Episode Notes:

• The research focuses on analyzing the representation of passwords and cyber threats in films, particularly how password guessing and hacking scenes influence public perceptions of security.
• Movies both reflect societal attitudes towards cybersecurity and shape them, as many viewers learn about cyber behaviors through entertainment rather than formal education.
• The research indicates that films often oversimplify or dramatize hacking scenes, leading to unrealistic expectations about password security.
• A key finding from the research is that while weak passwords (e.g., “12345”) are mocked in films, even strong passwords are often guessed or hacked with ease, sending the wrong message to audiences about the value of strong security practices.
• There may be value to educating the public about cybersecurity in the same way people are taught first aid in Germany—everyone should know the basics.
• One of the challenges of using crowd-sourced subtitle data for academic research was that it required additional work to assure reviewers that the research is ethical.

About our Guest:

Maike Raphael

https://www.itsec.uni-hannover.de/en/usec/team/raphael

Papers or resources mentioned in this episode:

Raphael, M. M., Kanta, A., Seebonn, R., Dürmuth, M., & Cobb, C. (2024). Batman hacked my password: A subtitle-based analysis of password depiction in movies. In Proceedings of the Twentieth Symposium on Usable Privacy and Security (pp. 199-211). USENIX Association. https://www.usenix.org/conference/soups2024/presentation/raphael

Other relevant resources:

Information and supplementary materials on the paper "Batman Hacked My Password"

https://www.itsec.uni-hannover.de/de/usec/forschung/medien/password-depiction-in-movies

If you are interested in the right to download the subtitles.

The data source (opensubtitles.org) statement regarding copyright.

https://www.opensubtitles.org/en/dmca

The website has an API with the no limit to the total number of subitles that can be downloaded, only rate limiting. The research team didn't obtain the subtitles this way, but the source they got them from may have. In either case it shows opensubtitles.org views about how their service can be used.

https://opensubtitles.stoplight.io/docs/opensubtitles-api/e3750fd63a100-getting-started

Other:

I had a bunch of movie clips that I was going to include as examples, but with the way that platforms handle DMCA I just don't want to have to bother with trying to assert a claim to fair use. If you are interested I would recommend having a look at the password scene from Horse Feathers (1932) with Groucho Marx, and there is a scene in Iron Man 3 (2013) where Tony Stark asks James Rhodes for his password, and everyone laughs at the bad password. I recommend you watch Kung Fury from 2015 for their parody treatment of the "hackerman". It is actually on YouTube https://youtu.be/bS5P_LAqiVg?si=-OL8Mr1OLY9Dd081

Notes:

• Background in Sociology: Dr. Miranda Bruce started in sociology, focusing on the dynamics of power and institutions.
• PhD Research: Her PhD explored the Internet of Things (IoT) using post-structuralist French theory to understand technological reality.
• Transition to Cybercrime: Transitioned from IoT research to a project on the geography of cybercrime, partnering with a local Australian university and the University of Oxford.
• Cybercrime as a Local Phenomenon: Emphasized that cybercrime is not just a global issue but has significant local dimensions.
• Mapping Cybercrime: Developed methods to map cybercrime hotspots to understand where cybercrime is coming from and why.
• Importance of Local Factors: Identified that local factors play a crucial role in the proliferation of cybercrime in specific areas.
• Intervention Strategies: Stressed that intervention strategies must be tailored to local conditions as one-size-fits-all approaches are ineffective.
• Challenges in Measuring Cybercrime: Discussed the difficulties in accurately measuring where cybercrime originates due to technical limitations.
• Survey of Experts: Utilized expert surveys from cybercrime intelligence and investigations to gather data on cybercrime hotspots.
• Bias in Data Collection: Addressed potential biases in the data collection process and took steps to ensure diverse and reliable sources.
• Use of Proxy Data: Chose expert survey data over technical measures or legal cases to get more accurate insights into cybercrime geography.
• Findings: Key findings indicated that countries like Russia, Ukraine, China, the United States, and Nigeria are significant sources of cybercrime.
• Analysis of Results: Plans to analyze the collected data to create theoretical models explaining why cybercrime is prevalent in certain areas.
• Future Research Directions: Aims to develop detailed case studies and collaborate with policymakers to use the data for effective interventions.
• Open Data: Highlighted the importance of making the data open source to enable further research and collaboration across disciplines.

About our guests:

Dr Miranda Bruce:

https://www.sociology.ox.ac.uk/people/miranda-bruce

https://www.unsw.edu.au/staff/miranda-bruce

Papers or resources mentioned in this episode:

• Bruce, M., Lusthaus, J., Kashyap, R., Phair, N., & Varese, F. (2024). Mapping the global geography of cybercrime with the World Cybercrime Index. PLOS ONE. https://doi.org/10.1371/journal.pone.0249850
• Bruce, M., & Phair, N. (2020). Mapping the geography of cybercrime: A review of indices of digital offending by country. IEEE European Symposium on Security and Privacy. https://doi.org/10.1109/EuroSPW51379.2020.00013

Other:

If you were interested in the topic of this episode, you might also enjoy episode 36 "Cyber criminals are people too".