenders. Psychiatry, Psychology and Law, 1–25. https://doi.org/10.1080/13218719.2025.2546311

Bekkers, L. M., Holt, T. J., & Leukfeldt, E. R. (2025). The psychological correlates of cybercrime offending: Exploring the self-control/social learning relationship in serious cyber-dependent crime. European Journal of Criminology, 0(0). https://doi.org/10.1177/14773708251378356

Bekkers, L. M. J., Holt, T. J., & Leukfeldt, E. R. (2025). Exploring the factors that differentiate individual and group offenders in cyber-dependent crime. Journal of Criminal Justice, 101, 102522. https://doi.org/10.1016/j.jcrimjus.2025.102522

• Julia Prümmer describes her transition from legal psychology into cybersecurity research and how psychological methods shape her approach to cybersecurity training.
• The discussion explores the role of systematic reviews in mapping what a research field actually knows, rather than relying on highly visible or frequently cited studies.
• Findings from a large-scale systematic review of cybersecurity training methods are discussed, highlighting the diversity of training approaches used across the literature.
• The episode examines results from a meta-analysis assessing the overall effectiveness of cybersecurity training and the gap between improvements in precursors such as knowledge and intentions versus observable behaviour.
• Julia explains why many cybersecurity training programmes lack explicit behavioural theory and rely on trial-and-error design choices.
• A key theme is the distinction between cybersecurity behaviours that require active engagement, such as phishing detection, and behaviours that may benefit from habit formation, such as screen locking or password management.
• The conversation draws on research into email habits and phishing susceptibility to illustrate how habitual behaviour can increase vulnerability in certain contexts.
• Julia discusses the use of psychological theory, including habit formation and implementation intentions, to design and evaluate cybersecurity training interventions.
• The episode concludes with reflections on the future of cybersecurity training research and the need for behaviour-specific, theory-informed models.

About our Guest:

Julia Prümmer

https://www.universiteitleiden.nl/medewerkers/julia-prummer#tab-1

https://www.linkedin.com/in/julia-prümmer-376778159/

Papers or resources mentioned in this episode

Prümmer, J., van Steen, T., & van den Berg, B. (2024). A systematic review of current cybersecurity training methods. Computers & Security, 136, 103585.

https://doi.org/10.1016/j.cose.2023.103585

Prümmer, J. (2024). The role of cognition in developing successful cybersecurity training programs: Passive vs. active engagement. In D. D. Schmorrow & C. M. Fidopiastis (Eds.), Augmented cognition. HCII 2024 (Lecture Notes in Computer Science, Vol. 14695, pp. 185–199). Springer.

https://scholarlypublications.universiteitleiden.nl/handle/1887/4093101

Prümmer, J., van Steen, T., & van den Berg, B. (2025). Assessing the effect of cybersecurity training on end-users: A meta-analysis. Computers & Security, 150, 104206.

https://doi.org/10.1016/j.cose.2024.104206

Vishwanath, A. (2015). Examining the distinct antecedents of e-mail habits and its influence on the outcomes of a phishing attack. Journal of Computer-Mediated Communication, 20(5), 570–584.

https://doi.org/10.1111/jcc4.12126

Other

If this topic of training as an intervention to reduce susceptibility to cybercrime, you might also enjoy the recent Episodes 123, 116, 110, 106, 60, and 59 that are all on related topics. If you are brave you can even go right back to Episodes 6, 7 and 8, there is a lot to listen to.  

Melissa completed her PhD after two decades of operational work, bringing a pracademic perspective to cyber profiling and offender pathways.

Her research focuses on understanding the human behind the keyboard through developmental history, motivation and lived experience.

Initial motivations among hackers often centre on curiosity, challenge seeking and belonging rather than financial gain.

Many participants reported early interest in technology, solitary online activity and experiences they described as destabilising events.

Melissa distinguishes between lawful and criminal pathways using indicators such as modifying games, low self-control and a history of property offending.

Her work highlights misunderstandings about intent, the role of gamification and the abstraction of harm when offending takes place online.

She argues that cybercrime is a societal problem requiring early education, parental and teacher capability building and partnerships with tech and gaming companies.

Diversion programs are essential to guide youth with technical interest toward prosocial cybersecurity roles rather than criminalisation.

About our guest:
Dr Melissa Martineau
https://www.linkedin.com/in/melissa-martineau-369bb5258/
https://www.captechu.edu/webinar-series-melissa-martineau

Papers or resources mentioned in this episode:
Martineau, M. (2023). The pathways of cyber dependent offenders. Journal of Cybercriminology, 3(3), 32.
https://www.mdpi.com/2673-6756/3/3/32

Martineau, M. (2024). Distinguishing lawful and criminal hacker trajectories. Journal of Cybercriminology, 4(4), 45.
https://www.mdpi.com/2673-6756/4/4/45

Other:
Dr Martineau wanted to share something called PRISMA (Preferred Reporting Items for Systematic reviews and Meta-Analyses) which is a helpful guideline designed to improve the reporting of systematic reviews. You can find out more about it here.   
http://www.prisma-statement.org

• Dr Ho describes an empirical research agenda focused on how security actually operates in organisations. He explains his experience with getting this research off the ground to allow them to perform the research in this setting.
• Study setting and scope: eight-month randomised controlled trial at UC San Diego Health involving ~19,500 employees and ten distinct phishing campaign lures.
• Annual awareness training: the study found no significant relationship between how recently staff completed the mandated course and their likelihood of failing a simulated phishing campaign.
• Embedded training (when someone clicks a phishing simulation and is immediately redirected to training): the measurable improvement was very small (≈2% reduction in failure rate) and varied significantly by lure and engagement.
• Engagement challenge: The vast majority of embedded-training sessions were extremely short or incomplete, a key factor in explaining limited effect size.
• Variability of lure difficulty: Some phishing lures elicited very low click-rates (~1.8%) while others up to ~30.8%, indicating that the phishing stimulus matters as much as, or more than, the training intervention.

Practical takeaway: Organizations should treat training (especially annually mandated modules) as only one part of a broader defence strategy, and design empirical measurement systems (including controls, realistic lures, and sustained engagement) before assuming large effect sizes.

About our Guest:

Dr Grant Ho Profile: https://cs.uchicago.edu/people/grant-ho/

Papers or resources mentioned in this episode:

Ho, G.; Mirian, A.; Luo, E.; Tong, K.; Lee, E.; Liu, L.; Longhurst, C.A.; Dameff, C.; Voelker, G.M. (2025). Understanding the Efficacy of Phishing Training in Practice: A Randomized Controlled Trial at a Large Health Organisation. Presented at the IEEE Symposium on Security & Privacy (May 2025). Full PDF: https://people.cs.uchicago.edu/~grantho/papers/oakland2025_phishing-training.pdf

Other: 

I mentioned some figures about the spending on cybercsecurity education and training, You can find those here.  

Canadian Survey of Cyber Security and Cybercrime (CSCSC)
https://www23.statcan.gc.ca/imdb/p2SV.pl?Function=getSurvey&SDDS=5244

Get convenient Excel Tables of the Statistics from 2017 and 2019. 

https://www.serene-risc.ca/en/statistics-canada

Other Other:

Dr Ho was great to chat with and has a long history of researching phishing, Some of his older work that is more technical in nature, as so we didn't talk about in the episode, but in the case that it  might be interesting to you, here are some links: 

Ho, G., Sharma, A., Javed, M., Paxson, V., & Wagner, D. (2017). Detecting Credential Spearphishing Attacks in Enterprise Settings. In Proceedings of the 26th USENIX Security Symposium (USENIX Security ’17), Vancouver, BC, Canada, August 16-18, 2017. USENIX Association. ISBN 978-1-931971-40-9.
PDF: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-ho.pdf USENIX+2USENIX+2
Presentation page: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/hoUSENIX+1

Ho, G., Cidon, A., Gavish, L., Schweighauser, M., Paxson, V., Savage, S., Voelker, G. M., & Wagner, D. (2019). Detecting and Characterizing Lateral Phishing at Scale. In Proceedings of the 28th USENIX Security Symposium (USENIX Security ’19), Santa Clara, CA, USA, August 14-16, 2019. USENIX Association. ISBN 978-1-939133-06-9.
PDF: https://www.usenix.org/system/files/sec19-ho.pdf USENIX+1
Presentation page: https://www.usenix.org/conference/usenixsecurity19/presentation/ho USENIX

Episode Notes

• Dr Caputo's path from social psychology to applied security, including intelligence analysis and building a behavioural-science team at MITRE.
• What MITRE is: a not-for-profit operating six federally funded R&D centres that provide independent, public-interest research alongside government.
• Why early “indicator” hunting on endpoints often chased the last bad case; shifting to experiments and known-bad/created-bad data to learn patterns of behaviour change.
• The LinkedIn recruiter field experiment: ethically approved creation of recruiter personas, staged outreach in three messages, and follow-up interviews to understand reporting barriers.
• What user-activity monitoring can and cannot tell you; the role of human judgement and programme design.
• Insider-risk is not only “malicious users”: designing programmes for negligent, mistaken or outsmarted behaviours as well.
• Current lines of work include improving employee recognition and reporting of malicious elicitations and exploring whether insider-risk telemetry offers early signals of suicide risk.
• Why multidisciplinary teams beat solo efforts in insider-risk operations.

About our guest:

Dr. Deanna D. Caputo

MITRE Insider Threat Research & Solutions profile: https://insiderthreat.mitre.org/dr-caputo/ 

LinkedIn: https://www.linkedin.com/in/dr-deanna-d-caputo

Papers or resources mentioned in this episode:

Caputo, D. D. (2024). Employee risk recognition and reporting of malicious elicitations: Longitudinal improvement with new skills-based training. Frontiers in Psychology. https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2024.1410426/full 

MITRE Insider Threat Research & Solutions. (2025). Suicide risk and insider-risk telemetry overview. https://insiderthreat.mitre.org/suicide-risk/ 

MITRE. (2024). Managing insider threats is a team sport. https://www.mitre.org/news-insights/impact-story/managing-insider-threats-team-sport 

MITRE Insider Threat Research & Solutions. (2024). Capability overview two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-CapabilityTwoPager-24-0659_2024-02-01.pdf 

MITRE Insider Threat Research & Solutions. (2024). Insider Threat Behavioural Risk Framework two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-InTFramework_TwoPager-24-0674_2024-03-18.pdf

• Daniëlle began her academic path in psychology, later moving into criminology through her interest in decision making and online behaviour.
• Her PhD research at NSCR focuses on cybercriminal decision making, using honeypots and experiments in real online environments.
• Early experiments tested how different rewards affected access attempts on fake accounts.
• A major focus has been on the impact of Operation Cookie Monster (2023), which disrupted the Genesis Market. Danielle’s work examined how this law enforcement operation influenced behaviour and moderation practices on hacker forums.
• She emphasizes the value of experiments in the field, which allow researchers to test criminological theories with live offender behaviour, while balancing strict ethical and legal safeguards.

About our guest:

Danielle Stibbe

• NSCR Profile Page: https://nscr.nl/en/medewerker/danielle-stibbe-msc/
• Google Scholar: https://scholar.google.com/citations?user=1fsHJEgAAAAJ&hl=en
• LinkedIn: https://www.linkedin.com/in/danielle-stibbe/?originalSubdomain=nl

Papers or resources mentioned in this episode:

• Onaolapo, J., Mariconti, E., & Stringhini, G. (2016). What happens after you are pwnd: Understanding the use of leaked webmail credentials in the wild. Proceedings of the 2016 Internet Measurement Conference. https://doi.org/10.1145/2987443.2987475
• Europol (2023). Operation Cookie Monster: Genesis Market taken down in coordinated international action.https://www.europol.europa.eu/media-press/newsroom/news/operation-cookie-monster-genesis-market-taken-down-in-coordinated-international-action
• Oxford Handbook of Criminal Decision Making (2016). Eds. Bruinsma & Weisburd. Oxford University Press.

Other:

The open science framework https://osf.io

About our guest:

Dr. Francesco Carlo Campisi

PhD in Criminology, Université de Montréal

Researcher, International Centre for Comparative Criminology

🔗 https://www.cicc-iccc.org/fr/personnes/etudiants-supervises/carlo-campisi

🔗 https://www.linkedin.com/in/francesco-carlo-campisi-aa3576125/

Topics discussed in this episode:

• From street gangs to digital deviance: a research trajectory
• Why “recruitment” doesn’t fit how modern movements grow
• How groups like QAnon and Anonymous influence participation online
• Using social media metrics to measure engagement
• Emotional capital, visibility, and symbolic participation
• Updating resource mobilization theory for digital contexts
• Hashtag hijacking and online visibility strategies
• Stochastic terrorism and the challenge of lone-wolf violence

Papers or resources mentioned in this episode:

• Campisi, F. (2024). Unveiling the digital underworld – Exploring cyberbanging and recruitment of Canadian street gang members on social media. Canadian Journal of Criminology and Criminal Justice, 66. https://doi.org/10.3138/cjccj-2023-0033
• Campisi, F., Fortin, F., & Néron, M.-E. (2022). Hacktivists from the inside: Collective identity, target selection and tactical use of media during the Quebec Maple Spring protests. Presented at the ICCC Symposium. Available on ResearchGate
• Campisi, F., & Beauregard, E. (2025). QAnon’s use of hashtag hijacking on X and its impact on online engagement. SSRN preprint. Link
• McCarthy, J. D., & Zald, M. N. (1977). Resource mobilization and social movements: A partial theory. American Journal of Sociology, 82(6), 1212–1241.
• Vigil, J. D. (1988). Barrio gangs: Street life and identity in Southern California. University of Texas Press. https://www.ojp.gov/ncjrs/virtual-library/abstracts/barrio-gangs-street-life-and-identity-southern-california-0

Other:

If you are curious about the video that was taken down, you should watch this video.

https://www.youtube.com/watch?v=PIyrzMThHq8

Dr. Iain Reid

Senior Lecturer in Cybercrime

University of Portsmouth

https://www.port.ac.uk/about-us/structure-and-governance/our-people/our-staff/iain-reid

Topics discussed in this episode:

• How principles of military deception map onto cybersecurity
• Why the phrase “the human is the weakest link” oversimplifies risk
• What it’s like to research developer perspectives on secure software
• The psychology of decision-making in phishing attacks
• How time pressure influences risky digital behaviour
• The limits of “security culture” as an organizational solution
• How cyber deception fits within defence-in-depth

Papers or resources mentioned:

Reid, I., Okeke-Ramos, A., & Serafin, M. (2024). Exploring the ethics of cyber deception technologies for defensive cyber deception. In P. Bednar, J. Kävrestad, E. Bergström, M. Rajanen, H. V. Hult, A. M. Braccini, A. S. Islind, & F. Zaghloul (Eds.), Proceedings of the 10th International Conference on Socio-Technical Perspectives in Information Systems (STPIS 2024) (pp. 140-148). (CEUR Workshop Proceedings). https://ceur-ws.org/Vol-3857

Whaley, B. (2007). Stratagem: deception and surprise in war. Artech.

Rowe, N.C., Rrushi, J. (2016). Measuring Deception. In: Introduction to Cyberdeception. Springer, Cham. https://doi.org/10.1007/978-3-319-41187-3_11

Ashenden, D., Ollis, G., & Reid, I. (2022, October). Dancing, not Wrestling: Moving from Compliance to Concordance for Secure Software Development. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (pp. 1-9).

Paris Call for Trust and Security in Cyberspace

https://pariscall.international

Other

I would like to thank Dudley the French Bulldog for the invaluable (unavoidable) contribution to this episode.

