Loading Events

« All Events

  • This event has passed.

eCrime 2024 Boston

September 24 @ 09:00 September 26 @ 16:00

The 2024 Symposium on Electronic Crime Research (eCrime 2024) examined the economic foundations, behavioral elements, technological exposures, policy aspects and other dimensions that fuel the burgeoning global, multi-billion-dollar cybercrime plexus, at its 19th annual eCrime symposium on September 24 – 26, 2024 in Boston, Massachusetts, USA.

eCrime Venue: Bunker Hill Holiday Inn

30 Washington Street Somerville Massachusetts 02143

Students requiring discounts should contact symposium managers at apwg_events@apwg.org

The symposium’s proceedings are in English.

Please contact the APWG eCrime organizers for details via email at apwg_events@apwg.org.

Discount codes are also available for university researchers, government personnel and law enforcement professionals from pubic-sector agencies.

MONDAY, SEPT. 23

** Times in EDT

6:00-8:00 PM

eCrime 2024 Boston Welcome Reception

Assembly Square Ballroom

TUESDAY, SEPT. 24

** Times in EDT

8:00-8:45 AM

Continental Breakfast

8:45 AM

Opening remarks and introductions

Plenary Keynote

Bruce Schneier

9:00 AM Keynote address: Bruce Schneier, Berkman Klein Center for Internet and Society at Harvard University — AI: How It Will Affect Crime, Law Enforcement, and the Judiciary

SESSION: The Emerging AI Conflict at the Cybercrime Frontier


MODERATOR: Laurin Weissinger, Tufts University

10 AM

Aditya K Sood, VP of Security Engineering and AI Strategy, Aryaka — Anatomizing the Growing Threat and Attacks on the AI Ecosystem

10:30

Bhupendra Acharya, CISPA Helmoltz Center for Information Security — Empirical Study of Scams and Attacks on Social Media Platforms through AI-Powered Automated Engagement

11:00 AM

Coffee Break / Trade Fair & Research Posters Exhibit

11:30 AM

April Lorenzen, Dissect Cyber — Squeezing Quality Phish Classification from a Truculent LLM

12:00 PM

Multimodal Large Language Models for Phishing Webpage Detection and Identification

Presenter: Dinil Mon Divakaran (A*STAR Institute for Infocomm Research) 

Jehyun Lee (Trustwave)  

Peiyuan Lim, Bryan Hooi (National University of Singapore) 

12:20 PM

Lunch Break – Trade Fair & Research Posters Exhibit

SESSION: Architectural Shifts In Cybercrime Attack And Defense With the Rise Of Telephone-Based Phishing

1:35 PM

PANEL I: MANAGING THE SHIFT IN PHISHING ATTACK ARCHITECTURES TO TELEPHONE BASED PHISHING

MODERATOR: Ebrima Ceesay, Mastercard

Examines the challenges attendant suppression of lure and hook architectures and telephone-based attack schemes that are native to wireless devices and dear old POTS.

John Wilson, FORTRA

Matt Harris, OpSec

Cici Ling, Indiana University

Erich Kron, KnowBe4

Bobby Preston, WMC Global

2:35 PM

Coffee Break – Trade Fair & Research Posters Exhibit


3:05PM

PANEL II: DATA EXCHANGE REQUIREMENTS FOR ARCHIVING SMS/TEXT ATTACK DATA

MODERATOR: Pat Cain, APWG

Examines the challenges and field decisions of operations personnel charged with programmatically employing – and archiving on keystone clearinghouses like eCX – machine event data related to SMS and telephone-based phishing attacks.

