The 2024 Symposium on Electronic Crime Research (eCrime 2024) examined the economic foundations, behavioral elements, technological exposures, policy aspects and other dimensions that fuel the burgeoning global, multi-billion-dollar cybercrime plexus, at its 19th annual eCrime symposium on September 24 – 26, 2024 in Boston, Massachusetts, USA.
eCrime Venue: Bunker Hill Holiday Inn
Students requiring discounts should contact symposium managers at apwg_events@apwg.org
The symposium’s proceedings are in English.
Please contact the APWG eCrime organizers for details via email at apwg_events@apwg.org.
Discount codes are also available for university researchers, government personnel and law enforcement professionals from pubic-sector agencies.
MONDAY, SEPT. 23
** Times in EDT
6:00-8:00 PM
eCrime 2024 Boston Welcome Reception
Assembly Square Ballroom
TUESDAY, SEPT. 24
** Times in EDT
8:00-8:45 AM
Continental Breakfast
8:45 AM
Opening remarks and introductions
Plenary Keynote
Bruce Schneier
9:00 AM Keynote address: Bruce Schneier, Berkman Klein Center for Internet and Society at Harvard University — AI: How It Will Affect Crime, Law Enforcement, and the Judiciary
SESSION: The Emerging AI Conflict at the Cybercrime Frontier
MODERATOR: Laurin Weissinger, Tufts University
10 AM
Aditya K Sood, VP of Security Engineering and AI Strategy, Aryaka — Anatomizing the Growing Threat and Attacks on the AI Ecosystem
10:30
Bhupendra Acharya, CISPA Helmoltz Center for Information Security — Empirical Study of Scams and Attacks on Social Media Platforms through AI-Powered Automated Engagement
11:00 AM
Coffee Break / Trade Fair & Research Posters Exhibit
11:30 AM
April Lorenzen, Dissect Cyber — Squeezing Quality Phish Classification from a Truculent LLM
12:00 PM
12:20 PM
Lunch Break – Trade Fair & Research Posters Exhibit
SESSION: Architectural Shifts In Cybercrime Attack And Defense With the Rise Of Telephone-Based Phishing
1:35 PM
PANEL I: MANAGING THE SHIFT IN PHISHING ATTACK ARCHITECTURES TO TELEPHONE BASED PHISHING
MODERATOR: Ebrima Ceesay, Mastercard
Examines the challenges attendant suppression of lure and hook architectures and telephone-based attack schemes that are native to wireless devices and dear old POTS.
John Wilson, FORTRA
Matt Harris, OpSec
Cici Ling, Indiana University
Erich Kron, KnowBe4
Bobby Preston, WMC Global
2:35 PM
Coffee Break – Trade Fair & Research Posters Exhibit
3:05PM
PANEL II: DATA EXCHANGE REQUIREMENTS FOR ARCHIVING SMS/TEXT ATTACK DATA
MODERATOR: Pat Cain, APWG
Examines the challenges and field decisions of operations personnel charged with programmatically employing – and archiving on keystone clearinghouses like eCX – machine event data related to SMS and telephone-based phishing attacks.
Muhammad Lutfor Rahman, CSU San Marcos / Smishtank
Daniel Timko, CSU San Marcos / Smishtank
Ben Coon, WMC Global
Carlos Ramirez, APWG Engineering
SESSION: Cyber Risk & Underwriting in the Cybercrime Age
MODERATOR: Miranda Bruce, UNSW Canberra
3:50 PM
PANEL: Incidents, Underwriting and Risk
Cameron Brown, Deloitte (UK)
Jillian Kwong, MIT
Josephine Wolff, Tufts University
Vincent Weafer, Corvus Insurance
SESSION: eCrime eXchange: 2.0 and Beyond in Data Clearance and Data Curation
4:50 PM
Upgrades to eCX 2.0 in Data and Functionality
Carlos Ramirez, APWG Engineering
Arghya Mukherjee, The University of Tulsa
Pat Cain, APWG
5:15 PM
Closing Remarks / Trade Fair & Research Posters Exhibit
6:00 PM
Speakers’ and Directors’ Dinner
*** Transportation leaves the hotel beginning at 5:30pm
WEDNESDAY, SEPT. 25
** Times in EDT
8:00-8:45AM
Continental Breakfast
8:45AM
Opening remarks and introductions
SESSION: Internet Infrastructure Policy and Defense Posture in 2024
MODERATOR: Laurin Weissinger, APWG eCrime General Chair, Tufts University
9:00 AM INFRASTRUCTURE KEYNOTE: David Clark, MIT Computer Science and Artificial Intelligence Laboratory — Crime and Measurement: Measuring the Internet and why data on crime can help
10 AM
Owned, Pwned or Rented: Who’s Domain Is It?
