Episode Notes:

• The research focuses on analyzing the representation of passwords and cyber threats in films, particularly how password guessing and hacking scenes influence public perceptions of security.
• Movies both reflect societal attitudes towards cybersecurity and shape them, as many viewers learn about cyber behaviors through entertainment rather than formal education.
• The research indicates that films often oversimplify or dramatize hacking scenes, leading to unrealistic expectations about password security.
• A key finding from the research is that while weak passwords (e.g., “12345”) are mocked in films, even strong passwords are often guessed or hacked with ease, sending the wrong message to audiences about the value of strong security practices.
• There may be value to educating the public about cybersecurity in the same way people are taught first aid in Germany—everyone should know the basics.
• One of the challenges of using crowd-sourced subtitle data for academic research was that it required additional work to assure reviewers that the research is ethical.

About our Guest:

Maike Raphael

https://www.itsec.uni-hannover.de/en/usec/team/raphael

Papers or resources mentioned in this episode:

Raphael, M. M., Kanta, A., Seebonn, R., Dürmuth, M., & Cobb, C. (2024). Batman hacked my password: A subtitle-based analysis of password depiction in movies. In Proceedings of the Twentieth Symposium on Usable Privacy and Security (pp. 199-211). USENIX Association. https://www.usenix.org/conference/soups2024/presentation/raphael

Other relevant resources:

Information and supplementary materials on the paper "Batman Hacked My Password"

https://www.itsec.uni-hannover.de/de/usec/forschung/medien/password-depiction-in-movies

If you are interested in the right to download the subtitles.

The data source (opensubtitles.org) statement regarding copyright.

https://www.opensubtitles.org/en/dmca

The website has an API with the no limit to the total number of subitles that can be downloaded, only rate limiting. The research team didn't obtain the subtitles this way, but the source they got them from may have. In either case it shows opensubtitles.org views about how their service can be used.

https://opensubtitles.stoplight.io/docs/opensubtitles-api/e3750fd63a100-getting-started

Other:

I had a bunch of movie clips that I was going to include as examples, but with the way that platforms handle DMCA I just don't want to have to bother with trying to assert a claim to fair use. If you are interested I would recommend having a look at the password scene from Horse Feathers (1932) with Groucho Marx, and there is a scene in Iron Man 3 (2013) where Tony Stark asks James Rhodes for his password, and everyone laughs at the bad password. I recommend you watch Kung Fury from 2015 for their parody treatment of the "hackerman". It is actually on YouTube https://youtu.be/bS5P_LAqiVg?si=-OL8Mr1OLY9Dd081

Notes:

• Background in Sociology: Dr. Miranda Bruce started in sociology, focusing on the dynamics of power and institutions.
• PhD Research: Her PhD explored the Internet of Things (IoT) using post-structuralist French theory to understand technological reality.
• Transition to Cybercrime: Transitioned from IoT research to a project on the geography of cybercrime, partnering with a local Australian university and the University of Oxford.
• Cybercrime as a Local Phenomenon: Emphasized that cybercrime is not just a global issue but has significant local dimensions.
• Mapping Cybercrime: Developed methods to map cybercrime hotspots to understand where cybercrime is coming from and why.
• Importance of Local Factors: Identified that local factors play a crucial role in the proliferation of cybercrime in specific areas.
• Intervention Strategies: Stressed that intervention strategies must be tailored to local conditions as one-size-fits-all approaches are ineffective.
• Challenges in Measuring Cybercrime: Discussed the difficulties in accurately measuring where cybercrime originates due to technical limitations.
• Survey of Experts: Utilized expert surveys from cybercrime intelligence and investigations to gather data on cybercrime hotspots.
• Bias in Data Collection: Addressed potential biases in the data collection process and took steps to ensure diverse and reliable sources.
• Use of Proxy Data: Chose expert survey data over technical measures or legal cases to get more accurate insights into cybercrime geography.
• Findings: Key findings indicated that countries like Russia, Ukraine, China, the United States, and Nigeria are significant sources of cybercrime.
• Analysis of Results: Plans to analyze the collected data to create theoretical models explaining why cybercrime is prevalent in certain areas.
• Future Research Directions: Aims to develop detailed case studies and collaborate with policymakers to use the data for effective interventions.
• Open Data: Highlighted the importance of making the data open source to enable further research and collaboration across disciplines.