Muhammad Lutfor Rahman, CSU San Marcos / Smishtank

Daniel Timko, CSU San Marcos / Smishtank

Ben Coon, WMC Global

Carlos Ramirez, APWG Engineering

SESSION: Cyber Risk & Underwriting in the Cybercrime Age

MODERATOR: Miranda Bruce, UNSW Canberra

3:50 PM

PANEL: Incidents, Underwriting and Risk

Cameron Brown, Deloitte (UK)

Jillian Kwong, MIT

Josephine Wolff, Tufts University

Vincent Weafer, Corvus Insurance

SESSION: eCrime eXchange: 2.0 and Beyond in Data Clearance and Data Curation

4:50 PM

Upgrades to eCX 2.0 in Data and Functionality

Carlos Ramirez, APWG Engineering

Arghya Mukherjee, The University of Tulsa

Pat Cain, APWG

5:15 PM

Closing Remarks / Trade Fair & Research Posters Exhibit

6:00 PM

Speakers’ and Directors’ Dinner

*** Transportation leaves the hotel beginning at 5:30pm

WEDNESDAY, SEPT. 25

** Times in EDT

8:00-8:45AM

Continental Breakfast

8:45AM

Opening remarks and introductions

SESSION: Internet Infrastructure Policy and Defense Posture in 2024


MODERATOR: Laurin Weissinger, APWG eCrime General Chair, Tufts University


9:00 AM INFRASTRUCTURE KEYNOTE: David Clark, MIT Computer Science and Artificial Intelligence Laboratory —  Crime and Measurement: Measuring the Internet and why data on crime can help

10 AM

Owned, Pwned or Rented: Who’s Domain Is It?

Presenter: Mina Erfan (University of Ottawa) 

Paula Branco, Guy-Vincent Jourdan (University of Ottawa)

10:20 AM

Coffee Break / Trade Fair & Research Posters Exhibit

10:50 AM

EagleEye: Attention to Unveil Malicious Event Sequences from Provenance Graphs

Presenter: Dinil Mon Divakaran (A*STAR Institute for Infocomm Research) 

Philipp Gysel, Candid Wüest, Otakar Jašek,(Acronis Research)

Kenneth Nwafor, (Acronis Research and Constructor Technology)

Andrey Ustyuzhanin (Constructor University and Acronis Research)

11:20 AM

Risk Assessment & Mitigation for Core Security Capabilities

Marc Dupuis (University of Washington) 

Karen Renaud (Strathclyde University) 

SESSION: Hygienic Practices for Maintaining Internet and Enterprise Infrastructure


Moderator: Roman Y. Sannikov, Constellation Cyber

11:40 AM

Ihab Shraim, CSC Global — The Unpredictable Impact of “Dormant Domains” Cyberthreats on Corporate Security Posture

12:10 PM

Greg Aaron President, Illumintel, Inc.; Senior Research Fellow, APWG The Future of Phishing – And What to Do About It

12:40 PM

Vinzenz Vogel, Robin Grunewald, SWITCH.ch — Minority Report and Robocop: Fighting abuse throughout the lifecycle of domains

1:10 PM

Lunch Break / Trade Fair & Research Posters Exhibit

2:25

Yue Wang, Netflix — Decoding Fraud: The Evolution and Impact of Netflix’s Fraud Metrics

2:55

Exploring Content Concealment in Email

Presenter: Lucas Betts (The University of Auckland)

Robert Biddle, Danielle Lottridge, Giovanni Russello (The University of Auckland) 

3:15

What To Do Against Ransomware? Evaluating Law Enforcement Interventions

Presenter: Tom Meurs, (University of Twente) 

Raphael Hoheisel, Marianne Junger, Abhishta Abhishta, (University of Twente) 

Damon McCoy (NYU)

3:35

Typosquatting 3.0: Characterizing Squatting in Blockchain Naming Systems

Presenter: Muhammad Muzammil, (Stony Brook University)

ZhengYu Wu, Lalith Harisha, Brian Kondracki, Nick Nikiforakis (Stony Brook University)  