Presenter: Mina Erfan (University of Ottawa)
Paula Branco, Guy-Vincent Jourdan (University of Ottawa)
10:20 AM
Coffee Break / Trade Fair & Research Posters Exhibit
10:50 AM
EagleEye: Attention to Unveil Malicious Event Sequences from Provenance Graphs
Presenter: Dinil Mon Divakaran (A*STAR Institute for Infocomm Research)
Philipp Gysel, Candid Wüest, Otakar Jašek,(Acronis Research)
Kenneth Nwafor, (Acronis Research and Constructor Technology)
Andrey Ustyuzhanin (Constructor University and Acronis Research)
11:20 AM
Risk Assessment & Mitigation for Core Security Capabilities
Marc Dupuis (University of Washington)
Karen Renaud (Strathclyde University)
SESSION: Hygienic Practices for Maintaining Internet and Enterprise Infrastructure
Moderator: Roman Y. Sannikov, Constellation Cyber
11:40 AM
Ihab Shraim, CSC Global — The Unpredictable Impact of “Dormant Domains” Cyberthreats on Corporate Security Posture
12:10 PM
Greg Aaron President, Illumintel, Inc.; Senior Research Fellow, APWG — The Future of Phishing – And What to Do About It
12:40 PM
Vinzenz Vogel, Robin Grunewald, SWITCH.ch — Minority Report and Robocop: Fighting abuse throughout the lifecycle of domains
1:10 PM
Lunch Break / Trade Fair & Research Posters Exhibit
2:25
Yue Wang, Netflix — Decoding Fraud: The Evolution and Impact of Netflix’s Fraud Metrics
2:55
Exploring Content Concealment in Email
Presenter: Lucas Betts (The University of Auckland)
Robert Biddle, Danielle Lottridge, Giovanni Russello (The University of Auckland)
3:15
What To Do Against Ransomware? Evaluating Law Enforcement Interventions
Presenter: Tom Meurs, (University of Twente)
Raphael Hoheisel, Marianne Junger, Abhishta Abhishta, (University of Twente)
Damon McCoy (NYU)
3:35
Typosquatting 3.0: Characterizing Squatting in Blockchain Naming Systems
Presenter: Muhammad Muzammil, (Stony Brook University)
ZhengYu Wu, Lalith Harisha, Brian Kondracki, Nick Nikiforakis (Stony Brook University)
3:55 PM
Coffee Break / Trade Fair & Research Posters Exhibit
SESSION: Human Factors in Evolution of Electronic Crime & AI Crime
MODERATOR: Aimee Larsen-Kirkpatrick, STOP. THINK. CONNECT. Messaging Convention
4:25 PM
“Hey Google, Remind me to be Phished” Exploiting the Notifications of the Google (AI) Assistant on Android for Social Engineering Attacks
Presenters: Saskia Laura Schroeer, Giovanni Apruzzese (University of Liechtenstein)
Marie Weinz, Saskia Laura Schroeer, Giovanni Apruzzese (University of Liechtenstein)
4:45 PM
Righard Zwienenberg, ESET — Telekopye: Professional Scamming by Putting a Mammoth in a Chamber Full of Neanderthals’ Secrets
5:15 PM
Love Bytes Back: Cybercrime Following Relationship Breakdown
Presenter: Quincy Taylor, (University of Cambridge)
Anna Talas, Alice Hutchings (University of Cambridge)
5:35 PM
Announcements / Trade Fair & Research Posters Exhibit
6:30 PM
APWG eCrime 2024 Symposium Reception
eCrime Reception Sponsored by Acronis
Protect your data from any threat.
Assembly Square Ballroom
THURSDAY, SEPT. 26
** Times in EDT
8:00am-8:45am
Continental Breakfast
8:45 AM
Introductions and Opening Remarks
SESSION: Mapping the Cybercrime Economy and Its Marketplaces
MODERATOR: Ebrima Ceesay, Mastercard
9:00 AM
Sinister Fattening: Dissecting the Tales of Pig Butchering and other Cryptocurrency Scams
Presenter: Marie Vasek (UCL)
Marilyne Ordekian (UCL)
Antonis Papasavva, Enrico Mariconti (UCL)
9:20 AM
Dalya Manatova, Indiana University — Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang
9:50 AM
Showing the Receipts: Understanding the Modern Ransomware Ecosystem
Jack Cable (None)
Ian Gray (New York University)
Damon McCoy (NYU)
10:30 AM
Identifying Key Expert Actors in Cybercrime Forums Based on their Technical Expertise
Presenter: Estelle Ruellan (Université de Montréal)
10:50 AM
Dark Web Dialogues: Analyzing Communication Platform Choices of Underground Forum Users
Presenter: Raphael Hoheisel, (University of Twente)
Tom Meurs, Marianne Junger, Erik Tews, Abhishta Abhishta (University of Twente)
11:20 AM
Coffee Break / Trade Fair & Research Posters Exhibit
SESSION: Transcending the Transborder Nature of Cybercrime
11:50 AM
Presenter: Jayati Dev
Co-author: Vaibhav Garg
Artificial Intelligence and the New Economics of Cyberattacks
12:10 AM
Kerry-Ann Barrett, Organization of American States — Hemispheric Cybersecurity Considerations for Cybercrime Investigations
12:40
PANEL: Mapping Overlaps Between State-sponsored and Profit-driven Cybercrime
Tom Holt – Michigan State University
Sabeen Malik – Rapid7
Roman Y. Sannikov, Constellation Cyber
1:40 PM
Closing / Announcement of Winning Papers for eCrime 2024
Friday, September 27 – eCrime Measurement, Risk and Policy Roundtables @ Tufts University
Following the APWG eCrime 2024 conference, APWG and Tufts University will be convening the inaugural eCrime Measurement, Risk and Policy Roundtables on Securing Digital Society at Tufts University’s Fletcher School of Law and Diplomacy at 160 Packard Ave., Medford, MA 02155 on Friday, September 27, 2024.
