• How Estelle became involved in ransomware research between degrees
• The scale and origin of the ContiLeaks dataset
• Using machine learning and topic modelling to analyse criminal group communications
• What the internal chat data revealed about the organizational structure of Conti
• Surprising insights about roles, specializations, and tasking within a criminal enterprise
• Why making cybercrime research accessible through data visualization matters

Estelle Ruellan

• https://www.linkedin.com/in/estelle-ruellan/

Ruellan, E., Paquet-Clouston, M., & Garcia, S. (2024).Conti Inc.: understanding the internal discussions of a large ransomware-as-a-service operator with machine learning. Crime Science, 13, 16. https://doi.org/10.1186/s40163-024-00212-y

Flare Data Explorer – Explore cybercrime datasets visually:

https://flare.io/flare-data-explorer/

• Wikipedia – Conti (ransomware): https://en.wikipedia.org/wiki/Conti_(ransomware)
• Wikipedia – Topic model: https://en.wikipedia.org/wiki/Topic_model

Notes:

• Paper mills are fraudulent commercial enterprises that fabricate scientific papers and sell authorship, citations, and other academic credentials—often at scale.
• Sarah Eaton and Sabina Alam first collaborated through COPE (Committee on Publication Ethics) and later worked together in United2Act, an international initiative focused on tackling paper mills.
• The conversation draws parallels between scientific paper mills and contract cheating in higher education, both of which undermine academic integrity for financial gain.
• Eaton and Alam discuss how metrics-based performance systems in universities and publishing environments create conditions ripe for abuse.
• Publishers and universities historically avoided transparency, but the scale of the problem has led to greater collaboration between stakeholders.
• The duo share insights into early warning signs of fraudulent submissions and describe the development of technological and administrative countermeasures.
• Particular attention is given to the harm paper mills cause: from corrupting citation networks to potentially endangering lives with fabricated data in medical journals.
• The “Andrew Vickers Curse” is discussed as a case study illustrating how citation manipulation by paper mills can entangle innocent researchers.
• The episode closes with a call for broader participation in the second phase of United2Act, particularly from research funders, IT specialists, and institutional stakeholders.

About our guests:

Dr. Sarah Elaine Eaton

https://profiles.ucalgary.ca/sarah-eaton

https://drsaraheaton.com/about/

Dr. Sabina Alam

https://www.taylorandfrancis.com/about/ethics-integrity/

https://www.csescienceeditor.org/article/dr-sabina-alam-shaping-critical-thinking-about-science/

Papers or resources mentioned in this episode:

United2Act initiative: https://united2act.org

Magazinov, Alexander. (2023). The Andrew Vickers Curse: secret revealed!, For Better Science

https://forbetterscience.com/2023/07/31/the-vickers-curse-secret-revealed/

Other:

Glossary of terms and acronyms:

• COPE – Committee on Publication Ethics: An international body that provides advice to editors and publishers on all aspects of publication ethics.
• STM – International Association of Scientific, Technical and Medical Publishers: A global trade association supporting academic publishing and information dissemination.
• Q1/Q2 Journal – Journals ranked in the top (Q1) or second (Q2) quartile based on impact metrics such as citation counts or journal reputation.
• Term paper mill – A business that sells pre-written or custom academic papers, often used in contract cheating by students.
• Contract cheating – A form of academic dishonesty where students outsource assessments to third parties.
• Retraction – The removal of a published article from the scientific record, typically due to error or misconduct.
• Desk reject – When a manuscript is rejected by a journal editor before it is sent out for peer review.
• Citation ring – A group of papers or authors who cite each other extensively to artificially inflate citation metrics.
• Paper Mills - Organisations or individuals that aim to profit from the creation, sale, peer review and/or citation of manuscripts at scale which contain low value or fraudulent content and/or authorship, with the aim of publication in scholarly journals.

A big thank you to the United2Act people for coming out of their comfort zone and chatting to me about this. This bravery is how science as an interdisciplinary pursuit driven by curiosity and collaboration happens.