3:55 PM

Coffee Break / Trade Fair & Research Posters Exhibit


SESSION: Human Factors in Evolution of Electronic Crime & AI Crime

MODERATOR: Aimee Larsen-Kirkpatrick, STOP. THINK. CONNECT. Messaging Convention

4:25 PM

“Hey Google, Remind me to be Phished” Exploiting the Notifications of the Google (AI) Assistant on Android for Social Engineering Attacks

Presenters: Saskia Laura Schroeer, Giovanni Apruzzese (University of Liechtenstein) 

Marie Weinz, Saskia Laura Schroeer, Giovanni Apruzzese (University of Liechtenstein) 

4:45 PM

Righard Zwienenberg, ESET — Telekopye: Professional Scamming by Putting a Mammoth in a Chamber Full of Neanderthals’ Secrets

5:15 PM

Love Bytes Back: Cybercrime Following Relationship Breakdown

Presenter: Quincy Taylor, (University of Cambridge)

Anna Talas, Alice Hutchings (University of Cambridge) 

5:35 PM

Announcements / Trade Fair & Research Posters Exhibit

6:30 PM

APWG eCrime 2024 Symposium Reception

Reception Sponsor - Acronis

eCrime Reception Sponsored by Acronis

Protect your data from any threat.

Assembly Square Ballroom

THURSDAY, SEPT. 26

** Times in EDT

8:00am-8:45am

Continental Breakfast

8:45 AM

Introductions and Opening Remarks


SESSION: Mapping the Cybercrime Economy and Its Marketplaces

MODERATOR: Ebrima Ceesay, Mastercard

9:00 AM

Sinister Fattening: Dissecting the Tales of Pig Butchering and other Cryptocurrency Scams

Presenter: Marie Vasek (UCL)

Marilyne Ordekian (UCL)

Antonis Papasavva, Enrico Mariconti (UCL)

9:20 AM

Dalya Manatova, Indiana University Relationships Matter: Reconstructing the Organizational and Social Structure of a Ransomware Gang

9:50 AM

Showing the Receipts: Understanding the Modern Ransomware Ecosystem

Jack Cable (None) 

Ian Gray (New York University) 

Damon McCoy (NYU)

10:10 AM

ModZoo: A Large-Scale Study of Modded Android Apps and their Markets

Presenter: Luis A. Saavedra, (University of Cambridge) 

Hridoy S. Dutta, Alastair R. Beresford, Alice Hutchings (University of Cambridge) 

10:30 AM

Identifying Key Expert Actors in Cybercrime Forums Based on their Technical Expertise

Presenter: Estelle Ruellan (Université de Montréal)

10:50 AM

Dark Web Dialogues: Analyzing Communication Platform Choices of Underground Forum Users

Presenter: Raphael Hoheisel, (University of Twente) 

Tom Meurs, Marianne Junger, Erik Tews, Abhishta Abhishta (University of Twente) 

11:20 AM

Coffee Break / Trade Fair & Research Posters Exhibit

SESSION: Transcending the Transborder Nature of Cybercrime

11:50 AM

Presenter: Jayati Dev
Co-author: Vaibhav Garg

Artificial Intelligence and the New Economics of Cyberattacks

12:10 AM

Kerry-Ann Barrett, Organization of American States Hemispheric Cybersecurity Considerations for Cybercrime Investigations

12:40

PANEL: Mapping Overlaps Between State-sponsored and Profit-driven Cybercrime

Tom Holt – Michigan State University

Sabeen Malik – Rapid7

Roman Y. Sannikov, Constellation Cyber

1:40 PM

Closing / Announcement of Winning Papers for eCrime 2024

Friday, September 27 – eCrime Measurement, Risk and Policy Roundtables @ Tufts University

Following the APWG eCrime 2024 conference, APWG and Tufts University will be convening the inaugural eCrime Measurement, Risk and Policy Roundtables on Securing Digital Society at Tufts University’s Fletcher School of Law and Diplomacy at 160 Packard Ave., Medford, MA 02155 on Friday, September 27, 2024.