Policy and Research Roundtables: How Can Polities Tackle Cybercrime, Through Rigorous Research and Evidence-Based Policy?
Information and cybersecurity has been the topic in the boardroom and policy circles for multiple years now. Outages regularly make the news, as failures of popular services can impact on hundreds of organizations and millions of people.
Yet, while some discussions are happening around the issues of cybercrime and abuse, little is improving at any scale. Cryptoscams are legion on YouTube, TikTok, and Twitter, attempts to compromise Business Email are regularly successful, phishing sites are everywhere, and fraudulent spam clogs mailboxes — even if technical measures are deployed.
The eCrime Measurement, Risk and Policy Roundtables on Securing Digital Society shall engage the public policy gaps that must be addressed to make those common abuses that plague Internet infrastructure manageable at scale. These are policy deficits that the private sector has, to date, indicated it lacks the power, imagination or motivation to grasp constructively, to our common peril.
Some key issues demand technical expertise and operations-level mitigations, and these aspects of criminal schemes are thus relegated to disciplines of computer science, engineering, economics, and criminology. Yet, many if not most other key issues pertain directly or partially to governance and the international system: for example, it is an open secret that many profit-oriented cybercrime groups are shielded if not supported by governments who benefit from extracting value from “Western” consumers, transferring funds and weakening their economic and political systems.
It has become, therefore, increasingly clear to both sides of the operations and policy divide that the strongest solutions to common infrastructure abuses are operational best practices steeled by directly relevant policy. eCrime Measurement, Risk and Policy Roundtables on Securing Digital Society will work to identify those opportunities in securing shared Internet infrastructure from common abuses that can be most enduringly animated by the contemporaneous application of policy and operational conventions.
This first installment of the policy roundtables shall lay the groundwork for future discussions and work products that may have an impact on governments, companies, and — most importantly — people. What questions need to be resolved to make progress, what issues need to be clarified and discussed, what “work products” would lead to interest and change in corporate and policy circles? In short, what are the levers to pull to stop criminal exploitation of the shared Internet infrastructure, and who and where need they to be pulled?
These policy roundtables shall bring together business and policy leaders, non-governmental and civil society organizations, law enforcement, empirical researchers, security specialists, and engineers in order for all these groups to consider what different stakeholders can do and provide to address the challenges of cybercrime and online abuse.
AGENDA: Policy and Research Roundtables: How Can Polities Tackle Cybercrime, Through Rigorous Research and Evidence-Based Policy?
8:15-8:45 Registration / Coffees and Crusts
8:45-8:55 Prompt: What are the key gaps and issues we encountered and addressed this week in eCrime 2024’s discussions?
8:55-9:35 Discussion: What are the key gaps and issues we addressed this week?
9:35-9:40 Opener: How can these gaps be researched and measured with appropriate, domain-relevant rigor?
9:40-10:15 Discussion: How can these gaps be researched and measured with appropriate, domain-relevant rigor?
Break — 25 min
10:40-10:45 Opener: How can policy makers and industry address these issues and avoid/adroitly negotiate collisions?
10:45-11:20 Discussion: How can policy makers and companies address these issues?
11:20-12:00 What operational at risk management practices will devolve to sovereign law to organise and enforce as keystones to stable infrastructure maintenance upon which society depends?
12:00-13:30 Room stays open for discussions, coffees and crusts.
APWG eCrime 2024: the 19th Edition
APWG eCrime 2024 combines a peer-reviewed conference with general sessions open to industry, government, law enforcement and multilateral organizations, featuring keynote presentations from global thought-leaders, as well as technical and practical operationally focused sessions, and interactive panels. The objective of eCrime is to foster practical collaboration and the exchange of catalytic ideas by academic researchers, industry security practitioners, and law enforcement professionals in the global struggle against cybercrime.
