WACCO 2024

6th Workshop on Attackers and Cyber-Crime Operations

IEEE European Symposium on Security and Privacy 2024

July 8, 2024 - Vienna Austria

The emergence and commoditization of cyber-criminal activities calls for new empirical methods, measures, and technologies to quantify and understand offender operations across all forms of cyber-crime: from malware engineering and attack delivery, to running underground operations trading illegal goods such as drugs and illegal pornography, to spreading disinformation and planning (cyber-)terrorism operations. Without appropriate scientific measures of cyber-offender and attacker operations, capabilities, and resources, it remains impossible to derive sound policies, strategies and technologies that appropriately address realistic and evidence-based attacker and offender models. WACCO 2024 calls for all contributions aiming at providing methods, measures, metrics, and technologies or tools to quantitatively or qualitatively evaluate cyber-offenders and attackers from technical and non-technical angles. The workshop invites contributions from, but not limited to, the fields of computer science and computer security, criminology, psychology, law, and economics addressing this issue.

WACCO 2024 welcomes (full and short) paper submissions, for publication in the EuroSP IEEE proceedings and presentation at WACCO 2024, and Research talks, for presentation at WACCO 2024 (no proceedings). All submissions will go through the same review process, and receive feedback from the PC.  

Call for Papers

WACCO 2024 welcomes (full and short) paper submissions, for publication in the EuroSP IEEE proceedings and presentation at WACCO 2024, and Research talks, for presentation at WACCO 2024 (no proceedings). All submissions will go through the same review process, and receive feedback from the PC.

Topics of interest include, but are not limited to:

  • Empirical studies on attacker operations and communities
  • Novel methods to perform attacker measurements at scale across several communities
  • Cooperation and trust as a source of attackers’ effectiveness
  • Attackers’ skill set
  • Attackers’ operational security
  • Measuring the spread of false information campaigns on social media
  • Quantitative and qualitative methods to measure, track, and counter cybercrime
  • Cybercrime measurement and networks
  • Cybercrime policy
  • Economics of cybercrime
  • Profiling of cybercriminals
  • Security metric design and evaluation
  • Security patch measurement
  • Statistical exploration and prediction of security incidents
  • Open Source INTelligence (OSINT) and digital footprints

The workshop is co-located with the 9th IEEE European Symposium on Security and Privacy (EuroS&P 2024).

Important Dates

All deadlines are Anywhere on Earth (AoE = UTC-12h).

Paper submission due March 15, 2024 April 3, 2024 [EXTENDED]
Acceptance notice to authors April 30, 2024
Publication-ready papers submitted May 15, 2024 May 20, 2024
Workshop July 8, 2024

Review Model

Open reports

WACCO promotes an open and transparent review process. Reviews of accepted papers will be published together with the papers and archived in a public github repository associated with WACCO. A link to that repository must be included in all accepted submissions. The reasons why WACCO implements an open report model are the following:

  • It documents why the paper was considered positively to contribute to the larger scientific domain it pertains to;
  • It provides a critique useful to better delineate research limitations and scope, which can be of particular benefit to young researchers and students alike;
  • It provides a structural incentive for reviewers to write constructive and clear reviews;
  • It provides a structural incentive for authors to implement reviewer recommendations for the camera-ready version of their paper;
  • It provides a critical viewpoint for future work and research follow-ups;
  • It provides additional transparency to the quality of the adopted review process and its outcomes.


WACCO encourages submission of full papers and position papers from academia, industry, and government for appearance in the EuroSP IEEE proceedings. They should present interesting results for both theory and experimentation in the area of attacker and cyber-crime operations. We also particularly welcome independent reproduction of previous studies or experiments or negative results. We expect full papers to be of 10 pages in length (IEEE Format). Longer papers that document extensive experimentation are full in scope (which could be described in annex of the main body of the paper). Position papers of around 4 pages in length should present new open and interesting questions that the community should address or open questions that past research papers have not yet addressed. We expect position papers to be presented in panels or poster-platform sessions.

Additionally, WACCO 2024 welcomes submissions of Research Talks. Research Talk submissions will go through the same review process as full/short papers and will be evaluated on the same criteria of quality, but will not appear in the IEEE proceedings. We especially encourage the submission of multidisciplinary work looking for feedback from qualified experts in the domain. Research Talk submissions can be in any format, and of length commensurate to the contribution. Indicatively, Research Talks submissions are expected to be in the range of 7000-8000 words. To keep review loads acceptable, submissions of more than 10000 words may be desk rejected. Research Talk submissions should clearly state “Research Talk” in the title of the submission.

Anonymous submissions

Papers should be fully anonymized before review: author names or affiliations may not appear or be revealed in the text. Previous work of the authors should be referred to the third person. In the unusual case that an anonymous reference is not possible, the authors should blind the reference (e.g. “[x] Blinded citation to preserve submission anonymity”). Papers that are not properly anonymized may be desk rejected.
Submission of work that has been previously presented at conferences without proceedings, even if that work is associated with the names of the authors, or is published on online repositories such as ArXiv.org or SSRN, is allowed as long as the submission is fully anonymized. PC members that may recognize the work and its authors are asked to declare conflict on that paper and will not be assigned to it.


All papers will be published by IEEE CS and posted on the IEEE digital libraries. All authors of accepted papers are expected to present their paper at the workshop.

Submission site

Please submit your paper through EasyChair here.

Organization Committees

Program Co-chairs

Luca Allodi Eindhoven University of Technology l.allodi@tue.nl
Alice Hutchings University of Cambridge alice.hutchings@cl.cam.ac.uk
Sergio Pastrana University Carlos III of Madrid spastran@inf.uc3m.es

Publicity and Publication Co-chairs

To be announced.

Program Committee