Cybercrimeology

• Fake It Until You Break It: The pay-to-publish paper mills exploiting the over metrification of Science

  Notes:Paper mills are fraudulent commercial enterprises that fabricate scientific papers and sell authorship, citations, and other academic credentials—often at scale.Sarah Eaton and Sabina Alam first collaborated through COPE (Committee on Publication Ethics) and later worked together in United2Act, an international initiative focused on tackling paper mills.The conversation draws parallels between scientific paper mills and contract cheating in higher education, both of which undermine academic integrity for financial gain.Eaton and Alam discuss how metrics-based performance systems in universities and publishing environments create conditions ripe for abuse.Publishers and universities historically avoided transparency, but the scale of the problem has led to greater collaboration between stakeholders.The duo share insights into early warning signs of fraudulent submissions and describe the development of technological and administrative countermeasures.Particular attention is given to the harm paper mills cause: from corrupting citation networks to potentially endangering lives with fabricated data in medical journals.The “Andrew Vickers Curse” is discussed as a case study illustrating how citation manipulation by paper mills can entangle innocent researchers.The episode closes with a call for broader participation in the second phase of United2Act, particularly from research funders, IT specialists, and institutional stakeholders.About our guests:Dr. Sarah Elaine Eatonhttps://profiles.ucalgary.ca/sarah-eatonhttps://drsaraheaton.com/about/Dr. Sabina Alamhttps://www.taylorandfrancis.com/about/ethics-integrity/https://www.csescienceeditor.org/article/dr-sabina-alam-shaping-critical-thinking-about-science/ Papers or resources mentioned in this episode:United2Act initiative: https://united2act.orgMagazinov, Alexander. (2023). The Andrew Vickers Curse: secret revealed!, For Better Sciencehttps://forbetterscience.com/2023/07/31/the-vickers-curse-secret-revealed/ Other:Glossary of terms and acronyms:COPE – Committee on Publication Ethics: An international body that provides advice to editors and publishers on all aspects of publication ethics.STM – International Association of Scientific, Technical and Medical Publishers: A global trade association supporting academic publishing and information dissemination.Q1/Q2 Journal – Journals ranked in the top (Q1) or second (Q2) quartile based on impact metrics such as citation counts or journal reputation.Term paper mill – A business that sells pre-written or custom academic papers, often used in contract cheating by students.Contract cheating – A form of academic dishonesty where students outsource assessments to third parties.Retraction – The removal of a published article from the scientific record, typically due to error or misconduct.Desk reject – When a manuscript is rejected by a journal editor before it is sent out for peer review.Citation ring – A group of papers or authors who cite each other extensively to artificially inflate citation metrics.Paper Mills - Organisations or individuals that aim to profit from the creation, sale, peer review and/or citation of manuscripts at scale which contain low value or fraudulent content and/or authorship, with the aim of publication in scholarly journals.A big thank you to the United2Act people for coming out of their comfort zone and chatting to me about this.  This bravery is how science as an interdisciplinary pursuit driven by curiosity and collaboration happens.  

  --------  

  39:53
• DeReact, DeFatigue and Deceive: Psychology for Better Cybersecurity Design

  Episode Notes:Dr. Reeves’ Background – Trained as a psychologist, his interest in cybersecurity emerged from a talk connecting human error to security breaches.Cybersecurity Fatigue Defined – A form of disengagement where employees lose motivation to follow security practices due to overload and conflicting advice.Not Just Apathy – Fatigue often affects people who initially cared about cybersecurity but were worn down by excessive or ineffective interventions.Training Shortcomings – Lecture-style, one-way training is frequently perceived as boring, irrelevant, or contradictory to users' experiences.Compliance vs. Effectiveness – Many organizations implement security training to meet legal requirements, even if it fails to change behavior.Reactance in Security – Users may intentionally ignore advice or rules to assert control, especially when training feels micromanaging or patronizing.Better Through Design – Reeves argues that secure systems should reduce the need for user decisions by simplifying or removing risky options altogether.Remove Rather Than Train – Limiting administrative rights is often more effective than trying to educate users out of risky behaviors.Mismatch With Reality – Generic training that conflicts with real policies or system restrictions can confuse or alienate users.Cognitive Load and Decision-Making – Under stress or fatigue, users rely on mental shortcuts (heuristics), which attackers exploit.Personal Example of Being Fooled – Reeves recounts nearly falling for a scam due to time pressure, illustrating how stress weakens judgment.Cybersecurity Buddy System – Recommends encouraging users to consult peers when making sensitive decisions, especially under pressure.Cyber Deception Strategies – Reeves now researches ways to mislead and trap attackers inside systems using decoys and tripwires.Applying Psychology to Attackers – The same behavioral models used to study users can help predict and manipulate attacker behavior.Empowering Defenders – Deception technologies can help security teams regain a sense of agency, shifting from reactive defense to proactive engagemenAbout our guest:Dr. Andrew Reeveshttps://www.linkedin.com/in/andrewreevescyber/https://research.unsw.edu.au/people/dr-andrew-reeveshttps://www.unsw.edu.au/research/ifcyberPapers or resources mentioned in this episode:Reeves, A., Delfabbro, P., & Calic, D. (2021). Encouraging employee engagement with cybersecurity: How to tackle cyber fatigue. SAGE Open, 11(1).https://doi.org/10.1177/21582440211000049Reeves, A., Calic, D., & Delfabbro, P. (2023). Generic and unusable: Understanding employee perceptions of cybersecurity training and measuring advice fatigue. Computers & Security, 128, 103137.https://doi.org/10.1016/j.cose.2023.103137Reeves, A., & Ashenden, D. (2023). Understanding decision making in security operations centres: Building the case for cyber deception technology. Frontiers in Psychology, 14, 1165705.https://doi.org/10.3389/fpsyg.2023.1165705Other:UNSW Institute for Cyber Security (IFCYBER)https://www.unsw.edu.au/research/ifcyber

