The emergence and commoditization of cyber-criminal activities calls for new empirical methods, measures, and technologies to quantify and understand offender operations across all forms of cyber-crime: from malware engineering and attack delivery, to running underground operations trading illegal goods such as drugs and illegal pornography, to spreading disinformation and planning (cyber-)terrorism operations. Without appropriate scientific measures of cyber-offender and attacker operations, capabilities, and resources, it remains impossible to derive sound policies, strategies and technologies that appropriately address realistic and evidence-based attacker and offender models.
The 4th Workshop on Attackers and Cyber-Crime Operations (WACCO 2022) aims to provide a venue for research and discussion on cyber-criminal activities. WACCO 2022 is co-located with the 7th IEEE European Symposium on Security and Privacy (EuroS&P 2022).
Call for Papers
WACCO 2022 calls for all contributions aiming at providing methods, measures, metrics, and technologies or tools to quantitatively or qualitatively evaluate cyber-offenders and attackers from technical and non-technical angles. The workshop invites contributions from, but not limited to, the fields of computer science and computer security, criminology, psychology, law, and economics addressing this issue.
Topics of interest include, but are not limited to:
- Empirical studies on attacker operations and communities
- Novel methods to perform attacker measurements at scale across several communities
- Cooperation and trust as a source of attackers’ effectiveness
- Attackers’ skill set
- Attackers’ operational security
- Measuring the spread of false information campaigns on social media
- Quantitative and qualitative methods to measure, track, and counter cybercrime
- Cybercrime measurement and networks
- Cybercrime policy
- Economics of cybercrime
- Profiling of cybercriminals
- Security metric design and evaluation
- Security patch measurement
- Statistical exploration and prediction of security incidents
- Open Source INTelligence (OSINT) and digital footprints
The workshop is co-located with the 7th IEEE European Symposium on Security and Privacy (EuroS&P 2022).
Important Dates
All deadlines are Anywhere on Earth (AoE = UTC-12h).
| Paper submission due | |
| Acceptance notice to authors | April 8, 2022 |
| Publication-ready papers submitted | |
| Workshop | June 6, 2022 |
Accepted Papers
Full Papers:
-
A Bad IDEa: Weaponizing uncontrolled online-IDEs in availability attacks
Shreyas Srinivasa, Dimitrios Georgoulias, Jens Myrup Pedersen, and Emmanouil Vasilomanolakis
-
POSTCOG: A tool for interdisciplinary research into underground forums at scale
Ildiko Pete, Jack Hughes, Andrew Caines, Anh V. Vu, Harshad Gupta, Alice Hutchings, Ross Anderson, and Paula Buttery
-
Investigating the concentration of High Yield Investment Programs in the United Kingdom
Sharad Agarwal, and Marie Vasek
-
Investigating the Effect of Phishing Believability on Phishing Reporting
Leon Kersten, Pavlo Burda, Luca Allodi, and Nicola Zannone
-
Libel Inc: An Analysis of the Libel Site Ecosystem
Rasika Bhalerao, and Damon Mccoy
-
Characterizing Building Automation System Attacks and Attackers
Martino Tommasini, Martin Rosso, Emmanuele Zambon, Luca Allodi, and Jerry den Hartog
-
Reviewing Estimates of Cybercrime Victimisation and Cyber Risk Likelihood
Daniel W Woods, and Lukas Walter
-
Examining the trends and operations of modern Dark-web marketplaces
Víctor Labrador Ortiga and Sergio Pastrana Portillo
Program
Registration
08:30 - 09:00 (Timezone: CEST (UTC+02:00))
Welcome
09:00 - 09:15 (Timezone: CEST (UTC+02:00))
Keynote
09:15 - 10:15 (Timezone: CEST (UTC+02:00))
Examining the pathways into cybercrime
Rutger Leukfeldt
What are pathways into cybercrime and how does someone become involved in a cybercriminal network? Traditionally, social ties provide access to criminal networks. These involvement mechanisms rely heavily on building trust and are limited to existing ‘real-world’ social contacts such as family, friends and co-workers. ‘Offender convergence settings’ – physical locations such as cafes and bars, where criminals can meet – are used to forge contacts outside an individual’s initial social cluster. Studies into involvement mechanisms of cybercriminal networks are scarce. However, case studies clearly show that the internet provides specific offender convergence settings, such as forums where cybercriminals can meet to exchange information or make plans to commit crimes. In the first part of this presentation, I will present the findings of interviews with Dutch hackers about their online and offline pathways into cybercrime, co-offending en desistence. Preliminary results show that the first (baby) steps in pathways into cybercrime include gaming, Google and YouTube. In the second part of this presentation, I will discuss two interventions we are currently using to deter starting cybercriminals.