• How Estelle became involved in ransomware research between degrees
• The scale and origin of the ContiLeaks dataset
• Using machine learning and topic modelling to analyse criminal group communications
• What the internal chat data revealed about the organizational structure of Conti
• Surprising insights about roles, specializations, and tasking within a criminal enterprise
• Why making cybercrime research accessible through data visualization matters

About our guest:

Estelle Ruellan

• https://www.linkedin.com/in/estelle-ruellan/

Papers or resources mentioned in this episode:

Ruellan, E., Paquet-Clouston, M., & Garcia, S. (2024).Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning. Crime Science, 13, 16. https://doi.org/10.1186/s40163-024-00212-y

Flare Data Explorer – Explore cybercrime datasets visually:

https://flare.io/flare-data-explorer/

Other:

• Wikipedia – Conti (ransomware): https://en.wikipedia.org/wiki/Conti_(ransomware)
• Wikipedia – Topic model: https://en.wikipedia.org/wiki/Topic_model

• Paper mills are fraudulent commercial enterprises that fabricate scientific papers and sell authorship, citations, and other academic credentials—often at scale.
• Sarah Eaton and Sabina Alam first collaborated through COPE (Committee on Publication Ethics) and later worked together in United2Act, an international initiative focused on tackling paper mills.
• The conversation draws parallels between scientific paper mills and contract cheating in higher education, both of which undermine academic integrity for financial gain.
• Eaton and Alam discuss how metrics-based performance systems in universities and publishing environments create conditions ripe for abuse.
• Publishers and universities historically avoided transparency, but the scale of the problem has led to greater collaboration between stakeholders.
• The duo share insights into early warning signs of fraudulent submissions and describe the development of technological and administrative countermeasures.
• Particular attention is given to the harm paper mills cause: from corrupting citation networks to potentially endangering lives with fabricated data in medical journals.
• The “Andrew Vickers Curse” is discussed as a case study illustrating how citation manipulation by paper mills can entangle innocent researchers.
• The episode closes with a call for broader participation in the second phase of United2Act, particularly from research funders, IT specialists, and institutional stakeholders.

About our guests:

Dr. Sarah Elaine Eaton

https://profiles.ucalgary.ca/sarah-eaton

https://drsaraheaton.com/about/

Dr. Sabina Alam

https://www.taylorandfrancis.com/about/ethics-integrity/

https://www.csescienceeditor.org/article/dr-sabina-alam-shaping-critical-thinking-about-science/

Papers or resources mentioned in this episode:

United2Act initiative: https://united2act.org

Magazinov, Alexander. (2023). The Andrew Vickers Curse: secret revealed!, For Better Science

https://forbetterscience.com/2023/07/31/the-vickers-curse-secret-revealed/

Other:

Glossary of terms and acronyms:

• COPE – Committee on Publication Ethics: An international body that provides advice to editors and publishers on all aspects of publication ethics.
• STM – International Association of Scientific, Technical and Medical Publishers: A global trade association supporting academic publishing and information dissemination.
• Q1/Q2 Journal – Journals ranked in the top (Q1) or second (Q2) quartile based on impact metrics such as citation counts or journal reputation.
• Term paper mill – A business that sells pre-written or custom academic papers, often used in contract cheating by students.
• Contract cheating – A form of academic dishonesty where students outsource assessments to third parties.
• Retraction – The removal of a published article from the scientific record, typically due to error or misconduct.
• Desk reject – When a manuscript is rejected by a journal editor before it is sent out for peer review.
• Citation ring – A group of papers or authors who cite each other extensively to artificially inflate citation metrics.
• Paper Mills - Organisations or individuals that aim to profit from the creation, sale, peer review and/or citation of manuscripts at scale which contain low value or fraudulent content and/or authorship, with the aim of publication in scholarly journals.

A big thank you to the United2Act people for coming out of their comfort zone and chatting to me about this.  This bravery is how science as an interdisciplinary pursuit driven by curiosity and collaboration happens.  

• Dr. Reeves’ Background – Trained as a psychologist, his interest in cybersecurity emerged from a talk connecting human error to security breaches.
• Cybersecurity Fatigue Defined – A form of disengagement where employees lose motivation to follow security practices due to overload and conflicting advice.
• Not Just Apathy – Fatigue often affects people who initially cared about cybersecurity but were worn down by excessive or ineffective interventions.
• Training Shortcomings – Lecture-style, one-way training is frequently perceived as boring, irrelevant, or contradictory to users' experiences.
• Compliance vs. Effectiveness – Many organizations implement security training to meet legal requirements, even if it fails to change behavior.
• Reactance in Security – Users may intentionally ignore advice or rules to assert control, especially when training feels micromanaging or patronizing.
• Better Through Design – Reeves argues that secure systems should reduce the need for user decisions by simplifying or removing risky options altogether.
• Remove Rather Than Train – Limiting administrative rights is often more effective than trying to educate users out of risky behaviors.
• Mismatch With Reality – Generic training that conflicts with real policies or system restrictions can confuse or alienate users.
• Cognitive Load and Decision-Making – Under stress or fatigue, users rely on mental shortcuts (heuristics), which attackers exploit.
• Personal Example of Being Fooled – Reeves recounts nearly falling for a scam due to time pressure, illustrating how stress weakens judgment.
• Cybersecurity Buddy System – Recommends encouraging users to consult peers when making sensitive decisions, especially under pressure.
• Cyber Deception Strategies – Reeves now researches ways to mislead and trap attackers inside systems using decoys and tripwires.
• Applying Psychology to Attackers – The same behavioral models used to study users can help predict and manipulate attacker behavior.
• Empowering Defenders – Deception technologies can help security teams regain a sense of agency, shifting from reactive defense to proactive engagemen

About our guest:

Dr. Andrew Reeves

• https://www.linkedin.com/in/andrewreevescyber/
• https://research.unsw.edu.au/people/dr-andrew-reeves
• https://www.unsw.edu.au/research/ifcyber

Papers or resources mentioned in this episode:

Reeves, A., Delfabbro, P., & Calic, D. (2021). Encouraging employee engagement with cybersecurity: How to tackle cyber fatigue. SAGE Open, 11(1).

https://doi.org/10.1177/21582440211000049

Reeves, A., Calic, D., & Delfabbro, P. (2023). Generic and unusable: Understanding employee perceptions of cybersecurity training and measuring advice fatigue. Computers & Security, 128, 103137.

https://doi.org/10.1016/j.cose.2023.103137

Reeves, A., & Ashenden, D. (2023). Understanding decision making in security operations centres: Building the case for cyber deception technology. Frontiers in Psychology, 14, 1165705.

https://doi.org/10.3389/fpsyg.2023.1165705

Other:

UNSW Institute for Cyber Security (IFCYBER)

https://www.unsw.edu.au/research/ifcyber

• SMEs struggle with cybersecurity due to time, cost, and lack of expertise, despite recognizing its importance.
• An automated cybersecurity scan was developed to assess SME websites and email security without requiring them to opt-in.
• Physical reports were mailed instead of emailed to avoid phishing concerns and increase credibility.
• Reports included security ratings on ten key areas and recommendations for improvement.
• Businesses were encouraged to consult their existing IT providers for fixes rather than relying on external services.
• Different risk communication strategies were tested to encourage SMEs to act on the findings.
• “Anticipated Regret” messaging (“Fix it now or regret it later”) led to the highest cybersecurity improvements.
• All groups, including the control group, showed some improvement, suggesting broader awareness of cybersecurity issues.
• Engagement was low, with only a small number of businesses reaching out after receiving the report.
• Legal concerns about scanning businesses without consent were addressed—publicly available cybersecurity data can be legally assessed.
• Ethical approval confirmed the project was non-commercial and aimed solely at helping businesses improve security.
• A follow-up version of the project will introduce an opt-out option before scanning businesses.
• Industry associations may partner with the project to increase credibility and adoption.
• The intervention will be scaled up, with more businesses included and a longer time frame for assessing impact.
• Future plans include adapting the intervention internationally, using lessons learned to assist SMEs in other regions.

About Our Guest

Dr. Susanne van ’t Hoff-de Goede

https://www.linkedin.com/in/susanne-van-t-hoff-de-goede/

https://www.thuas.com/research/centre-expertise/team-cyber-security

Resources and Research Mentioned

Examining Ransomware Payment Decision-making Among SMEs

Matthijsse, S. R., Moneva, A., van ’t Hoff-de Goede, M. S., & Leukfeldt, E. R.

European Journal of Criminology.

Explaining Cybercrime Victimization Using a Longitudinal Population-based Survey Experiment

van ’t Hoff-de Goede, M. S., van de Weijer, S., & Leukfeldt, R.

Journal of Crime and Justice, 47(4), 472-491 (2024).

How Safely Do We Behave Online? An Explanatory Study into the Cybersecurity Behaviors of Dutch Citizens

van der Kleij, R., van ’t Hoff-de Goede, S., van de Weijer, S., & Leukfeldt, R.

In: International Conference on Applied Human Factors and Ergonomics (2021), pp. 238-246.

The Online Behaviour and Victimization Study

van ’t Hoff-de Goede, M. S., Leukfeldt, E. R., van der Kleij, R., …

In:Cybercrime in Context: The human factor in victimization, offending, and … (2021).

Other

Dutch Government Cybersecurity Resource

https://english.ncsc.nl

(English-language site for the Netherlands’ National Cyber Security Centre)

Secure Internetting (in Dutch)

https://veiliginternetten.nl/

• Understanding Cybercrime through Strain and Anomie Theories
  • Dr. Dearden explains how strain theory and anomie theory provide insights into cybercriminal motivations.
  • Discussion on economic and social pressures that push individuals toward cybercrime, including unemployment, inequality, and lack of upward mobility.
• The Role of Honeypots in Cybercrime Research
  • Overview of honeypots—deceptive systems designed to attract cyber attackers.
  • How honeypots help researchers observe and analyze hacker behaviors in real-world settings.
  • Differences in hacking techniques and motivations across different regions.
• Regional Variations in Cybercriminal Activities
  • Why cybercrime is not uniformly distributed worldwide despite the internet being a global network.
  • Case studies on West African romance scams, Russian cyber operations, and Indian call center frauds.
  • The interplay between legitimate and illegitimate economies in cybercrime hotspots.
• Cybercrime and Economic Opportunity
  • Findings from recent research on how financial strain vs. greed influences cybercrime.
  • The role of cryptocurrency in enabling financial cybercrimes and providing anonymity to offenders.
  • Discussion on how cybercrime prevention strategies need to address offender motivations, not just security vulnerabilities.
• Future Research and Policy Implications
  • The need for broader, structural changes to mitigate cybercrime, rather than relying solely on reactive security measures.
  • How cross-national studies and criminological data collection can improve cybercrime prevention strategies.
  • Upcoming projects on measuring cyber-offending patterns and regional differences in hacking behavior.

About Our Guest

Dr. Thomas Dearden

https://liberalarts.vt.edu/departments-and-schools/department-of-sociology/faculty/thomas-dearden.html

Papers and Resources Mentioned in This Episode

Dearden, T. E., & Gottschalk, P. (2024).Convenience Theory and Cybercrime Opportunity: An Analysis of Online Cyberoffending.Deviant Behavior.DOI Link

Parti, K., & Dearden, T. (2024).Cybercrime and Strain Theory: An Examination of Online Crime and Gender.International Journal of Criminology and Sociology. https://doi.org/10.6000/1929-4409.2024.13.19

Dearden, T. E., Parti, K., & Hawdon, J. (2022).Institutional Anomie Theory and Cybercrime: Cybercrime and the American Dream.Journal of Contemporary Criminal Justice. https://doi.org/10.1177/10439862211001590

Related Episodes Featuring Dr. Dearden

Episode 39 : Strained Dreams: Cybercrime and Institutional Anomie

https://www.cybercrimeology.com/episodes/strained-dreams-cybercrime-and-institutional-anomie

Other:

The Human Factors in cybercrime Conference: https://www.hfc-conference.com

We had a chat in a room with a bunch of people just outside having their own great conversations. Kind of nice to get a little bit of that vibe into the mix.  Conferences can be a lot of fun ;)/.

To the best of my knowledge, no bovines were harmed during the recording of this episode. 

• Defining Ethical Hacking: Ethical hackers use their skills to identify and report vulnerabilities, often to enhance cybersecurity in various capacities, including voluntary work, bug bounty programs, or professional roles.
• Research Focus: Dr. Weulen Kranenbarg’s studies highlight a significant overlap between positive and negative cyber behaviors, particularly among IT students, and explore how individuals transition toward ethical hacking.
• Ethical Hacking as a Pathway:
  • Early positive experiences, such as reporting vulnerabilities to schools or organizations, can strongly influence individuals toward ethical hacking.
  • Responses from organizations play a critical role—positive reinforcement encourages further ethical behavior, while negative experiences can deter individuals.
• Challenges in Defining Ethics:
  • Ethical hackers themselves debate the boundaries of what constitutes ethical behavior, such as whether making vulnerabilities public is acceptable if organizations fail to act.
  • The term "ethical hacker" is often contentious within the community.
• Role of Education: Schools struggle to address and guide ethical behavior among IT students effectively. Clear vulnerability disclosure policies and ethics education in IT programs are crucial.
• Future Research Directions: Dr. Weulen Kranenbarg plans to conduct life-history interviews with hackers to better understand their pathways and influences toward ethical behavior.

About our Guest:

Dr Marleen Weulen Kranenbarg

https://research.vu.nl/en/persons/marleen-weulen-kranenbarg

Papers or Resources Mentioned:

• Weulen Kranenbarg, M. (2018). Cyber-offenders versus traditional offenders: An empirical comparison. Vrije Universiteit Amsterdam. Retrieved from https://research.vu.nl/en/publications/cyber-offenders-versus-traditional-offenders-an-empirical-comparison
• Weulen Kranenbarg, M., Ruiter, S., & Nieuwbeerta, P. (2018). Cyber-offending and traditional offending over the life-course: An empirical comparison. Crime & Delinquency, 64(10), 1270–1292. https://doi.org/10.1177/0011128718763134
• Weulen Kranenbarg, M., Holt, T. J., & van Gelder, J.-L. (2021). Contrasting cyber-dependent and traditional offenders: A comparison on criminological explanations and potential prevention methods. In J. van Gelder, H. Elffers, D. Reynald, & D. Nagin (Eds.), Routledge International Handbook of Criminology and Criminal Justice Studies (pp. 234–249). Routledge. Retrieved from https://research.vu.nl/en/publications/contrasting-cyber-dependent-and-traditional-offenders-a-compariso
• Weulen Kranenbarg, M., & Noordegraaf, J. (2023). Why do young people start and continue with ethical hacking? A qualitative study on individual and social aspects in the lives of ethical hackers. Criminology & Public Policy, 22(3), 465–490. https://doi.org/10.1111/1745-9133.12640

Additional Resources:

Capture the Flag (CTF) events:

Hack the Box - A popular online platform offering a variety of CTF challenges to test and improve cybersecurity skills.

https://www.hackthebox.com

NorthSec - A popular  in-person CTF competition designed for everyone excited about cybersecurity.

https://nsec.io

Bug Bounty Programs:

HackerOne - A leading bug bounty platform connecting ethical hackers with organizations to find and fix vulnerabilities.

https://www.hackerone.com

Bugcrowd - A platform that hosts bug bounty programs for a wide range of companies and industries.

https://www.bugcrowd.com

Dr. Tom Holt

https://cj.msu.edu/directory/holt-tom.html

Key Topics Discussed:

• Dr. Tom Holt emphasized the urgent need for consistent and evidence-based cybercrime training in law enforcement, pointing out disparities in how local agencies handle these crimes.
• He highlighted the challenges agencies face in responding to cyber-enabled and cyber-dependent crimes, particularly in rural areas.
• Dr. Holt discussed the development of training modules covering both basic digital evidence handling and specialized topics tailored to agency needs.
• The conversation underscored the importance of bridging resource gaps between rural and urban agencies.
• Dr. Holt explained how police leadership’s support is crucial for improving the adoption and effectiveness of training programs.
• The prevalence of interpersonal cybercrimes like sextortion and fraud, often encountered by local officers, was addressed.
• Dr. Holt elaborated on long-term evaluation plans for these training programs, aiming to measure their impact on officers and agencies.
• He also discussed the potential for a national standard curriculum to bring consistency to cybercrime training across the U.S.

Papers and Resources Mentioned:

1. Articles on the Training Center Initiative:
   • Cybercrime Training at MSU –https://cj.msu.edu/community/cyber-center/cyber-center-home.html
   • Program announcement - https://msutoday.msu.edu/news/2024/msu-receives-$1M-to-create-center-for-cyber-security-training

Other:

This episode was recorded on location in at HEC Montreal. The occasional background noise from students only adds to the vibrant atmosphere of the discussion. So you can’t complain about the noise being distracting, consider it an authentic experience!