  --------  

  38:32
• Wake up Calling: Impacting businesses by communicating cybersecurity risk

  Episode NotesSMEs struggle with cybersecurity due to time, cost, and lack of expertise, despite recognizing its importance.An automated cybersecurity scan was developed to assess SME websites and email security without requiring them to opt-in.Physical reports were mailed instead of emailed to avoid phishing concerns and increase credibility.Reports included security ratings on ten key areas and recommendations for improvement.Businesses were encouraged to consult their existing IT providers for fixes rather than relying on external services.Different risk communication strategies were tested to encourage SMEs to act on the findings.“Anticipated Regret” messaging (“Fix it now or regret it later”) led to the highest cybersecurity improvements.All groups, including the control group, showed some improvement, suggesting broader awareness of cybersecurity issues.Engagement was low, with only a small number of businesses reaching out after receiving the report.Legal concerns about scanning businesses without consent were addressed—publicly available cybersecurity data can be legally assessed.Ethical approval confirmed the project was non-commercial and aimed solely at helping businesses improve security.A follow-up version of the project will introduce an opt-out option before scanning businesses.Industry associations may partner with the project to increase credibility and adoption.The intervention will be scaled up, with more businesses included and a longer time frame for assessing impact.Future plans include adapting the intervention internationally, using lessons learned to assist SMEs in other regions. About Our GuestDr. Susanne van ’t Hoff-de Goedehttps://www.linkedin.com/in/susanne-van-t-hoff-de-goede/https://www.thuas.com/research/centre-expertise/team-cyber-security Resources and Research MentionedExamining Ransomware Payment Decision-making Among SMEsMatthijsse, S. R., Moneva, A., van ’t Hoff-de Goede, M. S., & Leukfeldt, E. R.European Journal of Criminology.Explaining Cybercrime Victimization Using a Longitudinal Population-based Survey Experimentvan ’t Hoff-de Goede, M. S., van de Weijer, S., & Leukfeldt, R.Journal of Crime and Justice, 47(4), 472-491 (2024).How Safely Do We Behave Online? An Explanatory Study into the Cybersecurity Behaviors of Dutch Citizensvan der Kleij, R., van ’t Hoff-de Goede, S., van de Weijer, S., & Leukfeldt, R.In: International Conference on Applied Human Factors and Ergonomics (2021), pp. 238-246.The Online Behaviour and Victimization Studyvan ’t Hoff-de Goede, M. S., Leukfeldt, E. R., van der Kleij, R., …In:Cybercrime in Context: The human factor in victimization, offending, and … (2021). OtherDutch Government Cybersecurity Resourcehttps://english.ncsc.nl(English-language site for the Netherlands’ National Cyber Security Centre)Secure Internetting (in Dutch)https://veiliginternetten.nl/

