Computer Laboratory

Cambridge Cybercrime Centre: Fourth Annual Cybercrime Conference, 11 July 2019

The Cambridge Cybercrime Centre is organising a fourth one day conference on cybercrime presenting a stellar group of invited speakers who are at the forefront of their fields. They will present various aspects of cybercrime from the point of view of criminology, law, security economics and policing. The event will be held on Thursday, 11th July 2019.


For details of the 2016 event see here.

For details of the 2017 event see here.

For details of the 2018 event see here.


The one day event will held in the Faculty of Law, University of Cambridge, following immediately after the "Twelfth International Conference on Evidence Based Policing" organised by the Institute of Criminology which will run on the 8th-10th July 2019.


To register: CLICK HERE

Note that a discounted price is applicable if you are a member of the Society of Evidence-Based Policing.

DRAFT AGENDA (we are still awaiting some information!)

09:00 Registration

09:30 TBA

Ian Levy NCSC

Abstract: TBA

10:00 A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth

Sergio Pastrana Universidad Carlos III de Madrid

Abstract: Illicit crypto-mining leverages resources stolen from victims to mine cryptocurrencies on behalf of criminals. While recent works have analyzed one side of this threat, i.e.: web-browser cryptojacking, only white papers and commercial reports have partially covered binary-based crypto-mining malware. In this talks, we present the largest measurement of crypto-mining malware to date, analyzing approximately 4.4 million malware samples (1 million malicious miners), over a period of twelve years from 2007 to 2018. Our analysis pipeline applies both static and dynamic analysis to extract information from the samples, such as wallet identifiers and mining pools. Together with OSINT data, this information is used to group samples into campaigns. We then analyze publicly- available payments sent to the wallets from mining-pools as a reward for mining, and estimate profits for the different campaigns. Our profit analysis reveals campaigns with multi-million earnings, associating over 4.3% of Monero with illicit mining. We analyze the infrastructure related with the different campaigns, showing that a high proportion of this ecosystem is supported by underground economies such as Pay-Per-Install services. We also uncover novel techniques that allow criminals to run successful campaigns.

In our study, we have used the CrimeBB dataset as a starting point to analyse the current trends in crypto mining malware.

10:30 Coffee break

11:00 TBA

Victoria Wang University of Portsmouth

Abstract: TBA

11:30 An Analysis of Cybercrime Activity within an Underground Gaming Forum

Jack Hughes Criminology Department, University of Cambridge

Abstract: Research into the role of gaming as an entry point into cybercrime is growing. For example, players of online games may use denial-of-service attacks to disrupt the network connection of opponents. With the availability of DDoS attacks-as- a-service, which are often marketed towards online gamers and do not require sophisticated technical knowledge, the barrier to entry is low. Exposure to, and use of, such services is believed to be a pathway into more serious cybercrime activities.

I further explore this relationship between online gaming and cybercrime. I analyse Multiplayer Game Hacking (MPGH), a gaming-specific underground hacking forum, to predict who is likely to be of interest to law enforcement. I apply open-source research tools created for analysis of a general underground hacking forum. I build upon this prior work which analysed key actors on the forum: members who are linked to cybercrime activity, including the distribution of tools used for hacking. This research can help identify pathways into cybercrime, which is important for understanding ways for effectively disrupting and preventing future offending.

In addition to applying these tools toMPGH, I compare the results with prior work, highlighting important similarities and discrepancies. This is followed by analysis of the role of gaming in relation to cybercrime activity. In addition to applying existing tools, I explore other machine learning and statistical techniques that can be applied to the forum, for the purpose of understanding the behaviour of key actors.