Episode Summary

• Introduction to Open Science – Asier Moneva introduces open science, emphasizing transparency and replicability as essential to modern research.
• Importance of Transparency – He explains how transparency builds trust, enabling other researchers to assess rigor and replicate findings accurately.
• Preregistration and Registered Reports – Asier discusses these practices, which require researchers to specify methodologies and hypotheses before data collection to reduce bias.
• Challenges in Adoption – He notes that implementing open science practices can be challenging due to academic pressures and resource limitations.
• The “Publish or Perish” Culture – We highlight how the pressure to publish quickly can conflict with the time-intensive requirements of open science.
• Academic Incentives and Misaligned Goals – We critique the academic reward system that often favors quantity over quality, which can detract from scientific rigor.
• Advantages for Public Accessibility – Open science also enhances public accessibility, making research available beyond academia and helping inform public policy.
• Ethical Considerations in Research – Asier emphasizes that open science fosters ethical research practices by reducing questionable practices like p-hacking and selective reporting.
• Benefits of Open Science for Collaboration – The approach encourages collaboration across disciplines and institutions, providing a more comprehensive understanding of complex issues.
• Real-World Example of Retraction – He mentions a case where a research paper was retracted due to lack of transparency, illustrating the importance of open science practices.
• Role of Preprints in Open Science – Asier advocates for preprints as a way to share research and receive feedback before formal publication.
• Challenges with Platform Fragmentation – He observes that the proliferation of research-sharing platforms can hinder accessibility if findings are scattered across multiple sources.
• Future of Registered Reports – Asier sees registered reports as a future standard, as they align research design with ethical and rigorous science.
• Open Science as a Solution to Publication Bias – Open science practices help address publication bias by promoting the dissemination of all research findings, regardless of outcomes.
• Closing Thoughts on Transparency – Open science is about ensuring reproducibility and holding science accountable, aiming to make research as transparent and accessible as possible.

About Our Guest:

Asier Moneva

https://asiermoneva.com

https://nscr.nl/en/medewerker/asier-moneva/

https://www.thuas.com/research/research-groups/team-cybercrime-cybersecurity

https://github.com/amoneva

https://osf.io/7ce24/

Resources and References Mentioned in This Episode:

The Open Science Framework (OSF)

The OSF is an open-source platform supporting transparent and reproducible research across disciplines.

The Open Science Framework:

https://osf.io/

Paper Introducing Registered Reports

This foundational paper outlines the concept of registered reports, a publishing model aimed at reducing bias and enhancing research rigor.

Paper introducing "registered reports":

https://psycnet.apa.org/fulltext/2014-20922-001.html

Retraction Case Study

A recent retraction of a notable article on the replicability of social-behavioral research findings offers insights into challenges within open science practices.

RETRACTED ARTICLE: High replicability of newly discovered social-behavioural findings is achievable:

https://www.nature.com/articles/s41562-023-01749-9

Retraction Note: High replicability of newly discovered social-behavioural findings is achievable:

https://www.nature.com/articles/s41562-024-01997-3

Podcast episode discussing the retraction in depth:

https://open.spotify.com/episode/3rygrbUNocfCEEGd1Byn0V?si=vJDuzQT3S7yJqDEUMycF1w&t=178

Other:

This episode was recorded in a hotel lobby corner with music playing in the background. If the audio sounds a little unusual at times it is because of the noise removal being used to remove that noise being combined with other ‘sound enhancement’ features. I had to go back in and play around with the audio directly before I was even a little happy.  The tools work well but they are a little unpredictable.  I am increasingly wary of ‘it just works’ audio editing tools. I would have left it in, but the bots chasing copyright infringement are ravenous and indiscriminate. 

• The research focuses on analyzing the representation of passwords and cyber threats in films, particularly how password guessing and hacking scenes influence public perceptions of security.
• Movies both reflect societal attitudes towards cybersecurity and shape them, as many viewers learn about cyber behaviors through entertainment rather than formal education.
• The research indicates that films often oversimplify or dramatize hacking scenes, leading to unrealistic expectations about password security.
• A key finding from the research is that while weak passwords (e.g., “12345”) are mocked in films, even strong passwords are often guessed or hacked with ease, sending the wrong message to audiences about the value of strong security practices.
• There may be value to educating the public about cybersecurity in the same way people are taught first aid in Germany—everyone should know the basics.
• One of the challenges of using crowd-sourced subtitle data for academic research was that it required additional work to assure reviewers that the research is ethical.

About our Guest:

Maike Raphael

https://www.itsec.uni-hannover.de/en/usec/team/raphael

Papers or resources mentioned in this episode:

Raphael, M. M., Kanta, A., Seebonn, R., Dürmuth, M., & Cobb, C. (2024). Batman hacked my password: A subtitle-based analysis of password depiction in movies. In Proceedings of the Twentieth Symposium on Usable Privacy and Security (pp. 199-211). USENIX Association. https://www.usenix.org/conference/soups2024/presentation/raphael

Other relevant resources:

Information and supplementary materials on the paper "Batman Hacked My Password"

https://www.itsec.uni-hannover.de/de/usec/forschung/medien/password-depiction-in-movies

If you are interested in the right to download the subtitles.  

The data source (opensubtitles.org) statement regarding copyright.

https://www.opensubtitles.org/en/dmca

The website has an API with the no limit to the total number of subitles that can be downloaded, only rate limiting. The research team didn't obtain the subtitles this way, but the source they got them from may have.  In either case it shows opensubtitles.org views about how their service can be used.  

https://opensubtitles.stoplight.io/docs/opensubtitles-api/e3750fd63a100-getting-started

Other:

I had a bunch of movie clips that I was going to include as examples, but with the way that platforms handle DMCA I just don't want to have to bother with trying to assert a claim to fair use.  If you are interested I would recommend having a look at the password scene from Horse Feathers (1932) with Groucho Marx, and there is a scene in Iron Man 3 (2013) where Tony Stark asks James Rhodes for his password, and everyone laughs at the bad password.  I recommend you watch Kung Fury from 2015 for their parody treatment of the "hackerman". It is actually on YouTube https://youtu.be/bS5P_LAqiVg?si=-OL8Mr1OLY9Dd081 

Judith Donath

https://cyber.harvard.edu/people/jdonath

Key Discussion Points:

• Understanding Signaling Theory:
  • The foundation of signaling theory in communication.
  • The balance between honest and deceptive signals.
• Evolutionary Biology and Communication:
  • Darwin's insights on animal communication.
  • Zahavi's Handicap Principle and its role in ensuring signal honesty.
  • Maynard Smith's Index Signals and their reliability without cost.
• AI and the Evolution of Communication:
  • The impact of AI on the reliability of communication signals.
  • Challenges posed by deepfakes in video and audio.
  • The arms race between deception technologies and verification methods.
• Cultural and Institutional Roles:
  • How culture and institutions uphold the reliability of signals.
  • The interplay between technological advancements and societal norms.
• Future of Communication in the Digital Age:
  • Strategies for developing secure communication channels.
  • Balancing privacy with the need for verification.
  • The role of trusted sources in maintaining signal integrity.

Papers and Books Mentioned:

Turing, A. M. (1950). Computing machinery and intelligence. Mind, 59(236), 433-460. https://doi.org/10.1093/mind/LIX.236.433

Zahavi, A. (1975). Mate selection—a selection for a handicap. Journal of Theoretical Biology, 53(1), 205-214. https://doi.org/10.1016/0022-5193(75)90111-3

Veblen, T. (1899). The Theory of the Leisure Class. New York: Macmillan.

https://moglen.law.columbia.edu/LCS/theoryleisureclass.pdf

https://dn720401.ca.archive.org/0/items/theoryofleisurec01vebl/theoryofleisurec01vebl.pdf

Weizenbaum, J. (1966). ELIZA—A computer program for the study of natural language communication between man and machine. Communications of the ACM, 9(1), 36-45. https://doi.org/10.1145/365153.365168

Donath, J. S. (2002). Identity and deception in the virtual community. In Communities in cyberspace (pp. 37-68). Routledge.

https://vivatropolis.com/papers/Donath/IdentityDeception/IdentityDeception.pdf

Current Progress on the forthcoming book: Signals, Truth & Design

https://vivatropolis.com/judith/signalsTruthDesign.html

Donath, J. (2014). The social machine: designs for living online. MIT Press.https://direct.mit.edu/books/monograph/4037/The-Social-MachineDesigns-for-Living-Online

Other:

The Story about the Ferrari executive Deepfake attempt

https://www.carscoops.com/2024/07/ferrari-ceo-impersonator-uncovered-by-colleague-in-deepfake-call/

We geeked out for a moment on Programming languages. Learn about them here.

The C language

https://en.wikipedia.org/wiki/C_(programming_language)

Introduction to C

https://www.w3schools.com/c/c_intro.php

APL Language

https://en.wikipedia.org/wiki/APL_(programming_language)

Learn APL

https://xpqz.github.io/learnapl/intro.html

Try APL

https://tryapl.org

LISP Language

https://en.wikipedia.org/wiki/Lisp_(programming_language)

Learn LISP

https://www.geeksforgeeks.org/introduction-to-lisp/

• Background in Sociology: Dr. Miranda Bruce started in sociology, focusing on the dynamics of power and institutions.
• PhD Research: Her PhD explored the Internet of Things (IoT) using post-structuralist French theory to understand technological reality.
• Transition to Cybercrime: Transitioned from IoT research to a project on the geography of cybercrime, partnering with a local Australian university and the University of Oxford.
• Cybercrime as a Local Phenomenon: Emphasized that cybercrime is not just a global issue but has significant local dimensions.
• Mapping Cybercrime: Developed methods to map cybercrime hotspots to understand where cybercrime is coming from and why.
• Importance of Local Factors: Identified that local factors play a crucial role in the proliferation of cybercrime in specific areas.
• Intervention Strategies: Stressed that intervention strategies must be tailored to local conditions as one-size-fits-all approaches are ineffective.
• Challenges in Measuring Cybercrime: Discussed the difficulties in accurately measuring where cybercrime originates due to technical limitations.
• Survey of Experts: Utilized expert surveys from cybercrime intelligence and investigations to gather data on cybercrime hotspots.
• Bias in Data Collection: Addressed potential biases in the data collection process and took steps to ensure diverse and reliable sources.
• Use of Proxy Data: Chose expert survey data over technical measures or legal cases to get more accurate insights into cybercrime geography.
• Findings: Key findings indicated that countries like Russia, Ukraine, China, the United States, and Nigeria are significant sources of cybercrime.
• Analysis of Results: Plans to analyze the collected data to create theoretical models explaining why cybercrime is prevalent in certain areas.
• Future Research Directions: Aims to develop detailed case studies and collaborate with policymakers to use the data for effective interventions.
• Open Data: Highlighted the importance of making the data open source to enable further research and collaboration across disciplines.

About our guests:

Dr Miranda Bruce:

https://www.sociology.ox.ac.uk/people/miranda-bruce

https://www.unsw.edu.au/staff/miranda-bruce

Papers or resources mentioned in this episode:

• Bruce, M., Lusthaus, J., Kashyap, R., Phair, N., & Varese, F. (2024). Mapping the global geography of cybercrime with the World Cybercrime Index. PLOS ONE. https://doi.org/10.1371/journal.pone.0249850
• Bruce, M., & Phair, N. (2020). Mapping the geography of cybercrime: A review of indices of digital offending by country. IEEE European Symposium on Security and Privacy. https://doi.org/10.1109/EuroSPW51379.2020.00013

Other:

If you were interested in the topic of this episode, you might also enjoy episode 36 "Cyber criminals are people too". 

• Dual Research Focus: Dr. Huey historically focused on policing and victimization, particularly in marginalized communities.
• Burnout and Shift: Burnout from trauma research led her to shift focus to applied policing research around 2012-2013.
• Economics of Policing: The federal government's focus on the costs of policing and the "economics of policing" initiative influenced her new research direction.
• Research Gaps: Realized that existing policing research in Canada had little practical value for informing policing practice and policy.
• Evidence-Based Policing: Joined the Society for Evidence-Based Policing (SEBP) in the UK to produce actionable research for police and policymakers.
• Right-Wing Extremism: Discussed the rise of right-wing extremism and its new tactic of targeting police officers, including cop baiting.
• Cop Baiting Incidents: Examples include interventions by Romana Didulo at the Peterborough Police Service and incidents in Vancouver during trans rights celebrations.
• Operational Stress: Emphasized the operational stress injuries faced by police officers due to regular exposure to horrific incidents.
• Public Misconceptions: Highlighted the issue of public and media criticism of police without a full understanding of the complexities involved.
• Misinformation: Explained how misinformation and disinformation spread about police actions, leading to doxxing and harassment of officers.
• Cyber Sleuths: Described incidents where online activists exposed personal information about police officers, increasing the risks they face.
• Convoy Protests: Referenced research on convoy protests and the targeting of police, emphasizing the reality versus media portrayal.
• False Narratives: Pointed out the persistence of false narratives, such as those surrounding the death of Regis Korchinski-Paquet, which continue to spread online despite being disproven.
• Call for Applied Research: Called for more applied research to address specific issues in policing and cyber-security rather than broad theoretical studies, stressing the need for better public education to combat misinformation.

About our guests:

Dr. Laura Huey

https://sociology.uwo.ca/people/profiles/Huey.html

Papers or resources mentioned in this episode:

Huey, L., & Ferguson, L. (2024). ‘No one wants to end up on YouTube’: sousveillance and ‘cop-baiting’ in Canadian policing. Policing and Society, 1–18. https://doi.org/10.1080/10439463.2024.2329239

Huey, L., & Ferguson, L. (2024). “All These Crazies”: Right-Wing Anti-Authoritarian Politics and the Targeting of Public Police. Deviant Behavior, 1–20. https://doi.org/10.1080/01639625.2024.2338890

Huey, L. (2024) The Cascade Effect: An Oral History of the Policing of the Convoy Protests, Independant: 979-8882979859

Other:

Dr Huey provided her own ‘bleep’ noises for this episode to save me the work of having to add them in post production.

• Joakim Kävrestad is an Assistant Professor of Computer Science at Jönköping University, with a background in networking and cybersecurity.
• He shifted his focus to the societal and psychological aspects of cybersecurity, emphasizing human behavior.
• Joakim developed Context-Based Micro-Training (CBMT) to provide cybersecurity training at relevant moments, improving user engagement and retention.
• CBMT integrates training into real-world scenarios, such as reading emails or creating passwords, to address common cyberattack methods.
• Traditional cybersecurity training methods are critiqued for their lack of effectiveness in retaining user attention and knowledge.
• Joakim used a design science approach to refine CBMT, involving over 1800 survey participants and 300 experiment participants in the process.
• Evaluations show that CBMT supports secure user behavior and is well-received by users.
• The importance of usability in security practices is emphasized, highlighting that user-friendly training increases adoption and compliance.
• CBMT provides a guide for practitioners on implementing effective cybersecurity training and supports procurement decisions.
• Future research should explore the interplay between training and other support mechanisms, as training alone is insufficient to ensure comprehensive cybersecurity.

About our guests:

Joakim Kävrestad

https://ju.se/personinfo.html?sign=KAVJOA

https://www.linkedin.com/in/joakimkavrestad/

Papers or resources mentioned in this episode:

1. Kävrestad, J., Hagberg, A., Nohlberg, M., Rambusch, J., Roos, R., & Furnell, S. (2022). Evaluation of Contextual and Game-Based Training for Phishing Detection. Future Internet, 14(4), 104. https://doi.org/10.3390/fi14040104
2. Kävrestad, J. (2022). Context-Based Micro-Training: Enhancing Cybersecurity Training for End-Users (Doctoral dissertation). University of Skövde. ISBN 978-91-984919-9-9. Link to dissertation
3. Kävrestad, J., & Nohlberg, M. (2020). Context-Based Micro-Training: A Framework for Information Security Training. 14th International Symposium on Human Aspects of Information Security and Assurance (HAISA), Mytilene, Lesbos, Greece, 71-81. https://doi.org/10.1007/978-3-030-57404-8_6

Other:

The button that makes a noise at a street crossing is called a “pedestrian call button” Interestingly they work differently in different countries, They look different, they feel different, they make different noises, some of them have haptic indicators, some call for the lights to change, some don’t, some make sound all the time others just provide more accessible indicators when pressed.

