Cybercrime under the spotlight at June conference

Why we should treat organised international e-crime the way we treat a pandemic; understanding the full range of harms suffered by ransomware attack victims; and how the UK National Cyber Crime Unit has used honey traps to disrupt cybercrime-for-hire marketplaces. These are just three of the topics that will be discussed at the Annual Cambridge Cybercrime Conference in June. 

This is the seventh conference in the series organised by the The Cambridge Cybercrime Centre, which is based in this Department. The conference takes place on Monday 10 June.

Global Cyber Resilience using a Public Health Model of eCrime
It will kick off with a thought-provoking address. Keynote speaker Prof L. Jean Camp, Director of the Center for Security and Privacy at Indiana University, will argue that in today's globally-connected world, we should take large-scale computer security attacks as seriously as we take pandemics. This includes developing coordinated cross-border digital public health systems for responding to them.

As she will tell attendees: "Computer crime is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. I propose... that coordinated global science is needed to address organized global e-crime."

Fellow speaker Gabriella Williams - a PhD student at Royal Holloway, University of London - will offer a parallel argument in her talk, where she will discuss the issues around treating virtual harassment and assault as seriously as their physical equivalents. 

Beyond Borders: Exploring Security, Privacy, Cultural and Legal Challenges in Metaverse Sexual Harassment
"The metaverse is a 3D virtual environment that is supposed to reflect our real life where we can shop, go to work or attend virtual concerts," she says. "However, due to the immersive and haptic technologies, the experiences of sexual assault in the metaverse can be more intense and traumatizing as they feel like physical experiences." Gabriella is applying technological and criminological perspectives to understanding criminal behaviour in virtual reality. This includes investigating legal questions of whether virtual sexual assault or harassment could be treated as crimes, as their physical equivalents are, in order to keep the metaverse a safe space. 

Ransomware Harms and the Victim Experience
Meanwhile, two speakers at the conference will discuss ransomware attacks. In his talk, Jason Nurse, Reader in Cyber Security at the University of Kent will discuss the impact on victims of these attacks where criminals threaten them with a range of harms to get them to pay increasingly significant amounts in ransom.

"While much is known about the prevalence of the threat," Jason says, "there is limited focused research on the depth and breadth of harms experienced by victims." He'll talk about two studies he has carried out with individuals, organisations and responders to look into this.

"Ransomware can - and has - ruined lives," he says. "We discovered in our research that individuals can lose their jobs, often express feelings of shame and self-blame (sometimes extended to private and family life), and that these attacks can contribute to serious personal health issues. At a societal level, we also found that ransomware can lead to a loss of trust in law enforcement, reduced faith in public services, and the potential normalisation of cybercrime." 

Honey traps, and the takedown of LockBit ransomware
Ransomware will also feature in the presentation by the Prevent Team at the National Crime Agency's Cyber Crime Unit. In particular, it will highlight the seizing (by the agency and international partners) of the apparatus of the LockBit ransomware gang. LockBit was regarded as one of the world’s most dangerous ransomware groups. Organisations that fell victim to the gang include  Royal Mail and Boeing.

The presentation will also discuss a new approach to tackling 'cybercrime-for-hire services'. These enable users to conduct attacks - such as distributed denial of service attacks - on victims with little or no technical knowledge. Until now, law enforcement agencies have responded by taking down sites and arresting admins, but the long-term effectiveness of this approach is questionable.

So the National Cyber Crime Unit tried using deception and disruption techniques to undermine criminals' confidence in underground 'cybercrime-for-hire' marketplaces through the use of honey trap sites built by the National Crime Agency. This presentation will outline the conception and legal considerations for the use of such honey traps, the tactical and strategic impact of the operation and the role academia performed in their input to planning and success analysis. 

• The Cambridge Cybercrime Centre's seventh one day conference on cybercrime will be held on Monday 10 June. For details and to register, visit https://onlinesales.admin.cam.ac.uk