About our guests:

Dr Miranda Bruce:

https://www.sociology.ox.ac.uk/people/miranda-bruce

https://www.unsw.edu.au/staff/miranda-bruce

Papers or resources mentioned in this episode:

• Bruce, M., Lusthaus, J., Kashyap, R., Phair, N., & Varese, F. (2024). Mapping the global geography of cybercrime with the World Cybercrime Index. PLOS ONE. https://doi.org/10.1371/journal.pone.0249850
• Bruce, M., & Phair, N. (2020). Mapping the geography of cybercrime: A review of indices of digital offending by country. IEEE European Symposium on Security and Privacy. https://doi.org/10.1109/EuroSPW51379.2020.00013

Other:

If you were interested in the topic of this episode, you might also enjoy episode 36 "Cyber criminals are people too".

Notes:

• Dual Research Focus: Dr. Huey historically focused on policing and victimization, particularly in marginalized communities.
• Burnout and Shift: Burnout from trauma research led her to shift focus to applied policing research around 2012-2013.
• Economics of Policing: The federal government's focus on the costs of policing and the "economics of policing" initiative influenced her new research direction.
• Research Gaps: Realized that existing policing research in Canada had little practical value for informing policing practice and policy.
• Evidence-Based Policing: Joined the Society for Evidence-Based Policing (SEBP) in the UK to produce actionable research for police and policymakers.
• Right-Wing Extremism: Discussed the rise of right-wing extremism and its new tactic of targeting police officers, including cop baiting.
• Cop Baiting Incidents: Examples include interventions by Romana Didulo at the Peterborough Police Service and incidents in Vancouver during trans rights celebrations.
• Operational Stress: Emphasized the operational stress injuries faced by police officers due to regular exposure to horrific incidents.
• Public Misconceptions: Highlighted the issue of public and media criticism of police without a full understanding of the complexities involved.
• Misinformation: Explained how misinformation and disinformation spread about police actions, leading to doxxing and harassment of officers.
• Cyber Sleuths: Described incidents where online activists exposed personal information about police officers, increasing the risks they face.
• Convoy Protests: Referenced research on convoy protests and the targeting of police, emphasizing the reality versus media portrayal.
• False Narratives: Pointed out the persistence of false narratives, such as those surrounding the death of Regis Korchinski-Paquet, which continue to spread online despite being disproven.
• Call for Applied Research: Called for more applied research to address specific issues in policing and cyber-security rather than broad theoretical studies, stressing the need for better public education to combat misinformation.

About our guests:

Dr. Laura Huey

https://sociology.uwo.ca/people/profiles/Huey.html

Papers or resources mentioned in this episode:

Huey, L., & Ferguson, L. (2024). ‘No one wants to end up on YouTube’: sousveillance and ‘cop-baiting’ in Canadian policing. Policing and Society, 1–18. https://doi.org/10.1080/10439463.2024.2329239

Huey, L., & Ferguson, L. (2024). “All These Crazies”: Right-Wing Anti-Authoritarian Politics and the Targeting of Public Police. Deviant Behavior, 1–20. https://doi.org/10.1080/01639625.2024.2338890

Huey, L. (2024) The Cascade Effect: An Oral History of the Policing of the Convoy Protests, Independant: 979-8882979859

Other:

Dr Huey provided her own ‘bleep’ noises for this episode to save me the work of having to add them in post production.