IMPORTANT DATES:
Full Paper registration / submission due: July 7
Notification of acceptance: July 21
Conference: Sept 24-26
Camera-ready paper due: October 25
PAPERS´ TOPICS MAY INCLUDE BUT ARE NOT LIMITED TO:
Artificial Intelligence as criminal co-conspirator – and as defensive collaborator
Addressing challenges of cybercrime’s increasing complexity (e.g. digital infrastructures, crime-fighting/forensic techniques, and the structure of the crimes themselves)
Detecting and/or mitigating eCrime (e.g. online fraud, malware, phishing, ransomware, etc.)
Behavioral and psychosocial aspects of cybercrime victimization – and prevention
Measuring and modeling of cybercrime
Economics of cybercrime
Cybercrime payload delivery strategies and countermeasures (e.g. spam, mobile apps, social engineering, etc.)
Public Policy and Law for cybercrime
Cryptocurrency and related cybercrimes – and forensic tools and techniques for cryptocurrency related cybercrimes
Case studies of current cybercrime attack methods, (e.g. phishing, malware, rogue antivirus programs, pharming, crimeware, botnets, and emerging techniques)
Detecting/preventing abuse of internet infrastructure to neutralize cybercrimes
Detecting/isolating cybercrime gangs’ and attendant money laundering enterprises
Cybercrime’s evolution in specific verticals: (e.g. financial services, e-commerce, health, energy & supplies)
Cybercriminal cloaking techniques – and counter-cloaking tools and approaches
Design and evaluation of UI/UXs to neutralize fraud and enhance user security
AUTHORS’ GUIDANCE
eCrime has adopted the IEEE publication format. Submissions should be in English, in PDF format with all fonts embedded, and formatted using the IEEE conference template, which can be found at:
http://www.ieee.org/conferences_events/conferences/publishing/templates.html.
Submissions should be anonymised, excluding author names, affiliations and acknowledgments. Authors’ own work should be referred to in the third person.
Paper should not exceed 12 letter-sized pages, excluding the bibliography and appendices.
Committee members are not required to read appendices, so ensure that the main paper is intelligible without them.
Submitted papers that do not adhere to all the above guidelines may be rejected without consideration of their merits.
Authors of accepted papers must present them and register at the event.
For paper submissions use the New Submission option at:
Authors will be asked to indicate whether they would like their submissions to be considered for the Best Student Paper Award. Any paper co-authored by a full-time student is eligible for this award.
Authors of accepted papers must guarantee that their paper will be presented at the conference. We understand that some authors may face difficulties in obtaining funding to attend the conference. Therefore, a limited number of stipends are available for those who are unable to secure funding. Students who will present their accepted papers themselves will be given priority in receiving such assistance.
ORGANIZING COMMITTEE
Program Chair
Ebrima Ceesay
Mastercard
General Chair
Laurin Weissinger
(Tufts University)
Publications Chair
Miranda Bruce (University of Oxford)
Event Sponsors
Gold Sponsor
eCrime Reception Sponsor
Silver Sponsors
Bronze Sponsor
Founding Sponsor
PROGRAM COMMITTEE
Committee Member | Affiliation |
---|---|
Adam Oest | PayPal |
Suryadipta Majumdar | Concordia University |
Guy-Vincent Jordan | University of Ottawa |
Zhibo (Eric) Sun | Drexel University |
Paria Shirani | University of Ottawa |
Eireann Leverett | Concinnity Risks |
Jan-Willem Bullee | University of Twente |
Samaneh Tajali | ICANN |
Laurin Weissinger | Tufts University |
Jan-Willem Bullee | University of Twente |
Yi Ting Chua | University of Tulsa |
Sergio Pastrana | University Carlos III of Madrid |
Brad Wardman | Booz Allen Hamilton |
Alice Hutchings | University of Cambridge |
Daniel Thomas | University of Strathclyde |
Max Aliapoulios | Meta |
Miranda Bruce | University of Oxford |
Ebrima Ceesay | Mastercard |
Benoit Dupont | Universite de Montreal |
Andrew Morin | University of Tulsa |
Luca Allodi | Eindhoven University of Technology |
Marc Rivero | Universitat Ramon LLull |
Mina Erfan | University of Ottawa |
Jean Dinco | GIFCT |
Quang Nhat Tran | Department of Parliamentary Services, Australia |
Masood Mansoori | UNSW Canberra |
Travis Quinn | Tesserent |
Asmaa Hailane | University of Ottawa |
Nickolaos Koroniotis | UNSW Canberra |
Anna Talas | University of Cambridge |
Viet Anh Vu | University of Cambridge |
Peter Cassidy | APWG |