  --------  

  21:52
• Anomie.exe: Geography, Strain and the Motivated Cyber Offender

  Episode Summary (Dot Points)Understanding Cybercrime through Strain and Anomie TheoriesDr. Dearden explains how strain theory and anomie theory provide insights into cybercriminal motivations.Discussion on economic and social pressures that push individuals toward cybercrime, including unemployment, inequality, and lack of upward mobility.The Role of Honeypots in Cybercrime ResearchOverview of honeypots—deceptive systems designed to attract cyber attackers.How honeypots help researchers observe and analyze hacker behaviors in real-world settings.Differences in hacking techniques and motivations across different regions.Regional Variations in Cybercriminal ActivitiesWhy cybercrime is not uniformly distributed worldwide despite the internet being a global network.Case studies on West African romance scams, Russian cyber operations, and Indian call center frauds.The interplay between legitimate and illegitimate economies in cybercrime hotspots.Cybercrime and Economic OpportunityFindings from recent research on how financial strain vs. greed influences cybercrime.The role of cryptocurrency in enabling financial cybercrimes and providing anonymity to offenders.Discussion on how cybercrime prevention strategies need to address offender motivations, not just security vulnerabilities.Future Research and Policy ImplicationsThe need for broader, structural changes to mitigate cybercrime, rather than relying solely on reactive security measures.How cross-national studies and criminological data collection can improve cybercrime prevention strategies.Upcoming projects on measuring cyber-offending patterns and regional differences in hacking behavior.About Our GuestDr. Thomas Deardenhttps://liberalarts.vt.edu/departments-and-schools/department-of-sociology/faculty/thomas-dearden.htmlPapers and Resources Mentioned in This EpisodeDearden, T. E., & Gottschalk, P. (2024).Convenience Theory and Cybercrime Opportunity: An Analysis of Online Cyberoffending.Deviant Behavior.DOI LinkParti, K., & Dearden, T. (2024).Cybercrime and Strain Theory: An Examination of Online Crime and Gender.International Journal of Criminology and Sociology. https://doi.org/10.6000/1929-4409.2024.13.19Dearden, T. E., Parti, K., & Hawdon, J. (2022).Institutional Anomie Theory and Cybercrime: Cybercrime and the American Dream.Journal of Contemporary Criminal Justice. https://doi.org/10.1177/10439862211001590 Related Episodes Featuring Dr. DeardenEpisode 39 : Strained Dreams: Cybercrime and Institutional Anomiehttps://www.cybercrimeology.com/episodes/strained-dreams-cybercrime-and-institutional-anomie Other:The Human Factors in cybercrime Conference: https://www.hfc-conference.comWe had a chat in a room with a bunch of people just outside having their own great conversations. Kind of nice to get a little bit of that vibe into the mix.  Conferences can be a lot of fun ;)/.To the best of my knowledge, no bovines were harmed during the recording of this episode. 

  --------  

  22:00
• The Ethical Hacker Pathway: Exploring Positive Cyber Behavior

  Key Points Discussed:Defining Ethical Hacking: Ethical hackers use their skills to identify and report vulnerabilities, often to enhance cybersecurity in various capacities, including voluntary work, bug bounty programs, or professional roles.Research Focus: Dr. Weulen Kranenbarg’s studies highlight a significant overlap between positive and negative cyber behaviors, particularly among IT students, and explore how individuals transition toward ethical hacking.Ethical Hacking as a Pathway:Early positive experiences, such as reporting vulnerabilities to schools or organizations, can strongly influence individuals toward ethical hacking.Responses from organizations play a critical role—positive reinforcement encourages further ethical behavior, while negative experiences can deter individuals.Challenges in Defining Ethics:Ethical hackers themselves debate the boundaries of what constitutes ethical behavior, such as whether making vulnerabilities public is acceptable if organizations fail to act.The term "ethical hacker" is often contentious within the community.Role of Education: Schools struggle to address and guide ethical behavior among IT students effectively. Clear vulnerability disclosure policies and ethics education in IT programs are crucial.Future Research Directions: Dr. Weulen Kranenbarg plans to conduct life-history interviews with hackers to better understand their pathways and influences toward ethical behavior.About our Guest:Dr Marleen Weulen Kranenbarghttps://research.vu.nl/en/persons/marleen-weulen-kranenbarg Papers or Resources Mentioned:Weulen Kranenbarg, M. (2018). Cyber-offenders versus traditional offenders: An empirical comparison. Vrije Universiteit Amsterdam. Retrieved from https://research.vu.nl/en/publications/cyber-offenders-versus-traditional-offenders-an-empirical-comparisonWeulen Kranenbarg, M., Ruiter, S., & Nieuwbeerta, P. (2018). Cyber-offending and traditional offending over the life-course: An empirical comparison. Crime & Delinquency, 64(10), 1270–1292. https://doi.org/10.1177/0011128718763134Weulen Kranenbarg, M., Holt, T. J., & van Gelder, J.-L. (2021). Contrasting cyber-dependent and traditional offenders: A comparison on criminological explanations and potential prevention methods. In J. van Gelder, H. Elffers, D. Reynald, & D. Nagin (Eds.), Routledge International Handbook of Criminology and Criminal Justice Studies (pp. 234–249). Routledge. Retrieved from https://research.vu.nl/en/publications/contrasting-cyber-dependent-and-traditional-offenders-a-comparisoWeulen Kranenbarg, M., & Noordegraaf, J. (2023). Why do young people start and continue with ethical hacking? A qualitative study on individual and social aspects in the lives of ethical hackers. Criminology & Public Policy, 22(3), 465–490. https://doi.org/10.1111/1745-9133.12640Additional Resources:Capture the Flag (CTF) events:Hack the Box - A popular online platform offering a variety of CTF challenges to test and improve cybersecurity skills.https://www.hackthebox.comNorthSec - A popular  in-person CTF competition designed for everyone excited about cybersecurity.https://nsec.ioBug Bounty Programs:HackerOne - A leading bug bounty platform connecting ethical hackers with organizations to find and fix vulnerabilities.https://www.hackerone.comBugcrowd - A platform that hosts bug bounty programs for a wide range of companies and industries.https://www.bugcrowd.com

  --------  

  23:21

Meer Wetenschap podcasts

Trending Wetenschap -podcasts

Over Cybercrimeology