• Introduction to Cybercrime Research: Dr. Hutchings and Ahn Vu introduce their work at the Cambridge Cybercrime Centre.
• Global Conflicts and Cyber Activities: Discussion on how global conflicts, such as those in Ukraine and Israel-Gaza, spur cybercrime activities like website defacements and DDoS attacks.
• Cyber Tactics During Warfare: Insights into how cyber tactics are employed quickly after conflicts start, with a focus on how these activities serve both political propaganda and cybercriminal interests.
• Deplatforming Hate Groups: In-depth analysis of the challenges faced when deplatforming hate groups, specifically referencing the Kiwi Farms case.
• Temporary Effects of Cyber Attacks: Observations on the short-lived nature of heightened cyber activities post-conflict, with a decline in interest and activities after initial spikes.
• Challenges of Cybercrime Research: Discussion on the difficulties in tracking and attributing cyber attacks, particularly those by decentralized and loosely organized groups.
• Unintended Consequences of Deplatforming: Exploration of how attempts to silence harmful online communities can lead to increased attention and unintended reinforcement of these groups.
• Closing Thoughts: Dr. Hutchings and Ahn Vu summarize the ongoing challenges and the evolving landscape of cybercrime in the context of international security and online governance.

About our guests:

Dr. Alice Hutchings:

https://www.cl.cam.ac.uk/~ah793/

Anh V. Vu

https://www.cst.cam.ac.uk/people/vv301

Papers or resources mentioned in this episode:

Anh V. Vu, Alice Hutchings, Ross Anderson. No Easy Way Out: the Effectiveness of Deplatforming an Extremist Forum to Suppress Hate and Harassment. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'24)

Anh V. Vu, Daniel R. Thomas, Ben Collier, Alice Hutchings, Richard Clayton, Ross Anderson. Getting Bored of Cyberwar: Exploring the Role of Low-level Cybercrime Actors in the Russia-Ukraine Conflict. In Proceedings of the ACM World Wide Web Conference (WWW'24)

Other:

• No AI's were harmed during the creation of this episode, however they were definitely involved in the work of editing and drafting copy.
• If you want to hear more from Dr. Hutchings, you can find her way back on episode 4 .... 101 episodes ago ....
• Apologies if the end of the episode seemed a little loud.

• Dr. Tom Holt discussed the nascent stages of cybercrime research during his doctoral studies, highlighting its evolution into a more recognized and competitive field.
• He emphasized the growth of cybercrime studies and the challenges of carving a niche within an expanding academic and professional landscape.
• Dr. Holt pointed out the potential of interdisciplinary collaboration between social sciences and computer science as crucial for advancing cybercrime research.
• The importance of online subcultures and ideological spaces in cybercrime dynamics was discussed, noting their influence on criminal activities and group formations.
• He delved into the realm of ideologically motivated cyber attacks, underscoring the need for better legal and enforcement frameworks to address such threats.
• Dr. Holt provided examples of cyber attacks by extremist groups, showing a strategic shift towards cyber tactics for ideological, not financial, reasons.
• The conversation highlighted the critical role of comprehensive data in understanding the scope and nature of cyberterrorism and ideological cyber attacks.
• Reflecting on his career, Dr. Holt offered insights on the importance of continuous learning and interdisciplinary collaboration for researchers in the cybercrime field.

About our guests:

Dr. Tom Holt

https://cj.msu.edu/directory/holt-thomas.html

https://www.linkedin.com/in/tom-holt-3242a322/

Papers or resources mentioned in this episode:

Cassandra Cross & Thomas J. Holt (2023) More than Money: Examining the Potential Exposure of Romance Fraud Victims to Identity Crime, Global Crime, 24:2, 107-121, DOI: 10.1080/17440572.2023.2185607

Holt, T. J., Turner, N. D., Freilich, J. D., & Chermak, S. M. (2022). Examining the Characteristics That Differentiate Jihadi-Associated Cyberattacks Using Routine Activities Theory. Social Science Computer Review, 40(6), 1614-1630. https://doi.org/10.1177/08944393211023324

Thomas J. Holt, Jin Ree Lee, Joshua D. Freilich, Steven M. Chermak, Johannes M. Bauer, Ruth Shillair& Arun Ross (2022) An Exploratory Analysis of the Characteristics of Ideologically Motivated Cyberattacks, Terrorism and Political Violence, 34:7, 1305-1320, DOI: 10.1080/09546553.2020.1777987

Thomas J. Holt, Joshua D. Freilich & Steven M. Chermak (2022) Examining the Online Expression of Ideology among Far-Right Extremist Forum Users, Terrorism and Political Violence, 34:2, 364-384,DOI: 10.1080/09546553.2019.1701446

Other:

Wait for wisdom, Learn to listen, Succession is Success.

• Dr Chang's background in law and sociology led him to specialize in criminology, particularly cybercrime, after observing its emerging relevance.
• He chose to pursue his PhD in Australia due to scholarship opportunities and the chance to work with a leading cybercrime researcher.
• Dr Chang discusses virtual kidnapping, a scam where victims are manipulated into isolating themselves, enabling scammers to demand ransom from their families.
• He highlights the challenges of combating cybercrime, including jurisdictional issues and the need for international police collaboration.
• Dr Chang emphasizes the importance of public awareness and education to prevent scams, as well as better victim support systems.
• The interview also touches on the role of financial institutions in preventing scams and the potential future threats posed by technologies like AI and ChatGPT in cybercrime.

About our guests:

Dr Lennon Chang

https://www.deakin.edu.au/about-deakin/people/lennon-chang

Papers or resources mentioned in this episode:

1. Chang, L. Y.-C., Zhong, L.-Y., & Grabosky, P. (2020). Virtual Kidnapping: Online Scams with ‘Asian Characteristics’ During the Pandemic. In Crime and Justice in Digital Society (pp. 112-113). ResearchGate. Note: APA format typically requires publisher information, which is not provided in this excerpt.

Other:

The intro an outro was drafted using generative AI. I think it gave a different flavour.

1. The software developed by Bryce Westlake, Russell Brewer and colleagues aims to assist law enforcement agencies in identifying perpetrators of child sexual abuse material (CSAM) offences by using multiple biometric markers.
2. The unique function of the software is its capability to synthesize, triage, and systematically review all evidence holdings that law enforcement might seize, thereby automating the process and speeding up investigations.
3. The software can ingest a variety of media files, extract multiple biometric features from those files, and identify subjects contained within, matching them across data sets, reducing investigator exposure to CSAM and speeding up the investigative process.
4. One of the key aspects addressed by the software is the ability to identify new content, overcoming the limitations of current reactive methods used in combating CSAM (i.e. matching file hashes).
5. The software is leverages social networking analysis and other techniques to assist investigators to identify links between offenders, victims, places and objects, potentially opening new avenues or focusing detective work.
6. The project aims to connect law enforcement agencies nationally and globally, enabling them to share information and collaborate on cases, despite the challenges posed by different laws and data transmission regulations.
7. The software's ability to systematically catalog and review all available data provides a more comprehensive and unbiased  investigative process as choices about which media is reviewed, reducing the impact of investigator intuition and fragmented intelligence.
8. The software has received funding for research and development, leading to the creation of a functional prototype for law enforcement  in Australia and they are now looking at having it implemented by police more widely. 
9. The development of AI technology has a positive impact on the  technology, as new matching tools are "plug and play".
10. One of the challenges faced in implementing the software is convincing law enforcement to adopt new technologies and methods, as they may be hesitant to change from established routines, despite the potential benefits of the new system.

About our guests:

Russell Brewer

https://researchers.adelaide.edu.au/profile/russell.brewer#professional-activities

Bryce Westlake

https://www.brycewestlake.com

https://www.sjsu.edu/justicestudies/about-us/directory/westlake-bryce.php

Papers or resources mentioned in this episode:

Brewer R et al. 2023. Advancing child sexual abuse investigations using biometrics and social network analysis. Trends & issues in crime and criminal justice no. 668. Canberra: Australian Institute of Criminology. https://doi.org/10.52922/ti78948

Westlake B et al. 2022. Developing automated methods to detect and match face and voice biometrics in child sexual abuse videos. Trends & issues in crime and criminal justice no. 648. Canberra: Australian Institute of Criminology. https://doi.org/10.52922/ti78566

DEVELOPING AUTOMATED SOFTWARE TOOLS: To Detect Child Sexual Abuse Material Online.

https://adelaidecybercrime.org/software

Other:

This interview

Russell Brewer

https://researchers.adelaide.edu.au/profile/russell.brewer

Lennon Chang

https://www.deakin.edu.au/about-deakin/people/lennon-chang

Benoit Dupont

https://www.benoitdupont.net/en/

Steven Kemp

https://www.udg.edu/ca/directori/pagina-personal?ID=2003705

Rutger Leukfedt

https://www.universiteitleiden.nl/en/staffmembers/rutger-leukfeldt#tab-1

Katalin Parti,

https://liberalarts.vt.edu/departments-and-schools/department-of-sociology/faculty/katalin-parti.html

Bryce Westlake.

https://www.brycewestlake.com

Papers or resources mentioned in this episode:

Harari, Y. N. (2015). Sapiens. Harper.

https://www.ynharari.com/book/sapiens-2/

Other:

I edited this one on the road, apologies if the quality is not quite what you are used to.

The next episode will be at the start of next month. 

The main points of this episode are:

1. Celebrating the 100th episode of cybercrimeology and reflecting on the podcast's journey over the past three years.
2. Discussing the use of new technologies, such as AI, for analyzing and understanding the podcast's content.
3. Analyzing the podcast's content using natural language processing and summarization techniques to identify recurring themes and research topics.
4. Identifying common themes in the podcast, including abuse in relationships, privacy invasion, law enforcement in cybercrime, social engineering, and age-related factors in cybercrime.
5. Discussing various research methodologies covered in the podcast, such as technographs, online experiments, and survey research.
6. Highlighting the dedication of guests who share their time and research without any financial incentives.
7. Answering questions about the process of creating each episode, including research, interviews, editing, and production.
8. Discussing the volume of work represented by 99 episodes totaling over 5 hours of content and involving 96 guests.
9. Reflecting on the impact of the podcast and its growth over the past three years, including achieving 100,000 downloads.
10. Looking forward to the future of the podcast and the potential for new technologies to enhance its content and reach.

About our guests:

Alloy:

https://platform.openai.com/docs/guides/text-to-speech

voicing generations from

ChatGPT

https://openai.com/blog/chatgpt

Papers or resources mentioned in this episode:

The BART model:

https://huggingface.co/docs/transformers/model_doc/bart

The DistilBERT model:

https://huggingface.co/docs/transformers/model_doc/distilbert

Results:

Which terms were spoken about the most and what was the sentiment around those ? 

Was there a change in the sentiment of the podcast after the end of  pandemic conditions, assuming that the pandemic ended at the end of Q3 2021? 

The model is given by:

yi∼Normal(μi,σ)yi​∼Normal(μi​,σ)

where

μi=β0+βafter_event⋅xiμi​=β0​+βafter_event​⋅xi​

Here, the parameters are defined as follows:

• β0β0​: Intercept, with a Student's t-distribution prior with 3 degrees of freedom, a location parameter of 0.8, and a scale parameter of 2.5.
• βafter_eventβafter_event​: Coefficient for the predictor variable (after_event), with a flat prior.
• σσ: Standard deviation of the response variable, with a Student's t-distribution prior with 3 degrees of freedom, a location parameter of 0, and a scale parameter of 2.5.

This provided the results as follows:

Population-Level Effects:

           Estimate Est.Error l-95% CI u-95% CI Rhat Bulk_ESS Tail_ESS

Intercept       0.37      0.06     0.26     0.48 1.00     3884     2917

after_event     0.39      0.08     0.23     0.54 1.00     3561     2976

Family Specific Parameters:

     Estimate Est.Error l-95% CI u-95% CI Rhat Bulk_ESS Tail_ESS

sigma     0.38      0.03     0.33     0.44 1.00     3608     2817

Other:

The model overlooked Mike Levi's contribution to the History series.  That is a bit unfair.  

Where there were multiple guests, I did not include them all in the database, hence "no specific guest listed"

- Rutger Leukfeldt discusses his background and how he became involved in cybersecurity research. - The importance of cybersecurity education and the new cybersecurity bachelor program at Leiden University. 

- The need for a multidisciplinary approach to cybersecurity, which includes not only technical skills but also social and legal aspects. 

- Hack_Right is a program designed for juvenile offenders in the Netherlands who have committed cyber-dependent crimes. The program aims to provide education and support to help young offenders turn away from cybercrime and develop positive skills and behaviors. Dr Leukfeldt  emphasizes that the program is not about Russian hackers or fraudsters who make millions, but rather about those kids who are experimenting and need help. He also mentions that the program was evaluated through a research study conducted by the Netherlands Institute for the Study of Crime and Law Enforcement (NSCR), which found that the program was effective in reducing recidivism among young offenders who participated in the program. 

- Regarding interdisciplinary research, Dr Leukfeldt explains that it can be difficult because different disciplines have different traditions and expectations when it comes to research. For example, one discipline may prioritize publishing in academic journals, while another may prioritize presenting at conferences. This can create practical issues for a team that is trying to work together, as different members may have different timelines and goals. Additionally, traditional reviewers may not be familiar with other fields, which can make it challenging to defend interdisciplinary research against criticism. Rutger notes that these challenges can be overcome through effective communication and collaboration, but they do require effort and a willingness to work across disciplines.

- Rutger emphasizes the importance of being constructive and thoughtful in providing feedback. He suggests that reviewers should not only point out flaws in a paper but also offer suggestions for improvement. Additionally, he notes that good reviewers should try to approach a paper with an open mind and be willing to learn from it, even if they are not experts in the field. By doing so, reviewers can help to ensure that research is rigorous, relevant, and impactful. Rutger encourages everyone to strive to be that kind of reviewer who provides constructive feedback and helps to improve the quality of research.

About our Guest:

https://www.universiteitleiden.nl/en/staffmembers/rutger-leukfeldt#tab-1

https://nscr.nl/en/medewerker/dr-rutger-leukfeldt/

https://www.linkedin.com/in/rutgerleukfeldt

Papers or resources mentioned in this episode:

J. A. M. Schiks, Susanne van ’t Hoff-de Goede & Rutger E. Leukfeldt (2023) An alternative intervention for juvenile hackers? A qualitative evaluation of the Hack_Right intervention, Journal of Crime and Justice, DOI: 10.1080/0735648X.2023.2252394

Loggen, J., Moneva, A., & Leukfeldt, R. (2024). A systematic narrative review of pathways into, desistance from, and risk factors of financial-economic cyber-enabled crime. Computer Law & Security Review, 52, 105858.

https://doi.org/10.1016/j.clsr.2023.105858

Other:

Dutch police send young hackers to intern at IT companies

https://nltimes.nl/2018/12/18/dutch-police-send-young-hackers-intern-companies

20 Companies Pledge Support for the Hack_Right Program

https://www.bleepingcomputer.com/news/security/20-companies-pledge-support-for-the-hack-right-program/

- Dr. Benoît Dupont has written a book on the ecology of cybercrime, which was born from his frustration with the segmentation of research on cybercrime within criminology and between disciplines. 

- The book argues that all research on cybercrime should be connected because we all live in the same digital ecosystem. - There are many hurdles and obstacles in the way of making positive change in the fight against cybercrime, but Dr. Dupont is optimistic about our chances. 

- Residual cybercrime will always subsist, but it can also help identify vulnerabilities in technologies that the industry hasn't identified, which can help improve security. 

- It's important to address the needs of victims of cybercrime, which is often forgotten. 

- The government has the data or the tools to generate the data but needs to work with the private sector and academia to make sense of the data and agree on a roadmap for anti-cybercrime and anti-cybercrime control and prevention.