Notes:

• Joakim Kävrestad is an Assistant Professor of Computer Science at Jönköping University, with a background in networking and cybersecurity.
• He shifted his focus to the societal and psychological aspects of cybersecurity, emphasizing human behavior.
• Joakim developed Context-Based Micro-Training (CBMT) to provide cybersecurity training at relevant moments, improving user engagement and retention.
• CBMT integrates training into real-world scenarios, such as reading emails or creating passwords, to address common cyberattack methods.
• Traditional cybersecurity training methods are critiqued for their lack of effectiveness in retaining user attention and knowledge.
• Joakim used a design science approach to refine CBMT, involving over 1800 survey participants and 300 experiment participants in the process.
• Evaluations show that CBMT supports secure user behavior and is well-received by users.
• The importance of usability in security practices is emphasized, highlighting that user-friendly training increases adoption and compliance.
• CBMT provides a guide for practitioners on implementing effective cybersecurity training and supports procurement decisions.
• Future research should explore the interplay between training and other support mechanisms, as training alone is insufficient to ensure comprehensive cybersecurity.

About our guests:

Joakim Kävrestad

https://ju.se/personinfo.html?sign=KAVJOA

https://www.linkedin.com/in/joakimkavrestad/

Papers or resources mentioned in this episode:

1. Kävrestad, J., Hagberg, A., Nohlberg, M., Rambusch, J., Roos, R., & Furnell, S. (2022). Evaluation of Contextual and Game-Based Training for Phishing Detection. Future Internet, 14(4), 104. https://doi.org/10.3390/fi14040104
2. Kävrestad, J. (2022). Context-Based Micro-Training: Enhancing Cybersecurity Training for End-Users (Doctoral dissertation). University of Skövde. ISBN 978-91-984919-9-9. Link to dissertation
3. Kävrestad, J., & Nohlberg, M. (2020). Context-Based Micro-Training: A Framework for Information Security Training. 14th International Symposium on Human Aspects of Information Security and Assurance (HAISA), Mytilene, Lesbos, Greece, 71-81. https://doi.org/10.1007/978-3-030-57404-8_6

Other:

The button that makes a noise at a street crossing is called a “pedestrian call button” Interestingly they work differently in different countries, They look different, they feel different, they make different noises, some of them have haptic indicators, some call for the lights to change, some don’t, some make sound all the time others just provide more accessible indicators when pressed.

Notes:

• Introduction to Cybercrime Research: Dr. Hutchings and Ahn Vu introduce their work at the Cambridge Cybercrime Centre.
• Global Conflicts and Cyber Activities: Discussion on how global conflicts, such as those in Ukraine and Israel-Gaza, spur cybercrime activities like website defacements and DDoS attacks.
• Cyber Tactics During Warfare: Insights into how cyber tactics are employed quickly after conflicts start, with a focus on how these activities serve both political propaganda and cybercriminal interests.
• Deplatforming Hate Groups: In-depth analysis of the challenges faced when deplatforming hate groups, specifically referencing the Kiwi Farms case.
• Temporary Effects of Cyber Attacks: Observations on the short-lived nature of heightened cyber activities post-conflict, with a decline in interest and activities after initial spikes.
• Challenges of Cybercrime Research: Discussion on the difficulties in tracking and attributing cyber attacks, particularly those by decentralized and loosely organized groups.
• Unintended Consequences of Deplatforming: Exploration of how attempts to silence harmful online communities can lead to increased attention and unintended reinforcement of these groups.
• Closing Thoughts: Dr. Hutchings and Ahn Vu summarize the ongoing challenges and the evolving landscape of cybercrime in the context of international security and online governance.

About our guests:

Dr. Alice Hutchings:

https://www.cl.cam.ac.uk/~ah793/

Anh V. Vu

https://www.cst.cam.ac.uk/people/vv301

Papers or resources mentioned in this episode:

Anh V. Vu, Alice Hutchings, Ross Anderson. No Easy Way Out: the Effectiveness of Deplatforming an Extremist Forum to Suppress Hate and Harassment. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'24)

Anh V. Vu, Daniel R. Thomas, Ben Collier, Alice Hutchings, Richard Clayton, Ross Anderson. Getting Bored of Cyberwar: Exploring the Role of Low-level Cybercrime Actors in the Russia-Ukraine Conflict. In Proceedings of the ACM World Wide Web Conference (WWW'24)

Other:

• No AI's were harmed during the creation of this episode, however they were definitely involved in the work of editing and drafting copy.
• If you want to hear more from Dr. Hutchings, you can find her way back on episode 4 .... 101 episodes ago ....
• Apologies if the end of the episode seemed a little loud.