Episode Notes:

• Dr. Reeves’ Background – Trained as a psychologist, his interest in cybersecurity emerged from a talk connecting human error to security breaches.
• Cybersecurity Fatigue Defined – A form of disengagement where employees lose motivation to follow security practices due to overload and conflicting advice.
• Not Just Apathy – Fatigue often affects people who initially cared about cybersecurity but were worn down by excessive or ineffective interventions.
• Training Shortcomings – Lecture-style, one-way training is frequently perceived as boring, irrelevant, or contradictory to users' experiences.
• Compliance vs. Effectiveness – Many organizations implement security training to meet legal requirements, even if it fails to change behavior.
• Reactance in Security – Users may intentionally ignore advice or rules to assert control, especially when training feels micromanaging or patronizing.
• Better Through Design – Reeves argues that secure systems should reduce the need for user decisions by simplifying or removing risky options altogether.
• Remove Rather Than Train – Limiting administrative rights is often more effective than trying to educate users out of risky behaviors.
• Mismatch With Reality – Generic training that conflicts with real policies or system restrictions can confuse or alienate users.
• Cognitive Load and Decision-Making – Under stress or fatigue, users rely on mental shortcuts (heuristics), which attackers exploit.
• Personal Example of Being Fooled – Reeves recounts nearly falling for a scam due to time pressure, illustrating how stress weakens judgment.
• Cybersecurity Buddy System – Recommends encouraging users to consult peers when making sensitive decisions, especially under pressure.
• Cyber Deception Strategies – Reeves now researches ways to mislead and trap attackers inside systems using decoys and tripwires.
• Applying Psychology to Attackers – The same behavioral models used to study users can help predict and manipulate attacker behavior.
• Empowering Defenders – Deception technologies can help security teams regain a sense of agency, shifting from reactive defense to proactive engagemen

About our guest:

Dr. Andrew Reeves

• https://www.linkedin.com/in/andrewreevescyber/
• https://research.unsw.edu.au/people/dr-andrew-reeves
• https://www.unsw.edu.au/research/ifcyber

Papers or resources mentioned in this episode:

Reeves, A., Delfabbro, P., & Calic, D. (2021). Encouraging employee engagement with cybersecurity: How to tackle cyber fatigue. SAGE Open, 11(1).

https://doi.org/10.1177/21582440211000049

Reeves, A., Calic, D., & Delfabbro, P. (2023). Generic and unusable: Understanding employee perceptions of cybersecurity training and measuring advice fatigue. Computers & Security, 128, 103137.

https://doi.org/10.1016/j.cose.2023.103137

Reeves, A., & Ashenden, D. (2023). Understanding decision making in security operations centres: Building the case for cyber deception technology. Frontiers in Psychology, 14, 1165705.

https://doi.org/10.3389/fpsyg.2023.1165705

Other:

UNSW Institute for Cyber Security (IFCYBER)

https://www.unsw.edu.au/research/ifcyber

• SMEs struggle with cybersecurity due to time, cost, and lack of expertise, despite recognizing its importance.
• An automated cybersecurity scan was developed to assess SME websites and email security without requiring them to opt-in.
• Physical reports were mailed instead of emailed to avoid phishing concerns and increase credibility.
• Reports included security ratings on ten key areas and recommendations for improvement.
• Businesses were encouraged to consult their existing IT providers for fixes rather than relying on external services.
• Different risk communication strategies were tested to encourage SMEs to act on the findings.
• “Anticipated Regret” messaging (“Fix it now or regret it later”) led to the highest cybersecurity improvements.
• All groups, including the control group, showed some improvement, suggesting broader awareness of cybersecurity issues.
• Engagement was low, with only a small number of businesses reaching out after receiving the report.
• Legal concerns about scanning businesses without consent were addressed—publicly available cybersecurity data can be legally assessed.
• Ethical approval confirmed the project was non-commercial and aimed solely at helping businesses improve security.
• A follow-up version of the project will introduce an opt-out option before scanning businesses.
• Industry associations may partner with the project to increase credibility and adoption.
• The intervention will be scaled up, with more businesses included and a longer time frame for assessing impact.
• Future plans include adapting the intervention internationally, using lessons learned to assist SMEs in other regions.

Dr. Susanne van ’t Hoff-de Goede

https://www.linkedin.com/in/susanne-van-t-hoff-de-goede/

https://www.thuas.com/research/centre-expertise/team-cyber-security

Examining Ransomware Payment Decision-making Among SMEs

Matthijsse, S. R., Moneva, A., van ’t Hoff-de Goede, M. S., & Leukfeldt, E. R.