About our Guest:

Dr. Benoît Dupont

https://crim.umontreal.ca/repertoire-departement/professeurs/professeur/in/in15263/sg/Benoît Dupont/

https://www.linkedin.com/in/benoit-dupont-9369702/

Papers or resources mentioned in this episode:

Dupont, B., Grabosky, P., & Shearing, C. (2003). The Governance of Security in Weak and Failing States. Criminal Justice, 3(4), 331-349. https://doi.org/10.1177/146680250334001

Berg, J., Nakueira, S. & Shearing, C. 2014. Global Non- State Auspices of Security Governance. In: Bersot, H. & Ariigo, B. Eds. The Routledge Handbook of International Crime and Justice Studies. Routledge, 77-97

Other:

“Much time and energy have been devoted by taxonomists to isolating morphological patterns of species and subspecies and determining the geographic ranges of each. This is only a stepping stone to further progress in many lines- units around which accumulations of knowledge could be formed for comparison with one another. Until such units are stabilized so that they can be recognized, specific knowledge cannot accumulate - it will of necessity be generalized because, without such standardization, one worker cannot add to the specific knowledge of others.” pp.3.

Woodbury, A. M. (1952). Ecological taxonomy. Science, 115(2992), 3-3.

1. Dr. Kemp initially moved to Spain and worked as an English teacher before deciding to go back to university to study a social science. He ended up choosing criminology due to the available classes in the morning.
2. While in university, Dr. Kemp became interested in corporate crime and white-collar crime, but later specialized in cybercrime due to its potential for funding and career opportunities.
3. Dr. Kemp discussed the challenges of studying in a different country and in a non-native language. He initially had limited Spanish proficiency but learned the language to a level where he could pursue a degree taught mainly in Spanish.
4. Cybercrime is still significantly underreported, with organizations often weighing the incentives and reasons not to report, such as reputational damage and potential increases in insurance premiums.
5. Small and medium-sized enterprises (SMEs) face difficulties in reporting cybercrimes due to the technical abilities and resources required. The reporting systems are not conducive to SMEs, and there is a need for assistance and support from states to streamline the reporting process for smaller organizations.
6. Dr. Kemp emphasized the importance of distinguishing between reporting cybercrimes to police and criminal justice authorities versus reporting to cybersecurity providers. He noted that there seems to be more interest in private organizations reporting to other private organizations, possibly due to concerns about reputational damage.
7. Dr. Kemp highlighted the limited access to data in Spain and Latin American countries, which hinders research in those regions. He mentioned the lack of a culture of evaluation and the absence of centralized data repositories. This limitation is problematic due to the questionable generalizability of research findings from other countries to Spain and Latin America.
8. Dr. Kemp expressed the need for more longitudinal surveys to better understand the effectiveness of cybersecurity controls and tools. Cross-sectional surveys have limitations in establishing causal relationships and unraveling the timing of control implementation and incidents.
9. Dr. Kemp discussed his upcoming book on cyber fraud, which aims to bring international literature on the topic of cybercrime to the Spanish-speaking world. He acknowledged the challenge of applying research findings from other countries to Spanish-speaking contexts, particularly concerning offender characteristics and prevention measures.
10. Dr. Kemp mentioned his recent work on online victimization and older people, focusing on the impact of fear of crime and the digital divide. He emphasized the need to address older adults' concerns and promote their full participation in the digital society.

About our guest:

Dr Steven Kemp

https://www.udg.edu/ca/directori/pagina-personal?ID=2003705

https://www.linkedin.com/in/steven-kemp-ed/

Papers or resources mentioned in this episode:

Kemp, S., Buil-Gil, D., Miró-Llinares, F., & Lord, N. (2023). When do businesses report cybercrime? Findings from a UK study. Criminology & Criminal Justice, 23(3), 468-489. https://doi.org/10.1177/17488958211062359

Kemp, S. (2023). Exploring public cybercrime prevention campaigns and victimization of businesses: A Bayesian model averaging approach. Computers & Security, 127, 103089.

https://doi.org/10.1016/j.cose.2022.103089

Kemp, S. (2022). Fraud reporting in Catalonia in the Internet era: Determinants and motives. European Journal of Criminology, 19(5), 994-1015. https://doi.org/10.1177/1477370820941405

Other:

I am pretty sure I mis-pronounced ‘Girona’, my apologies to the good people from that part of the world.

Dr. Katalin Parti

https://liberalarts.vt.edu/departments-and-schools/department-of-sociology/faculty/katalin-parti.html

https://www.linkedin.com/in/partikat

Papers or resources mentioned in this episode:

PROS: Performances to Reduce Online Scams

https://liberalarts.vt.edu/research-centers/center-for-gerontology/pros--performances-to-reduce-online-scams.html

Parti, Katalin, and Faika Tahir. 2023. "“If We Don’t Listen to Them, We Make Them Lose More than Money:” Exploring Reasons for Underreporting and the Needs of Older Scam Victims" Social Sciences 12, no. 5: 264. https://doi.org/10.3390/socsci12050264

Parti, K. (2022). “Elder Scam” Risk Profiles: Individual and Situational Factors of Younger and Older Age Groups’ Fraud Victimization.

https://vtechworks.lib.vt.edu/bitstream/handle/10919/112369/Parti_IJCIC_2022.pdf?sequence=2&isAllowed=y

Boal, A. (2000). Theater of the Oppressed. United Kingdom: Pluto.

Freire, P. (1970). Pedagogy of the Oppressed. United States: Herder and Herder.

https://envs.ucsc.edu/internships/internship-readings/freire-pedagogy-of-the-oppressed.pdf

Other:

https://en.wikipedia.org/wiki/Pedagogy_of_the_Oppressed

https://en.wikipedia.org/wiki/Theatre_of_the_Oppressed

My laptop died a few hours before completing this episode.  At this point I am guessing it was some kind of issue with the latest update.  It is currently a brick.  Good thing I spend a lot of time thinking about resilience otherwise this episode would not have happened.  

Kenrick Bagnall

https://www.linkedin.com/in/kenrickbagnall/

Papers or resources mentioned in this episode:

KonCyber the Podcast

https://koncyberthepodcast.podbean.com

Other:

If I took anything from Kenrick's story, besides of course all of the policing and technical stuff,  it was that you are not too old to seek or take advice nor are you too old to start again. 

Dr Teresa Scassa

https://techlaw.uottawa.ca/people/scassa-teresa

https://www.teresascassa.ca

Papers or resources mentioned in this episode:

Robinson, P., & Scassa, T. (2022). The Future of Open Data.

https://ruor.uottawa.ca/bitstream/10393/43648/1/9780776629759_WEB.pdf

Scassa, T. (2020). Designing data governance for data sharing: lessons from sidewalk Toronto.

Scassa, T., Robinson, P., & Mosoff, R. (2022). The Datafication of Wastewater:: Legal, Ethical and Civic Considerations. Technology and Regulation, 2022, 23-35

Scassa, T. (2022). The surveillant university: Remote proctoring, AI, and human rights. Can. J. Comp. & Contemp. L., 8, 271.

Scassa, T. (2023). Regulating AI in Canada: A critical look at the proposed artificial intelligence and data act. The Canadian Bar Review, 101(1)

Other:

This episode was edited using an 'AI' tool for part of the workflow and part of the intro was written by AI.  The intro was then rewritten and some of the work of the other AI tool had to be redone manually.   We are at the 'click a button and it is done' stage yet.  

Dr. Richard Frank

https://www.sfu.ca/criminology/about/faculty/criminology-faculty/richard-frank.html

Noelle Warkentin

https://www.sfu.ca/iccrc/members/memberprofiles/Noelle-Warkentin.html

Papers or resources mentioned in this episode:

Noelle Warkentin, Richard Frank, Yuxuan (Cicilia) Zhang & Naomi Zakimi (2022) Potential cyber-threats against Canada’s critical infrastructure: an investigation of online discussion forums,Criminal Justice Studies, 35:3, 322-345, DOI: 10.1080/1478601X.2022.2081568

Frank, R., & Mikhaylov, A. (2020). Beyond the ‘Silk Road’: Assessing illicit drug marketplaces on the public web. Open Source Intelligence and Cyber Crime: Social Media Analytics, 89-111.

https://link.springer.com/chapter/10.1007/978-3-030-41251-7_4

A. T. Zulkarnine, R. Frank, B. Monk, J. Mitchell and G. Davies, "Surfacing collaborated networks in dark web to find illicit and criminal content," 2016 IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, AZ, USA, 2016, pp. 109-114, doi: 10.1109/ISI.2016.7745452.

https://ieeexplore.ieee.org/abstract/document/7745452

Other:

Allysa Czerwinsky

https://www.socialsciences.manchester.ac.uk/criminology/research/postgraduate-research/phd-students/

Diana Benitez

Kwasi Boakye-Boateng

https://www.linkedin.com/in/kwasi-boakye-boateng-63493412/

https://www.unb.ca/cic/membership/researchers.html

Rachel Bleiman

https://liberalarts.temple.edu/content/rachel-bleiman

Shabnam Saderi

https://scholar.google.com/citations?hl=en&user=LVnEWXoAAAAJ&view_op=list_works&citft=1&citft=2&citft=3&email_for_op=cic.unb.ca%40gmail.com&gmla=AHoSzlVYTOE3KQjjnontUQ0nxOb5LshadwXIRGvt5WbMjlB_dt6e06uBFq49mTOKhOeWY5rb6WW0IpdIgzZ5lXjpvCyfFEjJ42xdUQuchLkiWWagJkl1PfMwMuGFOXDqZre9N_ZGEm2GvkQTypZbTrueIZffWnmB92l0_WHPMWn87GGOA0zSox6_RsMGDVcrxwJuJLgrMRNQzD0DGaGURrf7JvqiKXFyQP_blMEiI4eIpSIK

https://www.unb.ca/cic/membership/researchers.html

Vicky Desjardins

https://www.linkedin.com/in/💫vicky-desjardins-208134221/

Allysa Czerwinsky

https://www.socialsciences.manchester.ac.uk/criminology/research/postgraduate-research/phd-students/

Diana Benitez

Kwasi Boakye-Boateng

https://www.linkedin.com/in/kwasi-boakye-boateng-63493412/

https://www.unb.ca/cic/membership/researchers.html

Rachel Bleiman

https://liberalarts.temple.edu/content/rachel-bleiman

Shabnam Saderi

https://scholar.google.com/citations?hl=en&user=LVnEWXoAAAAJ&view_op=list_works&citft=1&citft=2&citft=3&email_for_op=cic.unb.ca%40gmail.com&gmla=AHoSzlVYTOE3KQjjnontUQ0nxOb5LshadwXIRGvt5WbMjlB_dt6e06uBFq49mTOKhOeWY5rb6WW0IpdIgzZ5lXjpvCyfFEjJ42xdUQuchLkiWWagJkl1PfMwMuGFOXDqZre9N_ZGEm2GvkQTypZbTrueIZffWnmB92l0_WHPMWn87GGOA0zSox6_RsMGDVcrxwJuJLgrMRNQzD0DGaGURrf7JvqiKXFyQP_blMEiI4eIpSIK

https://www.unb.ca/cic/membership/researchers.html

Vicky Desjardins

https://www.linkedin.com/in/💫vicky-desjardins-208134221/

About our guests:

Allysa Czerwinsky

https://www.socialsciences.manchester.ac.uk/criminology/research/postgraduate-research/phd-students/

Diana Benitez

Kwasi Boakye-Boateng

https://www.linkedin.com/in/kwasi-boakye-boateng-63493412/

https://www.unb.ca/cic/membership/researchers.html

Rachel Bleiman

https://liberalarts.temple.edu/content/rachel-bleiman

Shabnam Saderi

https://scholar.google.com/citations?hl=en&user=LVnEWXoAAAAJ&view_op=list_works&citft=1&citft=2&citft=3&email_for_op=cic.unb.ca%40gmail.com&gmla=AHoSzlVYTOE3KQjjnontUQ0nxOb5LshadwXIRGvt5WbMjlB_dt6e06uBFq49mTOKhOeWY5rb6WW0IpdIgzZ5lXjpvCyfFEjJ42xdUQuchLkiWWagJkl1PfMwMuGFOXDqZre9N_ZGEm2GvkQTypZbTrueIZffWnmB92l0_WHPMWn87GGOA0zSox6_RsMGDVcrxwJuJLgrMRNQzD0DGaGURrf7JvqiKXFyQP_blMEiI4eIpSIK

https://www.unb.ca/cic/membership/researchers.html

Vicky Desjardins

https://www.linkedin.com/in/💫vicky-desjardins-208134221/

Rachel Bleiman

https://liberalarts.temple.edu/content/rachel-bleiman

Prof Nicolas Vermeys

https://www.vermeys.com

Papers or resources mentioned in this episode:

Rege, A., & Bleiman, R. (2021, December). Collegiate Social Engineering Capture the Flag Competition. In 2021 APWG Symposium on Electronic Crime Research (eCrime) (pp. 1-11). IEEE.

Rege, A., Nguyen, T., & Bleiman, R. (2020, August). A social engineering awareness and training workshop for STEM students and practitioners. In 2020 IEEE Integrated STEM Education Conference (ISEC) (pp. 1-6). IEEE.

Rege, A., & Bleiman, R. (2023, March). A Free and Community-Driven Critical Infrastructure Ransomware Dataset. In Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media: Cyber Science 2022; 20–21 June; Wales (pp. 25-37). Singapore: Springer Nature Singapore.

Other:

The CARE Lab

https://sites.temple.edu/care/social-engineering/course-projects/

The Critical Infrastructure Ransomware Attacks (CIRA) Dataset

https://sites.temple.edu/care/cira/

The Summer Social Engineering School

https://sites.temple.edu/socialengineering/

This episode was edited in part using a text based editing tool that uses machine learning. I think the results were a bit mixed on this episode, particularly in terms of workflow. The tools offer promise though.

Allysa Czerwinsky

https://www.socialsciences.manchester.ac.uk/criminology/research/postgraduate-research/phd-students/

Prof Nicolas Vermeys

https://www.vermeys.com

Papers or resources mentioned in this episode:

Julia R. DeCook & Megan Kelly (2022) Interrogating the “incel menace”: assessing the threat of male supremacy in terrorism studies, Critical Studies on Terrorism, 15:3, 706-726, DOI: 10.1080/17539153.2021.2005099

Kelly, M., DiBranco, A., & DeCook, J. R. (2022). Misogynist incels and male supremacist violence. In Male supremacism in the United States (pp. 164-180). Routledge.

DeCook, Julia (19 March, 2021) The Issue Isn’t Incels. It’s Racist Misogyny, Global Network on Extremism & Technology**,** https://gnet-research.org/2021/03/19/the-issue-isnt-incels-its-racist-misogyny/

Other:

Research by Tim Squirrell et al

https://www.isdglobal.org/isd-publications/?fwp_publication_category=hate-and-polarisation

News articles regarding the Toronto Van attack:

https://www.cp24.com/news/victims-families-dignitaries-mark-fifth-anniversary-of-deadly-toronto-van-attack-1.6367465

https://www.vice.com/en/article/bvx4kq/incel-toronto-van-killer-found-guilty-of-murdering-10-people

The interview with Allysa was created as part of the secrev.org conference.

This episode was edited in part using text first audio edition that uses machine learning. It's not bad but I think there are some improvements.

Dr Kevin Steinmetz

https://www.k-state.edu/sasw/faculty/steinmetz.html

https://scholar.google.com/citations?user=mEgRonIAAAAJ&hl=en

Prof Nicolas Vermeys

https://www.vermeys.com

Papers or resources mentioned in this episode:

Steinmetz, K. F., & Henderson, H. (2012). Hip-Hop and Procedural Justice: Hip-Hop Artists’ Perceptions of Criminal Justice. Race and Justice, 2(3), 155–178. https://doi.org/10.1177/2153368712443969

Kevin F. Steinmetz (2023) Executing Effective Social Engineering Penetration Tests: A Qualitative Analysis,Journal of Applied Security Research, 18:2, 246-266, DOI: 10.1080/19361610.2021.2002119

Steinmetz, K. F., & Holt, T. J. (2023). Falling for Social Engineering: A Qualitative Analysis of Social Engineering Policy Recommendations. Social Science Computer Review, 41(2), 592–607. https://doi.org/10.1177/08944393221117501

Goffman, E. (2002). The presentation of self in everyday life. 1959. Garden City, NY, 259.