12:00 TBA

Greg Francis National Crime Agency

Abstract: TBA

12:30 Lunch

13:30 Advertise publicly, trade privately? Analysing the Cybercrime-as-a-Service Offerings and Their Links to Private Communication Channels in Underground Forums

Ugur Akyazi Technische Universiteit Delft

Abstract: Cybercrime-as-a-service (CaaS) has become a prominent component of the underground economy according to recent literature and reports. CaaS provides a new dimension to cybercrime by making it more automated, and accessible to criminals with limited technical skills. Like software companies, these crimeware offerings also now include everything from advertising and marketing to customer service, updates, and user manuals. Similar resources also tell that cybercriminals have increasingly taken to using specialist sites and forums to advertise their services, before conducting transactions on private communication channels like Telegram, Discord, Skype, Jabber, or IRC. This marketing shift is claimed to be a result of the loss of trust to darknet marketplaces after the seizure of Alphabay and Hansa underground markets by Law Enforcement Agencies. To better understand the risks to businesses and consumers, it's important to consider the types of products and services advertised within these underground platforms, and how cybercriminals are adapting to current trading and communication processes in order to continue making a profit. We have measured and explained the trends in commoditization of cybercrime on online anonymous markets in our previous study. Following that, in this study we will empirically analyze the volume and diversity of CaaS demands and supplies in the underground forums, using the CrimeBB dataset of the Cambridge Cybercrime Centre. We will also analyze how these offerings link to external trading platforms and private communication channels.

14:00 Deterrence, Displacement and Chilling Effects of Enforcement of Computer Misuse: Evidences from Online Hacker Forums

Qiu-Hong Wang Singapore Management University

Abstract: To tackle the ubiquitous and exponential rise of cybersecurity threats, countries have enacted legislation to criminalize the production, distribution and possession of computer misuse tools. Observing the over 30 years of debate about the chilling effect of prosecution under computer misuse legislation on information security professionals, this study identifies a natural experiment in online hacker forums, examining the potential impacts of the enforcement of computer misuse on users' contribution to knowledge sharing categorized by the intent for malicious hacking, security protection or dual usage. Through a user-level choice model combined with an innovative exponential distributed survival function to count the noise caused by the forums' self-regulation, we find the evidences of the enforcement in deterring the malicious hacking content (deterrence effect), encouraging the protection content (displacement effect), and inhibiting the content related to the dual usage (chilling effect). Further we find that while the intrinsic (extrinsic) incentives may undermine (reinforce) the deterrence and displacement effects, both the intrinsic and extrinsic incentives strengthen the chilling effect. Our study is among the initial efforts that empirically address the impacts of the enforcement of computer misuse on the provision of security technical information with malicious, benign or ambiguous intention.

14:30 Coffee break

15:00 "Gender and IoT": The Implications of smart technologies on victims and survivors of domestic and sexual violence and abuse

Leonie Tanczer University College London

Abstract: In recent years, forms of online harassment and sexual abuse facilitated through information and communication technologies emerged. These ICT-supported assaults range from cyberstalking to online behavioural control. While many efforts to tackle technology-facilitated abuse ("tech abuse") are concerned with 'conventional' cyber risks such as abuses on social media platforms and restrictions to devices such as laptops and phones, emerging "Internet of Things" (IoT) technologies such as 'smart'meters, locks, and cameras expand domestic violence victim's risk trajectories further.

In this talk, findings from UCL's "Gender and IoT" (GIoT) research project will be outlined. GIoT runs in collaboration with a wide stakeholder group, including the London VAWG Consortium, the digital rights charity Privacy International, and the UK-wide PETRAS IoT Research Hub. The research project analyses evolving IoT privacy and security risks. It studies IoT technologies impact on gender-based domestic and sexual violence and abuse and the socio-technical measures that will need to be implemented in order to mitigate against those risks.

15:30 TBA


Abstract: TBA

16:30 The Cambridge Cybercrime Centre

Richard Clayton Cambridge Cybercrime Centre

Abstract: This talk briefly discusses our legal framework for sharing cybercrime data with other academic researchers and give some examples of the type of data we have and what it is being used for.

16:45 Social event: Strawberries & Pimms

...back to main page