Policy and Research Roundtables: How Can Polities Tackle Cybercrime, Through Rigorous Research and Evidence-Based Policy

Information and cybersecurity has been the topic in the boardroom and policy circles for multiple years now. Outages regularly make the news, as failures of popular services can impact on hundreds of organizations and millions of people. 

Yet, while some discussions are happening around the issues of cybercrime and abuse, little is improving at any scale. Cryptoscams are legion on YouTube, TikTok, and Twitter, attempts to compromise Business Email are regularly successful, phishing sites are everywhere, and fraudulent spam clogs mailboxes — even if technical measures are deployed. 

The eCrime Measurement, Risk and Policy Roundtables on Securing Digital Society shall engage the public policy gaps that must be addressed to make those common abuses that plague Internet infrastructure manageable at scale. These are policy deficits that the private sector has, to date, indicated it lacks the power, imagination or motivation to grasp constructively, to our common peril. 

Some key issues demand technical expertise and operations-level mitigations, and these aspects of criminal schemes are thus relegated to disciplines of computer science, engineering, economics, and criminology. Yet, many if not most other key issues pertain directly or partially to governance and the international system: for example, it is an open secret that many profit-oriented cybercrime groups are shielded if not supported by governments who benefit from extracting value from “Western” consumers, transferring funds and weakening their economic and political systems.

It has become, therefore, increasingly clear to both sides of the operations and policy divide that the strongest solutions to common infrastructure abuses are operational best practices steeled by directly relevant policy. eCrime Measurement, Risk and Policy Roundtables on Securing Digital Society will work to identify those opportunities in securing shared Internet infrastructure from common abuses that can be most enduringly animated by the contemporaneous application of policy and operational conventions.

This first installment of the policy roundtables shall lay the groundwork for future discussions and work products that may have an impact on governments, companies, and — most importantly — people. What questions need to be resolved to make progress, what issues need to be clarified and discussed, what “work products” would lead to interest and change in corporate and policy circles? In short, what are the levers to pull to stop criminal exploitation of the shared Internet infrastructure, and who and where need they to be pulled?

These policy roundtables shall bring together business and policy leaders, non-governmental and civil society organizations, law enforcement, empirical researchers, security specialists, and engineers in order for all these groups to consider what different stakeholders can do and provide to address the challenges of cybercrime and online abuse.

AGENDA: Policy and Research Roundtables: How Can Polities Tackle Cybercrime, Through Rigorous Research and Evidence-Based Policy? 

8:15-8:45 Registration / Coffees and Crusts

8:45-8:55 Prompt: What are the key gaps and issues we encountered and addressed this week in eCrime 2024’s discussions?

8:55-9:35 Discussion: What are the key gaps and issues we addressed this week?

9:35-9:40 Opener: How can these gaps be researched and measured with appropriate, domain-relevant rigor? 

9:40-10:15 Discussion: How can these gaps be researched and measured with appropriate, domain-relevant rigor? 

Break — 25 min

10:40-10:45 Opener: How can policy makers and industry address these issues and avoid/adroitly negotiate collisions?

10:45-11:20 Discussion: How can policy makers and companies address these issues?

11:20-12:00 What operational at risk management practices will devolve to sovereign law to organise and enforce as keystones to stable infrastructure maintenance upon which society depends?

12:00-13:30 Room stays open for discussions, coffees and crusts.

APWG eCrime 2024: the 19th Edition

APWG eCrime 2024 combines a peer-reviewed conference with general sessions open to industry, government, law enforcement and multilateral organizations, featuring keynote presentations from global thought-leaders, as well as technical and practical operationally focused sessions, and interactive panels. The objective of eCrime is to foster practical collaboration and the exchange of catalytic ideas by academic researchers, industry security practitioners, and law enforcement professionals in the global struggle against cybercrime.

