November 21, 2022
Session 1
9:00-10:15 a.m

Dr. Jin R. Lee
George Mason University

The offline-online overlap: Exploring the importance of school characteristics on cyberbullying victimization
Dr. Erica Fissel
University of Central Florida
Research suggests that adolescents’ attachment and positive experiences at school (e.g., sense of comfort, safety, and belonging at school) impact their likelihood of experiencing offline bullying victimization, yet little is known regarding the impact of these offline factors on cyberbullying victimization. In fact, cyberbullying research tends to focus primarily on online behaviors when assessing risk of victimization. Given this gap in the literature, the current study examined the extent to which offline school factors significantly impact cyberbullying victimization. Specifically, we used the 2019 National Crime Victimization Survey School Crime Supplement to determine which measures of school safety, school climate, teacher-student relations, and comfort at school predicted cyberbullying victimization. Two binary logistic regression models were conducted (one model for offline bullying and one for cyberbullying) to compare the effects of offline school factors on both forms of bullying victimization. Findings revealed several school measures as significant predictors of both forms of bullying victimization, suggesting cyberbullying victimization may not be entirely separate from offline bullying. The importance of school factors on cyberbullying victimization demonstrates the imperative need to improve aspects of the school environment to reduce all forms of bullying. The implications of this study for both educators and policymakers are discussed.
When victims strike back: Victim responses to cyber-fraud victimization

Fyscillia Ream
University of Montreal
While online fraud and technology-related crimes continue to increase and claim more and more victims, the current observation is that police, and government agencies do not have the resources necessary to manage this type of crime. The lack of state response to the rise of cybercrime and online fraud reminds us of what Garland (1998) called the "responsibilization" strategy, which has led government agencies to delegate the responsibility of crime control to the general population, making them responsible for their protection. Button and Cross (2017) established that Garland's argument is still valid for cybercrime, as many governments are not in a position to manage online fraud and have delegated this responsibility to various organizations and individuals. This lack of involvement from government agencies has given way to initiatives led by citizens who have been victims or been exposed to potential victimization to implement measures to counter and deter online scammers. These initiatives are part of the growing use of digital vigilantism targeting traditional crimes, social behaviours and political movements (Button & Whittaker, 2021).
This presentation aims to examine how victims and potential victims set up their means of response to online fraud and scammers. To this end, we will analyze several French-speaking Facebook pages aimed at denouncing and reporting online scams. The study highlights how victims can mobilize against online fraud through some forms of digital vigilantism whose goals go beyond reporting online scams. These victim-focused citizen-led efforts cannot be ignored by government agencies but should be supported to fight against online fraud on a larger scale.
.jpg)
Akim Laniel-Lanani
University of Montreal

Dr. Benoît Dupont
University of Montreal

Examining risk profiles for cybercrime victimization
Dr. Susanne van ‘t Hoff-de Goede
Centre of Expertise Cyber Security, The Hague University of Applied Sciences

Dr. Asier Moneva
NSCR/Centre of Expertise Cyber Security, The Hague University of Applied Sciences

Dr. Rutger Leukfeldt
NSCR/Centre of Expertise Cyber Security, The Hague University of Applied Sciences
The number of people that become victims of cybercrime is growing yearly. Interventions that aim to decrease the prevalence of cybercrime victimization need to be aimed at specific risk groups in order to be effective. Previous studies, however, have struggled to determine what constitutes risk groups for cybercrime victimization.
We use the Online Behaviour and Victimization Study (OBVS). The OBVS used a population-based survey experiment. Actual online behaviour was measured through three experiments built into the survey. One year later, cyber victimization was measured again among the same respondents (N= 1886).
We use Conjunctive Analysis of Case Configurations (CACC), a technique for multivariate analysis of categorical data, to examine how individual profiles of participants are related to a cybervictimization outcome, and which variables are most influential on such outcome.
CACC results show the profiles of participants with a higher risk of cybervictimization as a function of their age, self-control and actual online behaviour. Observations cluster significantly across 64 dominant profiles related to cybercrime victimization. For these profiles, the probability of cybercrime victimization ranges from 0.1 to 0.5. Specific case configurations and variables were found to be linked to higher and lower victimization risk, also for specific cybercrimes (malware, hacking, fraud).
Coffee break
Session 2
10:45 a.m.-12:00 p.m.
Does one ad a day keep cybercrime at bay?