European Journal of Criminology.

Explaining Cybercrime Victimization Using a Longitudinal Population-based Survey Experiment

van ’t Hoff-de Goede, M. S., van de Weijer, S., & Leukfeldt, R.

Journal of Crime and Justice, 47(4), 472-491 (2024).

How Safely Do We Behave Online? An Explanatory Study into the Cybersecurity Behaviors of Dutch Citizens

van der Kleij, R., van ’t Hoff-de Goede, S., van de Weijer, S., & Leukfeldt, R.

In: International Conference on Applied Human Factors and Ergonomics (2021), pp. 238-246.

The Online Behaviour and Victimization Study

van ’t Hoff-de Goede, M. S., Leukfeldt, E. R., van der Kleij, R., …

In:Cybercrime in Context: The human factor in victimization, offending, and … (2021).

Dutch Government Cybersecurity Resource

https://english.ncsc.nl

(English-language site for the Netherlands’ National Cyber Security Centre)

Secure Internetting (in Dutch)

https://veiliginternetten.nl/

• Understanding Cybercrime through Strain and Anomie Theories
  • Dr. Dearden explains how strain theory and anomie theory provide insights into cybercriminal motivations.
  • Discussion on economic and social pressures that push individuals toward cybercrime, including unemployment, inequality, and lack of upward mobility.
• The Role of Honeypots in Cybercrime Research
  • Overview of honeypots—deceptive systems designed to attract cyber attackers.
  • How honeypots help researchers observe and analyze hacker behaviors in real-world settings.
  • Differences in hacking techniques and motivations across different regions.
• Regional Variations in Cybercriminal Activities
  • Why cybercrime is not uniformly distributed worldwide despite the internet being a global network.
  • Case studies on West African romance scams, Russian cyber operations, and Indian call center frauds.
  • The interplay between legitimate and illegitimate economies in cybercrime hotspots.
• Cybercrime and Economic Opportunity
  • Findings from recent research on how financial strain vs. greed influences cybercrime.
  • The role of cryptocurrency in enabling financial cybercrimes and providing anonymity to offenders.
  • Discussion on how cybercrime prevention strategies need to address offender motivations, not just security vulnerabilities.
• Future Research and Policy Implications
  • The need for broader, structural changes to mitigate cybercrime, rather than relying solely on reactive security measures.
  • How cross-national studies and criminological data collection can improve cybercrime prevention strategies.
  • Upcoming projects on measuring cyber-offending patterns and regional differences in hacking behavior.

Dr. Thomas Dearden

https://liberalarts.vt.edu/departments-and-schools/department-of-sociology/faculty/thomas-dearden.html

Dearden, T. E., & Gottschalk, P. (2024).Convenience Theory and Cybercrime Opportunity: An Analysis of Online Cyberoffending.Deviant Behavior.DOI Link

Parti, K., & Dearden, T. (2024).Cybercrime and Strain Theory: An Examination of Online Crime and Gender.International Journal of Criminology and Sociology. https://doi.org/10.6000/1929-4409.2024.13.19

Dearden, T. E., Parti, K., & Hawdon, J. (2022).Institutional Anomie Theory and Cybercrime: Cybercrime and the American Dream.Journal of Contemporary Criminal Justice. https://doi.org/10.1177/10439862211001590

Episode 39 : Strained Dreams: Cybercrime and Institutional Anomie

https://www.cybercrimeology.com/episodes/strained-dreams-cybercrime-and-institutional-anomie

The Human Factors in cybercrime Conference: https://www.hfc-conference.com

We had a chat in a room with a bunch of people just outside having their own great conversations. Kind of nice to get a little bit of that vibe into the mix. Conferences can be a lot of fun ;)/.

To the best of my knowledge, no bovines were harmed during the recording of this episode.