IMPORTANT DATES:

Full Paper registration / submission due: July 7 

Notification of acceptance: July 21

Conference: Sept 24-26

Camera-ready paper due: October 25

PAPERS´ TOPICS MAY INCLUDE BUT ARE NOT LIMITED TO:

Artificial Intelligence as criminal co-conspirator – and as defensive collaborator

Addressing challenges of cybercrime’s increasing complexity (e.g. digital infrastructures, crime-fighting/forensic techniques, and the structure of the crimes themselves)

Detecting and/or mitigating eCrime (e.g. online fraud, malware, phishing, ransomware, etc.)

Behavioral and psychosocial aspects of cybercrime victimization – and prevention

Measuring and modeling of cybercrime

Economics of cybercrime

Cybercrime payload delivery strategies and countermeasures (e.g. spam, mobile apps, social engineering, etc.)

Public Policy and Law for cybercrime

Cryptocurrency and related cybercrimes – and forensic tools and techniques for cryptocurrency related cybercrimes

Case studies of current cybercrime attack methods, (e.g. phishing, malware, rogue antivirus programs, pharming, crimeware, botnets, and emerging techniques)

Detecting/preventing abuse of internet infrastructure to neutralize cybercrimes

Detecting/isolating cybercrime gangs’ and attendant money laundering enterprises

Cybercrime’s evolution in specific verticals: (e.g. financial services, e-commerce, health, energy & supplies)

Cybercriminal cloaking techniques – and counter-cloaking tools and approaches

Design and evaluation of UI/UXs to neutralize fraud and enhance user security

AUTHORS’ GUIDANCE

eCrime has adopted the IEEE publication format. Submissions should be in English, in PDF format with all fonts embedded, and formatted using the IEEE conference template, which can be found at:

http://www.ieee.org/conferences_events/conferences/publishing/templates.html.

Submissions should be anonymised, excluding author names, affiliations and acknowledgments. Authors’ own work should be referred to in the third person.

Paper should not exceed 12 letter-sized pages, excluding the bibliography and appendices.

Committee members are not required to read appendices, so ensure that the main paper is intelligible without them.

Submitted papers that do not adhere to all the above guidelines may be rejected without consideration of their merits.

Authors of accepted papers must present them and register at the event.

For paper submissions use the New Submission option at:

https://ecrime2024.hotcrp.com

Authors will be asked to indicate whether they would like their submissions to be considered for the Best Student Paper Award. Any paper co-authored by a full-time student is eligible for this award.

Authors of accepted papers must guarantee that their paper will be presented at the conference. We understand that some authors may face difficulties in obtaining funding to attend the conference. Therefore, a limited number of stipends are available for those who are unable to secure funding. Students who will present their accepted papers themselves will be given priority in receiving such assistance.

Tickets

The numbers below include tickets for this event already in your cart. Clicking “Get Tickets” will allow you to edit any existing attendee information as well as change ticket quantities.
Tickets are no longer available

ORGANIZING COMMITTEE

Program Chair
Ebrima Ceesay
Mastercard

General Chair
Laurin Weissinger
(Tufts University)

Publications Chair
Miranda Bruce (University of Oxford)