Agnew, R. (2006). Pressured into crime: An overview of general strain theory.

Other:

This episode was in part edited using a text based audio editing which is an interesting application of machine learning technology to software.

Dr Jennifer L. Schally

https://cjrc.la.psu.edu/people/jennifer-l-schally/

Prof Nicolas Vermeys

https://www.vermeys.com

Papers or resources mentioned in this episode:

Derrickson, K. (2023). Advance-Fee Pet Scams Through the Lens of Narrative Victimology.

https://etda.libraries.psu.edu/catalog/25084ksd5317

Whittaker, J. M., & Button, M. (2020). Understanding pet scams: A case study of advance fee and non-delivery fraud using victims’ accounts. Australian & New Zealand Journal of Criminology, 53(4), 497-514.

Button, M., & Whittaker, J. (2021). Exploring the voluntary response to cyber-fraud: From vigilantism to responsibilisation. International Journal of Law, Crime and Justice, 66, 10048

Pemberton, A., Mulder, E., & Aarten, P. G. (2019). Stories of injustice: Towards a narrative victimology. European Journal of Criminology, 16(4), 391-412.

https://journals.sagepub.com/doi/pdf/10.1177/1477370818770843

Other:

The American Kennel Club on “How to Spot a Puppy Scam Online”

https://www.akc.org/expert-advice/puppy-information/spot-puppy-scam/

Brent, Y.(Nov 30, 2022) Beware kitten and puppy scams, as pandemic leads to spike in pet ripoffs, CBC News Canada.

https://www.cbc.ca/news/canada/kitten-pet-puppy-scam-spike-pandemic-canada-us-bbb-fraud-1.6667008

Jordan Howell

https://cina.gmu.edu/people/c-jordan-howell/

Prof Nicolas Vermeys

https://www.vermeys.com

Papers or resources mentioned in this episode:

Marie Ouellet, David Maimon, Jordan C Howell, Yubao Wu, The Network of Online Stolen Data Markets: How Vendor Flows Connect Digital Marketplaces, The British Journal of Criminology, Volume 62, Issue 6, November 2022, Pages 1518–1536, https://doi.org/10.1093/bjc/azab116

Howell, C. J., Fisher, T., Muniz, C. N., Maimon, D., & Rotzinger, Y. (2023). A Depiction and Classification of the Stolen Data Market Ecosystem and Comprising Darknet Markets: A Multidisciplinary Approach. Journal of Contemporary Criminal Justice, 10439862231158005.

https://journals.sagepub.com/doi/pdf/10.1177/10439862231158005

Other:

An assessment of ransomware distribution on darknet markets

https://cybersecurity.att.com/blogs/security-essentials/an-assessment-of-ransomware-distribution-on-darknet-markets

The episode with Dr. Eden Kamar talking about using chatbots for research 

https://cybercrimeology.com/episodes/my-parents-are-home-it-would-be-weird-chatbots-grooming-guardians

Dr Kyung-shick Choi

https://www.bu.edu/met/profile/kyung-shick-choi/

https://centercicboston.org

Prof Nicolas Vermeys

https://www.vermeys.com

Other:

Regarding the Canadian cybercrime laws mentioned:

https://www.rcmp-grc.gc.ca/en/cybercrime-defined

Dr Eden Kamar

https://www.linkedin.com/in/eden-kamar/

Prof Nicolas Vermeys

https://www.vermeys.com

Mentioned in this Episode:

Kamar, E., Maimon, D., Weisburd, D., & Shabat, D. (2022). Parental guardianship and online sexual grooming of teenagers: A honeypot experiment. Computers in Human Behavior, 137, 107386.

https://doi.org/10.1016/j.chb.2022.107386

Other:

Thanks to Dr David Maimon for arranging this interview.  Dr Eden Kamar was awarded her document and very quickly hired in the period between the recording and publishing of this episode.  Congratulations the London Metropolitan University gaining an exciting new associate professor.

Thomas Dearden

https://liberalarts.vt.edu/departments-and-schools/department-of-sociology/faculty/thomas-dearden.html

Scott Wright

https://www.linkedin.com/in/scottwright/

https://clickarmor.ca

Mentioned in this Episode:

France moving away from deterrence.

“using a deterrent approach in cyberspace that would force any attacker to exercise restraint against France is fanciful, but adopting response strategies that galvanise all the options the State has available, both European and international, means cyber attacks can be made particularly costly for attackers”- pp 131, page 39.

Secrétariat général de la défense et de la sécurité nationale (2022) National strategic review 2022 République Française

http://www.sgdsn.gouv.fr/uploads/2022/12/rns-uk-20221202.pdf

Australia moving towards deterrence.

Reuters 2022, 11 November Australia unveils joint cyber police taskforce to 'hunt down' hackers

https://www.reuters.com/technology/australia-unveils-joint-cyber-police-taskforce-hunt-down-hackers-2022-11-12/

The name of the mobile game developed in Vietnam was Flappy Bird.

https://en.wikipedia.org/wiki/Flappy_Bird

Other:

Apologies for the audio in this one,  we were in a room that suddenly became a lot more crowded after we pressed record.  If you hear yourself in the background,  next time come over and say 'hi'.  

Dr Marti DeLiema

https://www.cehd.umn.edu/ssw/people/mdeliema/

Scott Wright

https://www.linkedin.com/in/scottwright/

https://clickarmor.ca

Papers Mentioned in this Episode:

DeLiema, M., Li, Y., & Mottola, G. (2022). Correlates of responding to and becoming victimized by fraud: Examining risk factors by scam type. International Journal of Consumer Studies.https://onlinelibrary.wiley.com/doi/10.1111/ijcs.12886

DeLiema, M., Burnes, D., & Langton, L. (2021). The financial and psychological impact of identity theft among older adults. Innovation in Aging, 5(4), igab043. https://doi.org/10.1093/geroni/igab043

Carpenter, P., & Roer, K. (2022). The Security Culture Playbook: An Executive Guide to Reducing Risk and Developing Your Human Defense Layer . John Wiley & Sons.

https://www.securityculturebook.com

Thomas Hyslip

https://www.usf.edu/cbcs/criminology/faculty-staff/t-hyslip.aspx

Greg 

https://www.usa.gov

Scott Wright

https://www.linkedin.com/in/scottwright/

https://clickarmor.ca

Papers Mentioned in this Episode:

Paquet-Clouston, M., Paquette, S. O., Garcia, S., & Erquiaga, M. J. (2022). Entanglement: cybercrime connections of a public forum population. Journal of Cybersecurity, 8(1), tyac010.

Heath, C., & Heath, D. (2007). Made to stick: Why some ideas survive and others die. Random House.

https://heathbrothers.com/books/made-to-stick/

Other:

(Australia) Cyber Security Minister Clare O'Neil flags multiple reforms to protect personal data after Medibank data leaks

https://www.abc.net.au/news/2022-11-13/medibank-data-breach-cybersecurity-latest/101648178

​I​nternational Counter Ransomware Task Force

https://www.homeaffairs.gov.au/cyber-security-subsite/Pages/counter-ransomware-initiative.aspx

Dr Volkan Topalli

https://aysps.gsu.edu/profile/volkan-topalli/

Scott Wright

https://www.linkedin.com/in/scottwright/

https://clickarmor.ca

Papers Mentioned in this Episode:

National Crime Victimization Survey (NCVS) Data Dashboard (N-DASH)

https://ncvs.bjs.ojp.gov/Home

National Incident-Based Reporting System (NIBRS)

https://www.fbi.gov/how-we-can-help-you/more-fbi-services-and-information/ucr/nibrs

Wang, F., & Topalli, V. (2022). Understanding Romance Scammers Through the Lens of Their Victims: Qualitative Modeling of Risk and Protective Factors in the Online Context. American Journal of Criminal Justice , 1-37.

https://link.springer.com/article/10.1007/s12103-022-09706-4

Other:

Old wine in new bottles is an old expression, that probably predates the modern English language. As Brinton Webb Woodward put in back in the 1890s book Old Wine in New Bottles for Old and New Friends, “ … we thresh over the same old straw. In literature we find, and decant, and bottle up the old wine,. We pour over the old liquor into new packages and put on labels of our own. Haply we filter away the lees and dregs which time had precipitated to the bottom.” This is quite a nice spin on the phrase as it suggests time as an important element in the process of refining ideas and the process of transference as one that removes the garbage and possibly leaving a little space for the new. That is more positive than the modern interpretation of old institutions with a new name. Interestingly, as it pertains to this particular conversation it could be seen as a turn on the biblical expression of new wine in old wineskins, “. And no man putteth new wine into old bottles; else the new wine will burst the bottles, and be spilled, and the bottles shall perish.” Luke 3:37. This older expression can be taken to suggest that new ideas must be received into a new institutions or there could be a problematic conflict between older structure, or that prior knowledge can negatively affect the understanding of new concepts.

All this to say that the phrase ‘old wine in new bottles’ could be very appropriate to the process that is required for cybersecurity research, if we take Woodward’s interpretation. But it could really be a case of us struggling with ‘new wine in old bottles’.

In either case, the value of new researchers doing new forms of research with new theory is apparent.

Dr Yi Ting Chua

https://cj.ua.edu/people/dr-yi-ting-chua/

Dr Doris Krakrafaa-Bestman

https://www.aamu.edu/academics/colleges/business-public-affairs/departments/social-sciences/faculty-staff.html

Fangzhou Wang

https://aysps.gsu.edu/phd-student/wang-fangzhou/

Scott Wright

https://www.linkedin.com/in/scottwright/

https://clickarmor.ca

Papers or resources mentioned in this episode:

Wang, F., & Zhou, X. (2022). Persuasive Schemes for Financial Exploitation in Online Romance Scam: An Anatomy on Sha Zhu Pan (杀猪盘) in China. Victims & Offenders , 1-28.

https://doi.org/10.1080/15564886.2022.2051109

Other:

Newman, L.H. (Jan 2, 2023) Hacker Lexicon: What Is a Pig Butchering Scam?

https://www.wired.com/story/what-is-pig-butchering-scam/

The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter, Kai Roer

https://www.securityculturebook.com

I called this episode “Fraudiculture”, because I thought it interesting how the metaphors used to communicate the techniques seemed to target those with an understanding of agriculture, such as raising cows and pigs as endeavours performed with great care and even empathy, but an ultimate aim of exploitation.

I am not vegan, I just like to provide metaphorical options for those that prefer less violent phrasing.

“These are the cries of the carrots, the cries of the carrots! You see, Reverend Maynard Tomorrow is harvest day and to them it is the holocaust”

Tool (1993) Disgustipated[song]. On Undertow. Zoo entertainment.

Dr Thomas Dearden

https://liberalarts.vt.edu/departments-and-schools/department-of-sociology/faculty/thomas-dearden.html

Jordan Howell

https://cina.gmu.edu/people/c-jordan-howell/

Dr Marti DeLiema, 

https://www.cehd.umn.edu/ssw/people/mdeliema/

Dr Volkan Topali, 

https://aysps.gsu.edu/profile/volkan-topalli/

Eden Komar

https://ebcs.gsu.edu/profile/eden-kamar/

Dr Thomas Hyslip 

https://www.usf.edu/cbcs/criminology/faculty-staff/t-hyslip.aspx

And Gary

https://www.usa.gov 

Scott Wright

https://www.linkedin.com/in/scottwright/

https://clickarmor.ca

Conferences Mentioned in this Episode:

Also Look out for:

https://www.hfc-conference.com

https://www.cambridgecybercrime.uk

https://nsec.io

https://secrev.org/

Other:

Bloom's Taxonomy

https://en.wikipedia.org/wiki/Bloom's_taxonomy

This episode was a bit different because it was for the start of the year.  Back to the normal style next episode. 

Dr. Lauren Shapiro

https://www.jjay.cuny.edu/faculty/lauren-r-shapiro-phd

Scott Wright

https://www.linkedin.com/in/scottwright/

https://clickarmor.ca

Papers or resources mentioned in this episode:

Shapiro, L. R. (2022). Cyberpredators and Their Prey. CRC Press.

https://www.routledge.com/Cyberpredators-and-Their-Prey/Shapiro/p/book/9780367551698

Shapiro, L. R., & Maras, M. H. (2015). Multidisciplinary investigation of child maltreatment. Jones & Bartlett Publishers.

https://www.worldcat.org/title/875351759

Other:

To all my fellow Internuts,  try to take a few moments away from the screen to share the holiday period with the people around you, then you can get straight back on there :). 

Dr. Rainer Böhme

https://informationsecurity.uibk.ac.at/people/rainer-boehme/

https://scholar.google.com/citations?hl=en&user=ez_Q6GMAAAAJ&view_op=list_works&sortby=pubdate

Scott Wright

https://www.linkedin.com/in/scottwright/

https://clickarmor.ca

Papers or resources mentioned in this episode:

Böhme, R., Laube, S., & Riek, M. (2019). A fundamental approach to cyber risk analysis. Variance, 12(2), 161-185.

https://informationsecurity.uibk.ac.at/pdfs/BLR2019_FundamentalApproachCyberRiskInsurance_Variance.pdf

Woods, DW & Böhme, R 2021, 'How Cyber Insurance Shapes Incident Response: A Mixed Methods Study', Paper presented at The 20th Annual Workshop on the Economics of Information Security, 28/06/21 - 29/06/21. https://weis2021.econinfosec.org/wp-content/uploads/sites/9/2021/06/weis21-woods.pdf

Böhme, R., & Kataria, G. (2006, September). On the limits of cyber-insurance. In International Conference on Trust, Privacy and Security in Digital Business (pp. 31-40). Springer, Berlin, Heidelberg.

https://link.springer.com/content/pdf/10.1007/11824633_4.pdf

Other:

Virtual Assets Insurance (by Rainer Böhme), Actuarial Research Conference 2020

https://youtu.be/Sh9QM1tBqKc

Dr Michael Wilson

http://profiles.murdoch.edu.au/myprofile/michael-wilson/

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

Wilson, M., Cross, C., Holt, T., & Powell, A. (2022). Police preparedness to respond to cybercrime in Australia: An analysis of individual and organizational capabilities. Journal of Criminology , 55 (4), 468–494. https://doi.org/10.1177/26338076221123080

Cross, C., Holt, T., Powell, A., Wilson, M., (2021), Responding to cybercrime: Results of a comparison between community members and police personnel, Trends and Issues in Crime and Criminal Justice, 653, August 2021, pages 1 - 20.

Other:

That was the last episode in the series with Vanessa Henri, she is very busy running a business ;). https://henriwolf.law

https://nscr.nl/en/medewerker/dr-rutger-leukfeldt/

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

L. M. J. Bekkers & E. R. Leukfeldt (2022) Recruiting money mules on instagram: a qualitative examination of the online involvement mechanisms of cybercrime, Deviant Behavior, DOI: 10.1080/01639625.2022.2073298

Peelen, A. A. E., van de Weijer, S. G. A., van den Berg, C. J. W., & Leukfeldt, E. R. (2022). Employment Opportunities for Applicants with Cybercrime Records: A Field Experiment. Social Science Computer Review, 0(0). https://doi.org/10.1177/08944393221085706

Other:

I had a lot of issues with the equalization on this one.  My apologies if the apparent volume varies too much through the episode for your tastes.  

Dr Christian Leuprecht 

https://www.queensu.ca/academia/leuprecht/

Caitlyn Jenkins 

https://www.queensu.ca/iigr/jenkins-caitlyn

Rhianna Hamilton

https://www.queensu.ca/iigr/hamilton-rhianna

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

Leuprecht, C., Jenkins, C. and Hamilton, R. (2022), "Virtual money laundering: policy implications of the proliferation in the illicit use of cryptocurrency", Journal of Financial Crime, Vol. ahead-of-print No. ahead-of-print. https://doi.org/10.1108/JFC-07-2022-0161

Cullen Commission (2022) Commission of Inquiry into Money Laundering in British Columbia

https://cullencommission.ca/com-rep/

Other:

Financial Action Task Force (FATF) is the global money laundering and terrorist financing watchdog

https://www.fatf-gafi.org/home/

About our Guests:

Dr Ruth Shillair

https://comartsci.msu.edu/our-people/ruth-shillair

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

Shillair, R., Esteve-González, P., Dutton, W. H., Creese, S., Nagyfejeo, E., & Von Solms, B. (2022). National Level Evidence-Based Results, Challenges, and Promise. Computers & Security, 102756.

https://doi.org/10.1016/j.cose.2022.102756

Humphrey, W. S. (1988). Characterizing the software process: a maturity framework. IEEE software, 5(2), 73-79.

https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=2014&casa_token=viOPgCkogikAAAAA:khUCFSCaUx11Og8iSrJWS7liXtAypowrgOCv3D7BRFM8RDZ0X8adx_2_kseoYHd-NkWzn8LEg6NWQw&tag=1

Other:

The Global Cyber Security Capacity Centre

https://www.cybersecurity.ox.ac.uk/research/global-security-cyber-capacity

I said "graciolussly" at the start of the episode, I don't think that is a real word.  I meant graciously. 