• Defining Ethical Hacking: Ethical hackers use their skills to identify and report vulnerabilities, often to enhance cybersecurity in various capacities, including voluntary work, bug bounty programs, or professional roles.
• Research Focus: Dr. Weulen Kranenbarg’s studies highlight a significant overlap between positive and negative cyber behaviors, particularly among IT students, and explore how individuals transition toward ethical hacking.
• Ethical Hacking as a Pathway:
  • Early positive experiences, such as reporting vulnerabilities to schools or organizations, can strongly influence individuals toward ethical hacking.
  • Responses from organizations play a critical role—positive reinforcement encourages further ethical behavior, while negative experiences can deter individuals.
• Challenges in Defining Ethics:
  • Ethical hackers themselves debate the boundaries of what constitutes ethical behavior, such as whether making vulnerabilities public is acceptable if organizations fail to act.
  • The term "ethical hacker" is often contentious within the community.
• Role of Education: Schools struggle to address and guide ethical behavior among IT students effectively. Clear vulnerability disclosure policies and ethics education in IT programs are crucial.
• Future Research Directions: Dr. Weulen Kranenbarg plans to conduct life-history interviews with hackers to better understand their pathways and influences toward ethical behavior.

Dr Marleen Weulen Kranenbarg

https://research.vu.nl/en/persons/marleen-weulen-kranenbarg

• Weulen Kranenbarg, M. (2018). Cyber-offenders versus traditional offenders: An empirical comparison. Vrije Universiteit Amsterdam. Retrieved from https://research.vu.nl/en/publications/cyber-offenders-versus-traditional-offenders-an-empirical-comparison
• Weulen Kranenbarg, M., Ruiter, S., & Nieuwbeerta, P. (2018). Cyber-offending and traditional offending over the life-course: An empirical comparison. Crime & Delinquency, 64(10), 1270–1292. https://doi.org/10.1177/0011128718763134
• Weulen Kranenbarg, M., Holt, T. J., & van Gelder, J.-L. (2021). Contrasting cyber-dependent and traditional offenders: A comparison on criminological explanations and potential prevention methods. In J. van Gelder, H. Elffers, D. Reynald, & D. Nagin (Eds.), Routledge International Handbook of Criminology and Criminal Justice Studies (pp. 234–249). Routledge. Retrieved from https://research.vu.nl/en/publications/contrasting-cyber-dependent-and-traditional-offenders-a-compariso
• Weulen Kranenbarg, M., & Noordegraaf, J. (2023). Why do young people start and continue with ethical hacking? A qualitative study on individual and social aspects in the lives of ethical hackers. Criminology & Public Policy, 22(3), 465–490. https://doi.org/10.1111/1745-9133.12640

Hack the Box - A popular online platform offering a variety of CTF challenges to test and improve cybersecurity skills.

https://www.hackthebox.com

NorthSec - A popular in-person CTF competition designed for everyone excited about cybersecurity.

https://nsec.io

HackerOne - A leading bug bounty platform connecting ethical hackers with organizations to find and fix vulnerabilities.

https://www.hackerone.com

Bugcrowd - A platform that hosts bug bounty programs for a wide range of companies and industries.

https://www.bugcrowd.com

About Our Guest:

Dr. Tom Holt

https://cj.msu.edu/directory/holt-tom.html

Key Topics Discussed:

• Dr. Tom Holt emphasized the urgent need for consistent and evidence-based cybercrime training in law enforcement, pointing out disparities in how local agencies handle these crimes.
• He highlighted the challenges agencies face in responding to cyber-enabled and cyber-dependent crimes, particularly in rural areas.
• Dr. Holt discussed the development of training modules covering both basic digital evidence handling and specialized topics tailored to agency needs.
• The conversation underscored the importance of bridging resource gaps between rural and urban agencies.
• Dr. Holt explained how police leadership’s support is crucial for improving the adoption and effectiveness of training programs.
• The prevalence of interpersonal cybercrimes like sextortion and fraud, often encountered by local officers, was addressed.
• Dr. Holt elaborated on long-term evaluation plans for these training programs, aiming to measure their impact on officers and agencies.
• He also discussed the potential for a national standard curriculum to bring consistency to cybercrime training across the U.S.

Papers and Resources Mentioned:

1. Articles on the Training Center Initiative:
   • Cybercrime Training at MSU –https://cj.msu.edu/community/cyber-center/cyber-center-home.html
   • Program announcement - https://msutoday.msu.edu/news/2024/msu-receives-$1M-to-create-center-for-cyber-security-training

Other:

This episode was recorded on location in at HEC Montreal. The occasional background noise from students only adds to the vibrant atmosphere of the discussion. So you can’t complain about the noise being distracting, consider it an authentic experience!