Wouter KlijnsoonTeam High Tech Crime, Dutch National Police
Distributed denial of service (DDoS) attacks are a type of cyber-dependent crime that render systems and services unusable. In the thriving cybercrime market, these attacks are being offered as an affordable service. Some providers even advertise DDoS services on search engines such as Google, reaching millions of users who are not even aware that launching DDoS attacks is an offense and that target organizations can face high financial losses and lasting reputational damage. These attacks can become a pathway into cybercrime. In collaboration with law enforcement agencies, we developed and implemented several online ads campaigns in The Netherlands and other countries to cut pathways into cybercrime of potential offenders interested in DDoS attacks. After determining which communication strategy was the most appropriate to engage this audience, we now examine the effect of the campaigns on the volume of DDoS attacks recorded by two Dutch Internet service providers and the Cambridge Cybercrime Centre. Data from the service providers covers trends for all or part of 2021 and the beginning of 2022, while the Cambridge data also covers several years earlier. We hypothesize that the campaigns caused a statistically significant reduction in DDoS attacks.

Dr. Asier Moneva
NSCR/Centre of Expertise Cyber Security, The Hague University of Applied Sciences
Dr. Rutger Leukfeldt
NSCR/Centre of Expertise Cyber Security, The Hague University of Applied Sciences
Using short boosters to counter the decay in anti-phishing training

Dr. Jan-Willem Bullee
University of Twente
Email phishing is an evolving persistent problem, and attacks have been around since the mid-1990s. Training people to recognise signs of phishing emails can reduce their vulnerability. However, training materials have a limited life span, and their effectiveness reduces over time. This research illustrates how anti-phishing training decays over time and how booster training can counter the decay.
All 6246 staff members of one organisation were invited to participate in an anti-phishing training module.
Each participant was randomly assigned to one of the six conditions. The four experimental groups started with a pre-measurement to establish their baseline score. After that, they watched a 4-minute instruction video on recognising phishing emails and completed a post-test. Experimental groups 1 and 2 also watched one booster video after six weeks or two booster videos four weeks apart, respectively.
A post-test followed each booster. Experimental groups 3 and 4 only completed one or two post-test, six weeks or four weeks apart, respectively. The control groups completed one or two post-test, six or four weeks apart, respectively.
Finally, all groups finished with a delayed post-test after 12 weeks.
This experiment is currently live, and the data is being collected.
Police officers’ perceptions on the role of international collaboration while investigating on the darkweb
Worldwide, police organizations are responsible for solving crimes that are physically committed in the jurisdictions assigned to them. However, this system is not adequate for cybercrimes, considering that they are committed virtually and not physically on the ground. Faced with this growing increase in crime, police agencies often find themselves unable to intervene in the face of cybercrime due to a lack of resources or training. One proposed solution to this problem is to promote international collaborations that transcend jurisdictions. Although several countries demonstrate an interest in improving collaborations to solve cybercrime investigations, the role of international collaborations is still not recognized in the literature. This master's thesis project aims to understand the role of international collaborations in the success of police interventions on the Internet. We did a qualitative analysis of police interventions in which an international collaboration has been carried out with the aim of observing the phenomenon from the actors who dedicate their careers in the cybercrime field. The results in this presentation come from 20 interviews conducted with police officers and investigators in 5 countries. This research has important empirical and practical implications for police work in the growing fight against cybercrimes.