Coffee Break
10:15 - 10:45 (Timezone: CEST (UTC+02:00))
Session 1: Know Your Enemy
10:45 - 12:30 (Timezone: CEST (UTC+02:00))
Characterizing Builiding Automation System Attacks and Attackers
Martino Tommasini, Martin Rosso, Emmanuele Zambon, Luca Allodi, and Jerry den Hartog
Abstract
A Bad IDEa: Weaponizing uncontrolled online IDEs in availability attacks
Shreyas Srinivasa, Dimitrios Georgoulias, Jens Myrup Pedersen, and Emmanouil Vasilomanolakis
Abstract
Investigating the Effect of Phishing Believability on Phishing Reporting
Leon Kersten, Pavlo Burda, Luca Allodi, and Nicola Zannone
Abstract
Examining the trends and operations of modern Dark-web marketplaces
Víctor Labrador Ortiga, and Sergio Pastrana Portillo
Abstract
Lunch Break
12:30 - 14:00 (Timezone: CEST (UTC+02:00))
Session 2: Measuring Cybercrime
14:00 - 14:50 (Timezone: CEST (UTC+02:00))
Libel Inc: An Analysis of the Libel Site Ecosystem
Rasika Bhalerao, and Damon Mccoy
Abstract
Investigating the concentration of High Yield Investment Programs in the United Kingdom
Sharad Agarwal, and Marie Vasek
Abstract
Session 3: Understanding Cybercrime
15:00 - 15:50 (Timezone: CEST (UTC+02:00))
Reviewing Estimates of Cybercrime Victimisation and Cyber Risk Likelihood
Daniel W Woods, and Lukas Walter
Abstract
POSTCOG: A tool for interdisciplinary research into underground forums at scale
Ildiko Pete, Jack Hughes, Andrew Caines, Anh V. Vu, Harshad Gupta, Alice Hutchings, Ross Anderson, and Paula Buttery
Abstract
Dinner (Location: Locanda Spinola, Vico della Scienza 17R)
19:30 - Undefined
Timezone: CEST (UTC+02:00))
Review Model
Open reports
WACCO promotes an open and transparent review process. Reviews of accepted papers will be published together with the papers and archived in a public github repository associated with WACCO. A link to that repository must be included in all accepted submissions. Open reports from previous years are available here. The reasons why WACCO implements an open report model are the following:
- It documents why the paper was considered positively to contribute to the larger scientific domain it pertains to;
- It provides a critique useful to better delineate research limitations and scope, which can be of particular benefit to young researchers and students alike;
- It provides a structural incentive for reviewers to write constructive and clear reviews;
- It provides a structural incentive for authors to implement reviewer recommendations for the camera-ready version of their paper;
- It provides a critical viewpoint for future work and research follow-ups;
- It provides additional transparency to the quality of the adopted review process and its outcomes.
Submission
WACCO encourages submission of full papers and position papers from academia, industry, and government. They should present interesting results for both theory and experimentation in the area of attacker and cyber-crime operations. We also particularly welcome independent reproduction of previous studies or experiments or negative results. We expect full papers to be of 10 pages in length (IEEE Format). Longer papers that document extensive experimentation are full in scope (which could be described in annex of the main body of the paper). Position papers of around 4 pages in length should present new open and interesting questions that the community should address or open questions that past research papers have not yet addressed. We expect position papers to be presented in panels or poster-platform sessions.
Anonymous submissions
Papers should be fully anonymized before review: author names or affiliations may not appear or be revealed in the text. Previous work of the authors should be referred to the third person. In the unusual case that an anonymous reference is not possible, the authors should blind the reference (e.g. “[x] Blinded citation to preserve submission anonymity”). Papers that are not properly anonymized may be desk rejected.
Submission of work that has been previously presented at conferences without proceedings, even if that work is associated with the names of the authors, or is published on online repositories such as ArXiv.org or SSRN, is allowed as long as the submission is fully anonymized. PC members that may recognize the work and its authors are asked to declare conflict on that paper and will not be assigned to it.
Publications
All papers will be published by IEEE CS and posted on the IEEE digital libraries. All authors of accepted papers are expected to present their paper at the workshop.
Submission site
Please submit your paper through EasyChair here.
Organization Committees
Program Co-chairs
| Luca Allodi | Eindhoven University of Technology |
| Alice Hutchings | University of Cambridge |
| Sergio Pastrana | University Carlos III of Madrid |
Publicity and Publication Co-chairs
| Publication Chair | Pavlo Burda | Eindhoven University of Technology |
| Publicity Chair | Michele Campobasso | Eindhoven University of Technology |
| Publication Chair | José Cabrero Holgueras | CERN and University Carlos III of Madrid |
| Publicity Chair | Leon Kersten | Eindhoven University of Technology |
Program Committee
- Maria Bada, Queen Mary University of London
- Benoît Dupont, University of Montreal
- Rutger Leukfeldt, NSCR
- Rebekah Overdorf, École Polytechnique Fédérale de Lausanne
- Sasha Romanosky, RAND
- Marleen Weulen Kranenbarg, Vrije Universiteit Amsterdam
- Dmitry Zhdanov, Georgia State University
- Will Scott, University of Michigan
- Carlos Gañán, Delft University of Technology
- Tom Van Goethem, KU Leuven
- Jorge Blasco Alís, Royal Holloway University of London
- Ben Collier, University of Edinburgh
- Daniel R. Thomas, University of Strathclyde
- Giorgio Di Tizio, University of Trento
- Veronica Valeros, Czech Technical University in Prague
- Jonathan Lusthaus, Oxford University
- Jeroen van der Ham, NCSC
- Yi Ting Chua, University of Alabama
- Matthew Edwards, University of Bristol
- Rolf van Wegberg, TU Delft
- Anita Lavorgna, University of Southampton
- Maria Grazia Porcedda, Trinity College Dublin
- Zinaida Benenson, Friedrich-Alexander-Universität
Registration
The workshop is co-located with the 7th IEEE European Symposium on Security and Privacy (EuroS&P 2022). To register please visit the registration page of the main event.