Episode Notes:

• Dr. Tom Holt discussed the nascent stages of cybercrime research during his doctoral studies, highlighting its evolution into a more recognized and competitive field.
• He emphasized the growth of cybercrime studies and the challenges of carving a niche within an expanding academic and professional landscape.
• Dr. Holt pointed out the potential of interdisciplinary collaboration between social sciences and computer science as crucial for advancing cybercrime research.
• The importance of online subcultures and ideological spaces in cybercrime dynamics was discussed, noting their influence on criminal activities and group formations.
• He delved into the realm of ideologically motivated cyber attacks, underscoring the need for better legal and enforcement frameworks to address such threats.
• Dr. Holt provided examples of cyber attacks by extremist groups, showing a strategic shift towards cyber tactics for ideological, not financial, reasons.
• The conversation highlighted the critical role of comprehensive data in understanding the scope and nature of cyberterrorism and ideological cyber attacks.
• Reflecting on his career, Dr. Holt offered insights on the importance of continuous learning and interdisciplinary collaboration for researchers in the cybercrime field.

About our guests:

Dr. Tom Holt

https://cj.msu.edu/directory/holt-thomas.html

https://www.linkedin.com/in/tom-holt-3242a322/

Papers or resources mentioned in this episode:

Cassandra Cross & Thomas J. Holt (2023) More than Money: Examining the Potential Exposure of Romance Fraud Victims to Identity Crime, Global Crime, 24:2, 107-121, DOI: 10.1080/17440572.2023.2185607

Holt, T. J., Turner, N. D., Freilich, J. D., & Chermak, S. M. (2022). Examining the Characteristics That Differentiate Jihadi-Associated Cyberattacks Using Routine Activities Theory. Social Science Computer Review, 40(6), 1614-1630. https://doi.org/10.1177/08944393211023324

Thomas J. Holt, Jin Ree Lee, Joshua D. Freilich, Steven M. Chermak, Johannes M. Bauer, Ruth Shillair& Arun Ross (2022) An Exploratory Analysis of the Characteristics of Ideologically Motivated Cyberattacks, Terrorism and Political Violence, 34:7, 1305-1320, DOI: 10.1080/09546553.2020.1777987

Thomas J. Holt, Joshua D. Freilich & Steven M. Chermak (2022) Examining the Online Expression of Ideology among Far-Right Extremist Forum Users, Terrorism and Political Violence, 34:2, 364-384,DOI: 10.1080/09546553.2019.1701446

Other:

Wait for wisdom, Learn to listen, Succession is Success.

Notes:

• Dr Chang's background in law and sociology led him to specialize in criminology, particularly cybercrime, after observing its emerging relevance.
• He chose to pursue his PhD in Australia due to scholarship opportunities and the chance to work with a leading cybercrime researcher.
• Dr Chang discusses virtual kidnapping, a scam where victims are manipulated into isolating themselves, enabling scammers to demand ransom from their families.
• He highlights the challenges of combating cybercrime, including jurisdictional issues and the need for international police collaboration.
• Dr Chang emphasizes the importance of public awareness and education to prevent scams, as well as better victim support systems.
• The interview also touches on the role of financial institutions in preventing scams and the potential future threats posed by technologies like AI and ChatGPT in cybercrime.

About our guests:

Dr Lennon Chang

https://www.deakin.edu.au/about-deakin/people/lennon-chang

Papers or resources mentioned in this episode:

1. Chang, L. Y.-C., Zhong, L.-Y., & Grabosky, P. (2020). Virtual Kidnapping: Online Scams with ‘Asian Characteristics’ During the Pandemic. In Crime and Justice in Digital Society (pp. 112-113). ResearchGate. Note: APA format typically requires publisher information, which is not provided in this excerpt.

Other:

The intro an outro was drafted using generative AI. I think it gave a different flavour.