Marie-Pier Villeneuve-Dubuc
University of Montreal
Dr. David Décary-Hétu
University of Montreal

Dr. Benoît Dupont
University of Montreal
Lunch break
Session 3
1:30-2:45 p.m.
Law Enforcement Roundtable
Session 4
3:15-4:35 p.m.
Risky or Not? Identifying Outliers Within Online Hacking Discussion Forums

Noelle Warkentin
Simon Fraser University
With the rapidly evolving state of technology aiding in connecting society and systems, there has been an increased risk of cyber-attacks from malicious actors. To account for this increased risk, researchers have deemed hacking discussion forums an important avenue for understanding threats. While there have been studies conducted to identify key hackers within these communities, there has yet to be an approach of outlier detection to identify the risky individuals. The purpose of this study was twofold: Identify outliers in hacking communities, and using the scores calculated during the outlier capture, identify which of these outliers are indeed exhibiting risky behaviours. Three indicators were used to identify outliers: Lists of IP addresses, email addresses, and URLs. Results indicate that the indicators used were appropriate in capturing those risky authors, and through the combination of author scores, the riskiness of these authors can be verified. The top 10% for several of the averaged author risk scores for outliers was the most successful in identifying particularly risky individuals in the datasets. The methodology used in this study may aid in developing an automated tool to identify risky outliers in real time, further aiding in cyber-threat intelligence.
Finding needles in haystacks – Identifying potential threats in online right-wing discussion forums

Dr. Richard Frank
Simon Fraser University
Extremists have found, or founded, communities online with like-minded individuals who express similar thoughts and reinforce their own opinions. These communities tend to make users more radical, with the largest right-wing online discussion forum Stormfront having members who have committed almost 100 murders. It is of interest to society to identify these extreme users currently on the path to becoming radicalized and before they have a chance to act. The work presented here attempts to address this problem by creating indicators, each of which assigns a score to each post of each user, and thus detects various types of activities. The indicators are based on keywords, natural language processing, or more complicated supervised machine-learning models. After manual qualitative coding to establish a training dataset, the machine-learning algorithm random forest is applied to help determine which indicator is most valuable, and in this fashion all indicators are weighted, and combined into a single score which is assigned to the user. The higher the user’s score, the more extreme the user’s posting behaviour. This presentation will review this methodology and its application onto the right-wing community Stormfront and demonstrate the value of deploying this strategy to identify the most extreme users within.
Identifying delinquent individuals through their passwords: The similarity and difference of network of users in their password’s creation strategies

Dr. Andréanne Bergeron
GoSecure
Even if several authentication methods are in existence, using passwords remains the most common type of authentication. People usually have a multitude of different passwords and when they create their passwords, they often use a strategy to make the password easy to remember (Pfleeger, et al., 2015; Stobert & Biddle, 2014; Ur, et al., 2015).
This study aims to develop a model that outlines a taxonomy of password creation strategies according to the different type of social network of people. Using 2 databases with actual passwords that have been leaked to the internet, latent class analysis were used to reveal taxonomies. One of the databases is from a non-delinquent social network and the other is from a hacker forum.
Results show that users of the same network present a taxonomy of different behaviors but are more similar to each other when compared to the other network. From a network analysis perspective, the results make sense as individual who are similar (sharing the same interest) are also similar on other aspects (password creation strategies). Those results can be used to deepen the understanding of password types and password behavior and to understand better the networks of internet users.
Hanging out on the streets and on the screen: a longitudinal analyses of the effects of online and offline time use on cyber-delinquency

Dr. Marleen Weulen Kranenbarg
Vrije Universiteit

Frank Weerman
Time use is one of the major topics in criminological research on juvenile delinquency and it has been well established that unstructured socializing, i.e. hanging out with peers on the streets, is a major factor in offline delinquency. With respect to cybercrime, however, this type of research is still scarce, and in particular there is a lack of longitudinal data on this issue. In this study we were able to employ a longitudinal research design (three waves) among a substantial sample (N=889) of Dutch youths in secondary/tertiary education (12–25 years old), who were following ICT programs, tracks, or courses. In each wave we collected self-report data on a large variety of cyber-offences (cyber-dependent and cyber-enabled offending) and traditional offences, as well as a large variety of online and offline activities. This unique longitudinal data allows for more causal conclusions on the relationships between time use and different types of online and offline offending, which was largely absent in cybercriminology. The analyses show how changes in time use are related to changes in offline and online offending. For example, preliminary results suggest that if a respondent increases his/her use of online forums, his/her level of cyber-dependent offending also increases.