Dr Sunil Chaudhary

https://www.ntnu.edu/employees/sunil.chaudhary

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

Chaudhary, S., Gkioulos, V., & Katsikas, S. (2022). Developing metrics to assess the effectiveness of cybersecurity awareness program. Journal of Cybersecurity , https://doi.org/10.1093/cybsec/tyac006 

Other:

https://cybersec4europe.eu/

Dr Masarah Paquet-Clouston 

https://crim.umontreal.ca/en/repertoire-departement/professeurs/professeur/in/in33261/sg/Masarah%20Paquet-Clouston/

https://www.linkedin.com/in/masarah-paquet-clouston-54b29587/

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

Paquet-Clouston, M., Paquette, S. O., Garcia, S., & Erquiaga, M. J. (2022). Entanglement: cybercrime connections of a public forum population. Journal of Cybersecurity, 8(1), tyac010.

https://academic.oup.com/cybersecurity/article/8/1/tyac010/6644916

Paquet-Clouston, M., & Bouchard, M. (2022). A Robust Measure to Uncover Community Brokerage in Illicit Networks. Journal of Quantitative Criminology, 1-29.

https://www.crimrxiv.com/pub/nhorzdki

Paquet-Clouston, M. C. (2021). The Role of Informal Workers in Online Economic Crime (Doctoral dissertation, Arts & Social Sciences: School of Criminology).

https://summit.sfu.ca/_flysystem/fedora/2022-08/input_data/21455/etd21636.pdf

Other:

This interview was done in person, I haven't done one of those for a long time and think my microphone technique is a little rusty, not only that I forgot to record some room tone. 

Dr. Periwinkle Doerfler

https://scholar.google.com/citations?user=beizXWkAAAAJ&hl=en

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

Doerfler, P., Forte, A., De Cristofaro, E., Stringhini, G., Blackburn, J., & McCoy, D. (2021). " I'm a Professor, which isn't usually a dangerous job": Internet-facilitated Harassment and Its Impact on Researchers. Proceedings of the ACM on Human-Computer Interaction, 5(CSCW2), 1-32. 

https://arxiv.org/pdf/2104.11145.pdf

Other:

Burke, Katie L. ( 2017, Sep) Harassment in Science, American Scientist, from:

https://www.americanscientist.org/article/harassment-in-science

Nogrady, Bianca (2021, 13 Oct) ‘I hope you die’: how the COVID pandemic unleashed attacks on scientists, Retreived from Nature.com:

https://www.nature.com/articles/d41586-021-02741-x

O'Grady, Cathleen (2022, 24 Mar) In the Line of Fire:Scientists have been harassed for years. But a Science survey shows the pandemic has made things far worse for some

https://www.science.org/content/article/overwhelmed-hate-covid-19-scientists-face-avalanche-abuse-survey-shows

Advice for researchers experiencing harassment by the Science Media Centre

https://www.sciencemediacentre.org/wp-content/uploads/2019/10/Advice-for-Researchers-Experiencing-Harrasment-2019.pdf

Dr David Lyon

https://www.sscqueens.org/people/david-lyon

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

Beyond Big Data Surveillance: Freedom and Fairness

https://www.sscqueens.org/news/beyond-big-data-surveillance-report-released

David Lyon (1994) Electronic Eye: The Rise of Surveillance Society

https://www.goodreads.com/book/show/237851.Electronic_Eye

David Lyon (2001) Surveillance Society: Monitoring Everyday Life

https://www.goodreads.com/book/show/237855.Surveillance_Society

David Lyon (2018) The Culture of Surveillance: Watching as a Way of Life

https://www.goodreads.com/book/show/36739405-the-culture-of-surveillance

David Lyon (2022) Pandemic Surveillance

https://www.politybooks.com/bookdetail?book_slug=pandemic-surveillance--9781509550302

Michel Foucault (1975) Discipline and Punish: The Birth of the Prison

https://www.goodreads.com/book/show/80369.Discipline_and_Punish

Smith, Richard Angus (2015) Spying and Surveillance in Shakespeare’s Dramatic Courts (Ph.D Thesis)

https://ses.library.usyd.edu.au/handle/2123/11591

Other:

History of Henry V

Act 2, Scene 2

DUKE OF BEDFORD:

 The king hath note of all that they intend,

By interception which they dream not of.

https://www.opensourceshakespeare.org/views/plays/play_view.php?WorkID=henry5&Act=2&Scene=2&Scope=scene

The Tragedy of Hamlet, Prince of Denmark

Act 3, Scene 1

KING CLAUDIUS:

Her father and myself, lawful espials,
Will so bestow ourselves that, seeing, unseen,
We may of their encounter frankly judge,
And gather by him, as he is behaved,
If 't be the affliction of his love or no
That thus he suffers for.

http://shakespeare.mit.edu/hamlet/hamlet.3.1.html

Dr David Lyon

https://www.sscqueens.org/people/david-lyon

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

Beyond Big Data Surveillance: Freedom and Fairness

https://www.sscqueens.org/news/beyond-big-data-surveillance-report-released

David Lyon (1994) Electronic Eye: The Rise of Surveillance Society

https://www.goodreads.com/book/show/237851.Electronic_Eye

David Lyon (2001) Surveillance Society: Monitoring Everyday Life

https://www.goodreads.com/book/show/237855.Surveillance_Society

David Lyon (2018) The Culture of Surveillance: Watching as a Way of Life

https://www.goodreads.com/book/show/36739405-the-culture-of-surveillance

David Lyon (2022) Pandemic Surveillance

https://www.politybooks.com/bookdetail?book_slug=pandemic-surveillance--9781509550302

Michel Foucault (1975) Discipline and Punish: The Birth of the Prison

https://www.goodreads.com/book/show/80369.Discipline_and_Punish

Smith, Richard Angus (2015) Spying and Surveillance in Shakespeare’s Dramatic Courts (Ph.D Thesis)

https://ses.library.usyd.edu.au/handle/2123/11591

Other:

History of Henry V

Act 2, Scene 2

DUKE OF BEDFORD:

 The king hath note of all that they intend,

By interception which they dream not of.

https://www.opensourceshakespeare.org/views/plays/play_view.php?WorkID=henry5&Act=2&Scene=2&Scope=scene

The Tragedy of Hamlet, Prince of Denmark

Act 3, Scene 1

KING CLAUDIUS:

Her father and myself, lawful espials,
Will so bestow ourselves that, seeing, unseen,
We may of their encounter frankly judge,
And gather by him, as he is behaved,
If 't be the affliction of his love or no
That thus he suffers for.

http://shakespeare.mit.edu/hamlet/hamlet.3.1.html

Holly Ann Garnett

https://www.rmc-cmr.ca/en/political-science-and-economics/holly-ann-garnett

https://www.queensu.ca/iigr/holly-ann-garnett

Michael Pal 

https://commonlaw.uottawa.ca/en/people/pal-michael

Vanessa Henri

https://www.linkedin.com/in/vanessahenri

Papers or resources mentioned in this episode:

Garnett HA, Pal M (2022) Cyber-Threats to Canadian Democracy,.

https://www.mqup.ca/cyber-threats-to-canadian-democracy-products-9780228011477.php

https://books.google.ca/books/about/Cyber_Threats_to_Canadian_Democracy.html?id=_qOwzgEACAAJ&

Other:

There was a lot of noise happening outside my apartment as I was recording part of this episode and it was very distracting.  Apologies if I sound a little weird :) 

Sinead Tuite

Innovation, Science and Economic Development (ISED) Canada

https://www.ic.gc.ca/eic/site/icgc.nsf/eng/home

Papers or resources mention in this episode:

Safeguarding your Research

This website provides information on how to safeguard your research and innovation. 

https://science.gc.ca/eic/site/063.nsf/eng/h_97955.html

The Government of Canada's National Security Guidelines for Research Partnerships

https://science.gc.ca/eic/site/063.nsf/eng/h_98257.html

The US Government's Executive Order on Improving the Nation’s Cybersecurity

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ 

The UK Centre for the Protection of National Infrastructure (CPNI) Trusted Research Guidance for Academia

https://www.cpni.gov.uk/trusted-research-academia

Australia's Cybersecurity Strategy 2020 (Section 40, Page 23)

https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf

Dr Victoria Lemieux

https://ischool.ubc.ca/profile/victoria-lemieux/

Dominic Vogel

https://ca.linkedin.com/in/domvogel

cyber.sc

Papers or resources mention in this episode:

Lemieux, V. L. (2022). Searching for Trust: Blockchain Technology in an Age of Disinformation. Cambridge University Press.

https://www.cambridge.org/core/books/searching-for-trust/B2F64551393899EBC6306EB42FCBE856

Lemieux, V. L., & Feng, C. (2021). Building Decentralized Trust. Springer International Publishing. https://doi. org/10.1007/978-3-030-54414-0.

https://www.researchgate.net/profile/Victoria-Lemieux/publication/350180597_Multidisciplinary_Blockchain_Research_and_Design_A_Case_Study_in_Moving_from_Theory_to_Pedagogy_to_Practice/links/60a542afa6fdcc3f30b5cbb4/Multidisciplinary-Blockchain-Research-and-Design-A-Case-Study-in-Moving-from-Theory-to-Pedagogy-to-Practice.pdf

Other:

Here is the oldest surviving record of the 60% of hacked SMBs go bankrupt claim,

https://docs.house.gov/meetings/SM/SM00/20150422/103276/HHRG-114-SM00-20150422-SD003-U4.pdf

National Cyber Security Alliance (NCSA) Statement Regarding Incorrect Small Business Statistic

https://staysafeonline.org/press-release/national-cyber-security-alliance-statement-regarding-incorrect-small-business-statistic/

60% of Hacked Small Businesses Fail. How Reliable Is That Stat?

https://www.bankinfosecurity.com/blogs/60-hacked-small-businesses-fail-how-reliable-that-stat-p-2464

The fact that we can't find who is responsible for these numbers is kind of the point of having record keeping. 

Just to put this claim in context in 2015 the US had 28.8 million Small businesses (https://www.sba.gov/sites/default/files/advocacy/United_States.pdf)

If half of those businesses were hacked, as claimed that would be 14.4million Breaches.   If 60% of those went out of business, that would be 8.64 million businesses folding, which you might expect would be noticed economically.  In particular, it would mean that around half of the US population lost their job.  I suspect that we might have noticed that. 

Dr Asier Moneva

https://asiermoneva.com/

Dominic Vogel

https://ca.linkedin.com/in/domvogel

cyber.sc

Papers or resources mention in this episode:

Moneva, A., Leukfeldt, E.R. & Klijnsoon, W. Alerting consciences to reduce cybercrime: a quasi-experimental design using warning banners. J Exp Criminol (2022). https://doi.org/10.1007/s11292-022-09504-2

https://link.springer.com/article/10.1007/s11292-022-09504-2

Moneva, A., Leukfeldt, E. R., Van De Weijer, S. G., & Miró-Llinares, F. (2022). Repeat victimization by website defacement: An empirical test of premises from an environmental criminology perspective. Computers in Human Behavior, 126, 106984.

https://www.sciencedirect.com/science/article/pii/S0747563221003071

Miró-Llinares, F., & Moneva, A. (2020). Environmental criminology and cybercrime: Shifting focus from the wine to the bottles. The Palgrave handbook of international cybercrime and cyberdeviance, 491-511.

https://link.springer.com/content/pdf/10.1007/978-3-319-78440-3_30.pdf

Other

Hacker Mobility in Cyberspace and the Least Effort Principle: Examining Efficiency in the Journey to Cybercrime

https://osf.io/ufdp8

Bhuiyan, Johana (2022, 4 Apr) How can US law enforcement agencies access your data? Let’s count the ways, The Guardian, https://www.theguardian.com/technology/2022/apr/04/us-law-enforcement-agencies-access-your-data-apple-meta

Carcamo, Cindy (2022, 10 May) Immigration officials created network that can spy on majority of Americans, report says, Los Angeles Times, https://www.latimes.com/california/story/2022-05-10/report-immigration-officials-spying-on-majority-of-americans

You can find out more about the design team for Northsec at https://nsec.io/team/

Papers or resources mentioned in this episode:

Challenges from previous northsec competitions can be found here:

https://nsec.io/competition-write-ups/

In particular, we referred to this challenge:

https://github.com/JaneBdemented/NSEC2019_DEFEC8ED_Walkthroughs

Other:

If you want to have a try at CTF challenges, you can try this site from Carnegie Mellon University

https://picoctf.org/

You can also try this website for getting started with hacking techniques 

https://www.hackthissite.org/

Jax was actually feeling ill during this interview but did it anyway, what a champion.  

Dr Susanne van’t Hoff de Goede

https://www.thehagueuniversity.com/research/centre-of-expertise/details/centre-of-expertise-cyber-security#team

https://www.linkedin.com/in/susanne-van-t-hoff-de-goede-8057a98/

https://victimologie.nl/netwerkleden/susanne-van-t-hoff-de-goede/

Dominic Vogel

https://ca.linkedin.com/in/domvogel

cyber.sc

Papers or resources mentioned in this episode:

Van ’t Hoff-de Goede, S., Leukfeldt, R., Van der Kleij, R., & Van de Weijer, S. (2020). The online behaviour and victimization study: The development of an experimental research instrument for measuring and explaining online behaviour and cybercrime victimization. In M. Weulen Kranenbarg & R. Leukfeldt (Eds.), Cybercrime in Context. The human factor in victimization, offending and policing. Springer.

Van der Kleij, R., Van ’t Hoff-de Goede, S., Van de Weijer, S., & Leukfeldt, R. (2021). How safely do we behave online? An explanatory study into the cybersecurity behaviors of Dutch citizens. In M. Zallio, C. Raymundo Ibañez, & J.H. Hernandez (Eds), Advances in Human Factors in Robots, Unmanned Systems and Cybersecurity. AHFE 2021. Lecture Notes in Networks and Systems, vol 268. Springer, Cham. https://doi.org/10.1007/978-3-030-79997-7_30

Other:

We weren't able to include all of the discussion in the podcast, but there is an interesting discussion to be had around the relationship between theory and research method.  Often this kind of discussion is around how a theory might shape the research methods that are chosen, in this case Dr van’t Hoff de Goede raised the issue of methods and theory reinforcing each other as the method provides proof of the theory and the theory provides valid application of the method.  I am not a great discussant for this particular debate, but I would say that it provides an argument for a greater range of research methods being a component of strong science.  

Dr Tommy Van Steen

https://www.universiteitleiden.nl/en/staffmembers/tommy-van-steen#tab-1

Dominic Vogel

https://ca.linkedin.com/in/domvogel

cyber.sc

Papers or resources mentioned in this episode:

Van Steen, T., Norris, E., Atha, K., & Joinson, A. (2020). What (if any) behaviour change techniques do government-led cybersecurity awareness campaigns use?. Journal of Cybersecurity, 6 (1)

https://academic.oup.com/cybersecurity/article-abstract/6/1/tyaa019/6032830

Michie S, Richardson M, Johnston M, Abraham C, Francis J, Hardeman W, Eccles MP, Cane J, Wood CE. The behavior change technique taxonomy (v1) of 93 hierarchically clustered techniques: building an international consensus for the reporting of behavior change interventions. Ann Behav Med. 2013 Aug;46(1):81-95. doi: 10.1007/s12160-013-9486-6. PMID: 23512568.

https://pubmed.ncbi.nlm.nih.gov/23512568/

Canada Revenue Agency, Be Scam Smart – Tax Refund

https://www.youtube.com/watch?v=lGNb7JCElzY&list=PLWsWrJHQSlisHkd5uCkyfaO3x2h4P2rsq&index=2

Other:

The Behaviour Change Wheel organizes the taxonomy into a way that allows it to be used as a tool during the design and implementation of tools. You can find a presentation from Dr Susan Mitchie, presenting that approach in this video https://www.youtube.com/watch?v=2-KvaIsb0fM

Thanks to Domenic Vogel’s son for providing some background ambience during the interview. Its always amazing how the sound of a child playing helps adults to remember to play too.

