• How Estelle became involved in ransomware research between degrees
• The scale and origin of the ContiLeaks dataset
• Using machine learning and topic modelling to analyse criminal group communications
• What the internal chat data revealed about the organizational structure of Conti
• Surprising insights about roles, specializations, and tasking within a criminal enterprise
• Why making cybercrime research accessible through data visualization matters

Estelle Ruellan

• https://www.linkedin.com/in/estelle-ruellan/

Ruellan, E., Paquet-Clouston, M., & Garcia, S. (2024).Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning. Crime Science, 13, 16. https://doi.org/10.1186/s40163-024-00212-y

Flare Data Explorer – Explore cybercrime datasets visually:

https://flare.io/flare-data-explorer/

• Wikipedia – Conti (ransomware): https://en.wikipedia.org/wiki/Conti_(ransomware)
• Wikipedia – Topic model: https://en.wikipedia.org/wiki/Topic_model

Notes:

• Paper mills are fraudulent commercial enterprises that fabricate scientific papers and sell authorship, citations, and other academic credentials—often at scale.
• Sarah Eaton and Sabina Alam first collaborated through COPE (Committee on Publication Ethics) and later worked together in United2Act, an international initiative focused on tackling paper mills.
• The conversation draws parallels between scientific paper mills and contract cheating in higher education, both of which undermine academic integrity for financial gain.
• Eaton and Alam discuss how metrics-based performance systems in universities and publishing environments create conditions ripe for abuse.
• Publishers and universities historically avoided transparency, but the scale of the problem has led to greater collaboration between stakeholders.
• The duo share insights into early warning signs of fraudulent submissions and describe the development of technological and administrative countermeasures.
• Particular attention is given to the harm paper mills cause: from corrupting citation networks to potentially endangering lives with fabricated data in medical journals.
• The “Andrew Vickers Curse” is discussed as a case study illustrating how citation manipulation by paper mills can entangle innocent researchers.
• The episode closes with a call for broader participation in the second phase of United2Act, particularly from research funders, IT specialists, and institutional stakeholders.

About our guests:

Dr. Sarah Elaine Eaton

https://profiles.ucalgary.ca/sarah-eaton

https://drsaraheaton.com/about/

Dr. Sabina Alam

https://www.taylorandfrancis.com/about/ethics-integrity/

https://www.csescienceeditor.org/article/dr-sabina-alam-shaping-critical-thinking-about-science/

Papers or resources mentioned in this episode:

United2Act initiative: https://united2act.org

Magazinov, Alexander. (2023). The Andrew Vickers Curse: secret revealed!, For Better Science

https://forbetterscience.com/2023/07/31/the-vickers-curse-secret-revealed/

Other:

Glossary of terms and acronyms:

• COPE – Committee on Publication Ethics: An international body that provides advice to editors and publishers on all aspects of publication ethics.
• STM – International Association of Scientific, Technical and Medical Publishers: A global trade association supporting academic publishing and information dissemination.
• Q1/Q2 Journal – Journals ranked in the top (Q1) or second (Q2) quartile based on impact metrics such as citation counts or journal reputation.
• Term paper mill – A business that sells pre-written or custom academic papers, often used in contract cheating by students.
• Contract cheating – A form of academic dishonesty where students outsource assessments to third parties.
• Retraction – The removal of a published article from the scientific record, typically due to error or misconduct.
• Desk reject – When a manuscript is rejected by a journal editor before it is sent out for peer review.
• Citation ring – A group of papers or authors who cite each other extensively to artificially inflate citation metrics.
• Paper Mills - Organisations or individuals that aim to profit from the creation, sale, peer review and/or citation of manuscripts at scale which contain low value or fraudulent content and/or authorship, with the aim of publication in scholarly journals.

A big thank you to the United2Act people for coming out of their comfort zone and chatting to me about this. This bravery is how science as an interdisciplinary pursuit driven by curiosity and collaboration happens.

Episode Notes:

• Dr. Reeves’ Background – Trained as a psychologist, his interest in cybersecurity emerged from a talk connecting human error to security breaches.
• Cybersecurity Fatigue Defined – A form of disengagement where employees lose motivation to follow security practices due to overload and conflicting advice.
• Not Just Apathy – Fatigue often affects people who initially cared about cybersecurity but were worn down by excessive or ineffective interventions.
• Training Shortcomings – Lecture-style, one-way training is frequently perceived as boring, irrelevant, or contradictory to users' experiences.
• Compliance vs. Effectiveness – Many organizations implement security training to meet legal requirements, even if it fails to change behavior.
• Reactance in Security – Users may intentionally ignore advice or rules to assert control, especially when training feels micromanaging or patronizing.
• Better Through Design – Reeves argues that secure systems should reduce the need for user decisions by simplifying or removing risky options altogether.
• Remove Rather Than Train – Limiting administrative rights is often more effective than trying to educate users out of risky behaviors.
• Mismatch With Reality – Generic training that conflicts with real policies or system restrictions can confuse or alienate users.
• Cognitive Load and Decision-Making – Under stress or fatigue, users rely on mental shortcuts (heuristics), which attackers exploit.
• Personal Example of Being Fooled – Reeves recounts nearly falling for a scam due to time pressure, illustrating how stress weakens judgment.
• Cybersecurity Buddy System – Recommends encouraging users to consult peers when making sensitive decisions, especially under pressure.
• Cyber Deception Strategies – Reeves now researches ways to mislead and trap attackers inside systems using decoys and tripwires.
• Applying Psychology to Attackers – The same behavioral models used to study users can help predict and manipulate attacker behavior.
• Empowering Defenders – Deception technologies can help security teams regain a sense of agency, shifting from reactive defense to proactive engagemen

About our guest:

Dr. Andrew Reeves

• https://www.linkedin.com/in/andrewreevescyber/
• https://research.unsw.edu.au/people/dr-andrew-reeves
• https://www.unsw.edu.au/research/ifcyber

Papers or resources mentioned in this episode:

Reeves, A., Delfabbro, P., & Calic, D. (2021). Encouraging employee engagement with cybersecurity: How to tackle cyber fatigue. SAGE Open, 11(1).

https://doi.org/10.1177/21582440211000049

Reeves, A., Calic, D., & Delfabbro, P. (2023). Generic and unusable: Understanding employee perceptions of cybersecurity training and measuring advice fatigue. Computers & Security, 128, 103137.

https://doi.org/10.1016/j.cose.2023.103137

Reeves, A., & Ashenden, D. (2023). Understanding decision making in security operations centres: Building the case for cyber deception technology. Frontiers in Psychology, 14, 1165705.

https://doi.org/10.3389/fpsyg.2023.1165705

Other:

UNSW Institute for Cyber Security (IFCYBER)

https://www.unsw.edu.au/research/ifcyber