Event Sponsors

Gold Sponsor

CSC Global

eCrime Reception Sponsor




Silver Sponsors


Bronze Sponsor


Founding Sponsor


PROGRAM COMMITTEE

Committee MemberAffiliation
Adam OestPayPal
Suryadipta MajumdarConcordia University
Guy-Vincent JordanUniversity of Ottawa
Zhibo (Eric) SunDrexel University
Paria ShiraniUniversity of Ottawa
Eireann LeverettConcinnity Risks
Jan-Willem BulleeUniversity of Twente
Samaneh TajaliICANN
Laurin WeissingerTufts University
Jan-Willem BulleeUniversity of Twente
Yi Ting Chua University of Tulsa
Sergio PastranaUniversity Carlos III of Madrid
Brad WardmanBooz Allen Hamilton
Alice HutchingsUniversity of Cambridge
Daniel ThomasUniversity of Strathclyde
Max AliapouliosMeta
Miranda BruceUniversity of Oxford
Ebrima CeesayMastercard
Benoit DupontUniversite de Montreal
Andrew MorinUniversity of Tulsa
Luca AllodiEindhoven University of Technology
Marc RiveroUniversitat Ramon LLull
Mina Erfan  University of Ottawa
Jean DincoGIFCT
Quang Nhat TranDepartment of Parliamentary Services, Australia
Masood MansooriUNSW Canberra
Travis QuinnTesserent
Asmaa HailaneUniversity of Ottawa
Nickolaos KoroniotisUNSW Canberra
Anna TalasUniversity of Cambridge
Viet Anh VuUniversity of Cambridge
Peter CassidyAPWG

About the Symposium on Electronic Crime Research

The Symposium on Electronic Crime Research (APWG eCrime) was founded in 2006 as the eCrime Researchers Summit, conceived by APWG Secretary General Peter Cassidy as a comprehensive, multi-disciplinary venue to present basic and applied research into electronic crime and engaging every aspect of its evolution – as well as spotlighting technologies and techniques for cybercrime detection, response, forensics and prevention.

Since then, what had been initially a technology focused conference has incrementally expanded its focus to cover behavioral, social, economic, and legal / policy dimensions as well as technical aspects of cybercrime, following the interests of our correspondent investigators, the symposium’s managers as well as the APWG’s own directors and steering committee members.

Scores upon scores of papers exploring these dimensions of cybercrime at APWG eCrime have been published by the IEEE <APWG | eCrime Research Papers> as well as by Taylor & Francis and the Association of Computing Machinery (in the very earliest years of the symposium).

With its multi-disciplinary approach, APWG eCrime every year brings together the most heterogeneous community of counter-eCrime researchers and industrial stakeholders to confer over the latest research, and to foster collaborations between the leading investigators in this still nascent field of cybercrime studies.

The power of that community, over the years, has been expressed in their contributions to research in academia and industry, cited in the papers above, their innovations for industry – and the globally scaled research projects they’ve organizing today such as the PhishFarm browser block list latency measurement program that APWG ecrime-associated investigators are organizing: http://ecrimeresearch.org/phishfarm

A Short History of APWG eCrime

Academic and industrial researchers appeared at the APWG’s door almost at the very genesis of the APWG, delineating phishing’s contemporary nature, speculating on probable evolutionary trajectories – and proposing research that needed APWG’s data corpora to shape their theses and inform their research. The APWG established APWG eCrime to honor that contribution, foster its spirit – and to organize the creative energy of researchers that would eventually overwhelm the APWG’s other conference venues.

APWG organized the initial eCrime Researchers Summit in Orlando in early Spring 2006 in collaboration with Florida State University; the National Center for Forensic Sciences at University of Central Florida; and the Florida Department of Law Enforcement, recognizing the interest in ecrime research by both researchers and within the law enforcement community. Secretary General Cassidy authored the initial CFP. FSU computer science researcher Judi Mulholland organized and managed the peer-review committee and edited the proceedings for publication by Taylor & Francis.

Since the first eCrime conference in 2006, the APWG eCrime management team and submission review committee – drawing from academic and industrial researchers from across the world – has produced conference with academic conference partners every year. Today, APWG eCrime is supported by the IEEE Standards Association which acts as Technical Sponsor to the conference and publishes the conferences proceedings in the IEEE XPlore Digital Library.

APWG eCrime will continue to be a collaborative project of its sponsoring institutions, its chairs, committee members, reviewers, and, of course, the researchers who share their findings. The APWG gives its thanks to all who are making eCrime the keystone event in the field and to all of those who have helped establish and maintain it. And to all of our new collaborators and contributors: welcome. If you’ve an interest in participating somehow in development this vital program, please contact admin [at] apwg.org.