Dr. David Maimon

https://news.gsu.edu/expert/david-maimon/

Dr. Joshua James

https://dfir.science/

Papers or resources mentioned in this article:

Maimon, D., Howell, C. J., Perkins, R. C., Muniz, C. N., & Berenblum, T. (2021). A Routine Activities Approach to Evidence-Based Risk Assessment: Findings From Two Simulated Phishing Attacks. Social Science Computer Review. https://doi.org/10.1177/08944393211046339

Maimon, D., Howell, C. J., & Burruss, G. W. (2021). Restrictive deterrence and the scope of hackers’ reoffending: Findings from two randomized field trials. Computers in Human Behavior https://www.sciencedirect.com/science/article/abs/pii/S0747563221002661

Other:

Dr Maimon mentions sending a link with a EULA or End User License Agreement. A EULA is a contract between a software producer and the eventual user of the product, specifying the terms and conditions of use.

The music for this episode is called “G0n3 Ph1sh1ng”. I do like a good metaphor.

One thou is 25 micrometres. Metric is more precise. In practice, I use both. Such is the joy of Canada.

You might get 40 rods to the hog’s head and like it that way; I respect that.

Dr. Marleen Weulen Kranenbarg

https://research.vu.nl/en/persons/marleen-weulen-kranenbarg

Dr. Joshua James

https://dfir.science/

Papers or resources mentioned in this article:

Weulen Kranenbarg, M., & Leukfeldt, R. (2021). Cybercrime in Context . Springer International Publishing.

https://link.springer.com/book/10.1007/978-3-030-60527-8

Weulen Kranenbarg, M., Ruiter, S., & Van Gelder, J. L. (2021). Do cyber-birds flock together? Comparing deviance among social network members of cyber-dependent offenders and traditional offenders. European Journal of Criminology, 18(3), 386-406.

Weulen Kranenbarg, M., van der Toolen, Y., & Weerman, F. (2022). Understanding cybercriminal behaviour among young people.

Weulen Kranenbarg, M., Ruiter, S., Van Gelder, J. L., & Bernasco, W. (2018). Cyber-offending and traditional offending over the life-course: An empirical comparison. Journal of developmental and life-course criminology, 4(3), 343-364.

Other:

The episode with Dr. David Decary-Hetu is episode 55, you can go back a couple of episodes to find that or look here: https://cybercrimeology.com/episodes/dark-data-scraping-studying-on-the-dark-web-publishing-on-the-open-web

I edited this episode a little more aggressively to get it down to 30 minutes, it may have lost a little of its smoothness, but it is concentrated goodness ;). 

Dr Maria Grazia Porcedda 

https://www.tcd.ie/research/profiles/?profile=mariagrp

Dr. Joshua James

https://dfir.science/

Papers or resources mentioned in this article:

Porcedda, M. G., & Wall, D. S. (2021, September). Modelling the Cybercrime Cascade Effect in Data Crime. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 161-177). IEEE.

http://www.tara.tcd.ie/bitstream/handle/2262/97548/2021_Modelling_the_Cybercrime_Cascade_Effect_in_Data_Crime.pdf

The Cambridge Computer Crime Database (Maintained by Alice Hutchings )

https://www.cl.cam.ac.uk/~ah793/cccd.html

The Computer Evidence Database of Computer Misuse Act cases (Maintained by Michael Turner)

https://www.computerevidence.co.uk/Cases/CMA.htm

Other:

During the outro I managed to say "Mater data" instead of "Meta data". I don't think that mater data exists as a term but perhaps we will need it or something like it to describe the data that gave birth to other data.  If we keep having to chase data back to its point of origin and it is being transformed and transferred by automatic processes we might well one day have deliberate conversations about mater data.  That hasn't happened yet and in this case it was just another of  my many mangled mispronunciations.  

Dr David Décary-Hetu

https://ddhetu.pubpub.org/

Dr. Joshua James

https://dfir.science/

Papers or resources mentioned in this article:

The Crim Archive.

https://www.crimrxiv.com/

Human Cyber-Centric Cybersecurity Partnership

https://www.hc2p.ca/

Ouellet, Marie; Décary-Hétu, David; and Bergeron, Andréanne, "Cryptomarkets and the Returns to Criminal Experience" (2022). CSLF Articles. 3. https://scholarworks.gsu.edu/ays_cslf_articles/3

David Décary-Hétu & Benoit Dupont (2012) The social network of hackers, Global Crime, 13:3, 160-175, DOI: 10.1080/17440572.2012.702523

Flamand, C., & Décary-Hétu, D. (2019). The Open and Dark Web. The Human Factor of Cybercrime, 34-50.

Other:

My husky voice is as a result of testing how much my lung capacity has degraded as a result of covid-19 with a short work through metre deep snow. Turns out it has degraded a lot. If you have wondered if show shoes are worth the hassle, they absolutely are.  

Dr. Bridget Harris

https://www.qut.edu.au/about/our-people/academic-profiles/bridget.harris

Dr. Joshua James

https://dfir.science/

Papers or resources mentioned in this article:

Harris, B. (2021). Technology-enabled abuse: how'safety by design' can reduce stalking and domestic violence. The Conversation.

https://theconversation.com/technology-enabled-abuse-how-safety-by-design-can-reduce-stalking-and-domestic-violence-170636

Harris, B., & Woodlock, D. (2021). ‘For my safety’: experiences of technology-facilitated abuse among women with intellectual disability or cognitive disability.

https://apo.org.au/sites/default/files/resource-files/2021-09/apo-nid314044.pdf

The Australian eSafety Commissioner

https://www.esafety.gov.au/

https://www.esafety.gov.au/industry/safety-by-design

The eSafety Commissioner

Safety by Design (SbD)

https://www.esafety.gov.au/about-us/who-we-are/our-legislative-functions

Other:

I said the allegory of motor vehicles was revealing. An allegory generally considered to be a story poem or picture with a symbolic meaning such as a moral point of view. Although it didn’t make the final edit there is something to be learned from the story of automobile safety is that safety requires regulation, standards and education and it can be effective.

(In Order of Appearance) 

Dr. Jin Lee, 

https://cls.gmu.edu/people/jlee331

Dr. David Buil-Gil

https://www.research.manchester.ac.uk/portal/david.builgil.html

Dr. Bridget Harris

https://www.qut.edu.au/about/our-people/academic-profiles/bridget.harris

and

Dr. Cathy Marcum 

https://gjs.appstate.edu/directory/dr-cathy-marcum

Other:

 I will be honest with you, the mix on this episode is a little rough, forgive me for rushing it a little. 

'Bisney' isn't a word. 'Busy' is what I was aiming for there.   

This episode's track is called ONOSCOMOSOMO. They don't all get names, but this one did.

Dr Elisabeth Carter

https://www.linkedin.com/in/elisabeth-carter-8b372444

Papers mentioned in this Episode:

Carter, E. (2021). Distort, extort, deceive and exploit: Exploring the inner workings of a romance fraud. The British Journal of Criminology, 61(2), 283-302.

https://doi.org/10.1093/bjc/azaa072

Carter, E. (2015). Laughing matters: A conversation analytic account the use of laughter by suspects and officers in the police interview. Essex Graduate Journal of Sociology, 7(1), 99-113.

https://bucks.repository.guildhe.ac.uk/id/eprint/9401/1/Carter,%20Elisabeth%20Laughing%20matters.pdf

Carter, E. (2015). The anatomy of written scam communications: An empirical analysis. Crime, Media, Culture, 11(2), 89-103.

https://journals.sagepub.com/doi/pdf/10.1177/1741659015572310

A Guide to Spotting Romance Fraudsters

https://www.thamesvalley.police.uk/police-forces/thames-valley-police/areas/c/2020/a-guide-to-spotting-romance-fraudsters

TinEye is a reverse image search tool.  You can search with an image for other similar images. 

https://tineye.com/

If you can't access that then, you can also reverse image search on google. 

https://www.google.com/imghp?hl=en

About our Expert Guest:

Dr. Joshua James

https://dfir.science/

https://www.youtube.com/DFIRScience

What we learned:

What happens where there is a difference in analysis between digital forensics investigators ?

Like physical evidence there is little room for differences regarding the facts of a case.  There might be a different in explanation of the meaning of a piece of evidence depending on the story they are presenting. The tools are an instrument of interpreting the meaning of information on a device and tools can make mistakes.  Using multiple tools that extract and analyze data from devices reduces the chance of this happening.  

Other:

Thanks very much to my neighbours for assisting with the voice over for this episode. I do hope the human/furniture couples ballroom dancing and hollering team goes well in whichever competition you are preparing for.   Also thanks to my audio editing software for deciding to have a meltdown and give me the opportunity to do the final mastering twice.  

This episode's track is called 'curious diamonds'. Not all of the songs for podcast episodes get a name, but it did this time.

Dr Anita Lavorgna

https://www.southampton.ac.uk/sociology/about/staff/ai11n14.page

Papers and Publications Mentioned in this Episode:

Lavorgna, A., & Holt, T. J. (Eds.). (2021). Researching cybercrimes : methodologies, ethics, and critical approaches. Palgrave Macmillan. https://doi.org/10.1007/978-3-030-74837-1

This book contains the following major sections:

• Knowledge Production and Research Datafication in Cybercrime Research
• Methodologies and Strategies for Cybercrime Research
• Geographies and Cultures of Ethics in Cybercrime Research

Lavorgna, A., & Ugwudike, P. (2021). The datafication revolution in criminal justice: An empirical exploration of frames portraying data-driven technologies for crime prevention and control. Big Data & Society, 8(2), 20539517211049670.

https://journals.sagepub.com/doi/pdf/10.1177/20539517211049670

About our Expert Guest:

Dr. Joshua James

https://dfir.science/

https://www.youtube.com/DFIRScience

What we learned:

What is the difference between digital evidence and physical evidence for investigators ?

Digital evidence always requires active interpretation because it is an abstract series of electrical symbols. Because of this, the interpretation is very important but very difficult. Unlike physical evidence, it can be tested and analyzed indefinitely because it can be copied perfectly, and the accuracy of copies can be verified with hashes.

Other:

This episode's track is called 'surfing on white noise'. Not all of the songs for podcast episodes get a name, but it did this time.

Dr. Jerry Ratcliffe

https://www.jratcliffe.net/

Reducing Crime, Podcast, Blog and Book

https://www.reducingcrime.com/

Other:

The introduction at  the start of the episode is from the Prelinger archives at archive.org.

Dr. Chad Whelan

https://www.deakin.edu.au/about-deakin/people/chad-whelan#

Papers mentioned in this episode:

Dupont, B., & Whelan, C. (2021). Enhancing relationships between criminology and cybersecurity. Journal of criminology, 00048658211003925.

https://doi.org/10.1177%2F00048658211003925

Manuscript available from the University of Montreal

Other:

About the Darkside cybercrime group:

https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/

https://en.wikipedia.org/wiki/DarkSide_(hacking_group)

About the REvil  cybercrime group:

https://en.wikipedia.org/wiki/REvil

Some technical information:

https://unit42.paloaltonetworks.com/revil-threat-actors/ 

A timeline of some interesting developments related to this issue:

2021, May 14. 

The moral underground? Ransomware operators retreat after Colonial Pipeline hack

https://intel471.com/blog/darkside-ransomware-shut-down-revil-avaddon-cybercrime

2021, June 7 .

Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside

https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside

2021, July 20 

Operation Orcus Task Force Established To Fight Ransomware Gangs

https://australiancybersecuritymagazine.com.au/operation-orcus-task-force-established-to-fight-ransomware-gangs/

2021, Aug 5 

Ransomware Gangs and the Name Game Distraction

https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/

2021, Oct 5. 

NSA chief predicts U.S. will face ransomware ‘every single day’ for years to come ("Ransomware is a national security issue. I firmly believe that.”)

https://therecord.media/nsa-chief-predicts-u-s-will-face-ransomware-every-single-day-for-years-to-come/

2021, Oct 7.

Netherlands can use intelligence or armed forces to respond to ransomware attacks

https://therecord.media/netherlands-can-use-intelligence-or-armed-forces-to-respond-to-ransomware-attacks/

2021, Oct 11.

UK cyber head says Russia responsible for 'devastating' ransomware attacks

https://www.bbc.co.uk/news/uk-58877433.amp

2021, Oct 21. 

Governments turn tables on ransomware gang REvil by pushing it offline

https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/

2021, Oct 25. 

Groove Calls for Cyberattacks on US as REvil Payback

https://threatpost.com/groove-ransomware-revil-revenge-us-cyberattacks/175726/

Other Other:

The intro for this was drawn from a 1968 film on the role of PSYOPS in assisting developing countries in cementing their shiny new system of government installed by the US called "Psychological Operations in Support of Internal Defense and Development Assistance Programs " which is in the Public Domain and available from https://archive.org/details/0095_Psychological_Operations_in_Support_of_Internal_Defense_and_Dev_07_21_47_00

The Canadian Anti-Fraud Centre collects information on fraud and identity theft.

https://www.antifraudcentre-centreantifraude.ca/index-eng.htm

The CAFC involves the Royal Canadian Mounted Police, the Competition Bureau Canada, and the Ontario Provincial Police  and recently come together with the Canadian Centre for Cyber Security  to fight fraud and cybercrime. 

Report Fraud

Call the CAFC Toll free: 1-888-495-8501 Monday to Friday, from 9 am to 4:45 pm (Eastern time) and close on holidays.

Online with the RCMP 

Mentioned in this episode:

(KYC) Know Your Customer or Know Your Client

Organizations that deal with large amounts of money are required to follow regulations related to the control of the proceeds of crime and terrorist financing. In Canada this is FINTRAC and you can find out more here.

https://www.fintrac-canafe.gc.ca/guidance-directives/client-clientele/1-eng

You can find out more about the KYC requirements of other countries here:

https://en.wikipedia.org/wiki/Know_your_customer

Other:

The introduction for this episode was from the film " How to Use the Dial Phone" By AT&T in 1927 and preserve by the Prelinger Archive at archive.org. https://archive.org/details/HowtoUse1927

This was our 2 year anniversary. Yay Us.   

Kara Brisson-Boivin

https://mediasmarts.ca/about-us/staff#k_boivin

MediaSmarts

https://mediasmarts.ca/

Take part in Cybersecurity Awareness Month Canada

https://www.getcybersafe.gc.ca/en/cyber-security-awareness-month

Other

The audio from the start of this episode is from a famous film called "Duck and Cover" available from the Prelinger archive online at archive.org

https://archive.org/details/DuckandC1951

Kara said I could use the title for the episode.  It is still hers though, you can ask her if you would like to use it somewhere. 

Dr Tom Cockcroft

https://www.leedsbeckett.ac.uk/staff/dr-tom-cockcroft/

Papers mentioned in this Episode:

Cockcroft, T., Shan-A-Khuda, M., Schreuders, Z. C., & Trevorrow, P. (2021). Police cybercrime training: perceptions, pedagogy, and policy. Policing: A Journal of Policy and Practice, 15(1), 15-33.

https://academic.oup.com/policing/article-abstract/15/1/15/5145767

Cockcroft T (2020) Police Occupational Culture: Research and Practice. Bristol: Policy Press.

Cockcroft T (2012) Police culture: themes and concepts. Abingdon: Routledge.

Notes:

The intro for this episode was from a 1951 film called "This is your Police Department" about the Detroit police department that romantically traces the training and career of a police officer in that city. Its available on the Prelinger archive.

https://archive.org/details/ThisIsYo1951

The Smart CyberPhysical Systems Lab

https://www.scpslab.org/

Resources Mentioned in this Episode