Computer Laboratory

Alice Hutchings

**********NEWS**********

I am pleased to announce I have been promoted to Professor, effective 1 October 2023.

Papers soon to be released include:

• No Easy Way Out: The effectiveness of deplatforming an extremist forum to suppress hate and harassment, co-authored with Anh V. Vu and Ross Anderson, to appear in the proceedings of the 45th IEEE Symposium on Security and Privacy (IEEE S&P) 2024.
• Cybercrime: A social ecology, co-authored with Ben Collier, to appear as a chapter of the Oxford Handbook of Criminology, 2023 edition.
• Can't Keep Them Away: The failures of anti-stalking protocols in personal item tracking devices, co-authored with Kieron Ivy Turk and Alastair Beresford, to appear in the proceedings of the Security Protocols Workshop 2023.

My most recent publications include:

• A Graph-based Stratified Sampling Methodology for the Analysis of (Underground) Forums, co-authored with Giorgio Di Tizio, Gilberto Atondo-Siu, and Fabio Massacci, in IEEE Transactions on Information Forensics & Security.
• An evaluation of police interventions for cybercrime prevention, co-authored with Maria Bada, Yanna Papadodimitraki, and Richard Clayton, Technical Report No. 983.
• "Get a higher return on your savings!”: Comparing adverts for cryptocurrency investment scams across platforms, co-authored with Gilberto Atondo-Siu, in the proceedings of the Workshops of the IEEE European Symposium on Security & Privacy 2023.
• Digital drift and the evolution of a large cybercrime forum, co-authored with Jack Hughes, in the proceedings of the Workshops of the IEEE European Symposium on Security & Privacy 2023.
• Argot as a trust signal: Slang, jargon & reputation on a large cybercrime forum, co-authored with Jack Hughes and Andrew Caines, at the 22nd Workshop on the Economics of Information Security (WEIS).
• Click Here to Exit: An evaluation of quick exit buttons, co-authored with Kieron Ivy Turk, in the proceedings of the ACM Conference on Human Factors in Computing Systems (CHI) 2023.
• Short paper: DeFi Deception — Uncovering the prevalence of rugpulls in cryptocurrency projects, co-authored with Sharad Agarwal, Gilberto Atondo-Siu, Marilyne Ordekian, Enrico Mariconti, and Marie Vasek, accepted at Financial Cryptography and Data Security 2023.
• ''Invest in crypto!'': An analysis of investment scam advertisements found in Bitcointalk, co-authored with Gilberto Atondo-Siu, Marie Vasek, and Tyler Moore, in the proceedings of the APWG Symposium on Electronic Crime Research (eCrime) 2022.
• Automated hate speech detection and span extraction in underground hacking and extremist forums, co-authored with Linda Zhou, Andrew Caines, and Ildiko Pete, published in Natural Language Engineering.
• POSTCOG: A Tool for Interdisciplinary Research into Underground Forums at Scale, co-authored with Ildiko Pete, Jack Hughes, Andrew Caines, Anh V. Vu, Harshad Gupta, Ross Anderson, and Paula Buttery, accepted at the Proceedings of the IEEE European Symposium on Security and Privacy Workshop on Attackers and Cyber-Crime Operations.
• Influence, infrastructure, and recentering cybercrime policing: evaluating emerging approaches to online law enforcement through a market for cybercrime services, co-authored with Ben Collier, Richard Clayton, Daniel Thomas, and Yi Ting Chua, published in Policing and Society: An International Journal of Research and Policy.

****************************

I am Professor of Emergent Harms in the Security Group at the Computer Laboratory, University of Cambridge, and a Fellow of King's College. I am also Director of the Cambridge Cybercrime Centre, an interdisciplinary initiative combining expertise from computer science, criminology, and law. We take a data-driven approach to improve our understanding of criminal activity and develop robust identifiers and evidence of criminal behaviour. An important goal of the project is to provide data to other academics and therefore improve the quantity and quality of cybercrime research.

Prior to taking up a lectureship I was a researcher at the Computer Laboratory from January 2014 to October 2018, and a College Research Associate at St John's College, Cambridge, from 2017 to 2018. Before moving to Cambridge I was a Senior Research Analyst at the Australian Institute of Criminology from 2011 to 2013. Before entering academia I had a varied research career in local government, parliament, law, and private investigation (intellectual property). I first began researching cybercrime in the late 1990s, while working in industry (mainly relating to domain name misuse and software counterfeiting).

Diversity is important to me. I helped set up the department's LGBTQ+@CL network. I also made a list to highlight some academic researchers who do excellent cybercrime research but who I think are under-appreciated. This is not a list of women, it's a list that only has women and non-binary academic researchers on it. Just like some citation lists, editor lists, program committee membership lists, and conference agendas are not lists of (but only include) men.

Research interests

Current and previous grants include:

• Interdisciplinary Cybercrime Project (iCrime) (PI), funded by the European Research Council (ERC), 2021-2026.
• AP4L: Adaptive PETs to Protect & emPower People during Life Transitions (Co-I), funded by the Engineering and Physical Sciences Research Council (EPSRC), 2022-25.
• COVID-19 Tracking Covid Cybercrime and Abuse (Co-I), funded by the Engineering and Physical Sciences Research Council (EPSRC), 2020-22.
• CybercrimeNLP (CC-NLP): A natural language processing toolkit for the interdisciplinary analysis of underground online forums (PI), funded by the Economic and Social Research Council (ESRC), 2020-21.
• Data science approaches to understanding key actors on online hacking forums (Co-I), funded by the Alan Turing Institute, 2017-18.
• Cambridge Cybercrime Centre (Co-I), funded by the Engineering and Physical Sciences Research Council (EPSRC), 2015-20.

I am an interdisciplinary researcher. Specialising in cybercrime and online harms, I bridge the gap between criminology and computer science. Generally, my research interests include understanding offenders, cybercrime events, and the prevention and disruption of online crime and harms. Specific topics I am particularly interested in include:

• Applying natural language processing and data science approaches to better understand underground forums. The paper Characterizing Eve: Analysing cybercrime actors in a large underground forum, is the result of a collaboration funded by the Alan Turing Institute. For this project we also compared aggressive language on an online hacking forum with Wikipedia page edits.
• Developing tools to enrich and enable the use of large, messy, datasets. In particular, we have developed PostCog for researchers using our underground forum data.
• The use of crime script analysis to understand complex crime types. This methodology has been used to understand the crime commission process of airline ticketing fraud, eWhoring, the illicit online prescription drug trade, and the online stolen data market economy.
• Understanding policing approaches to complex online crimes, including evaluating their approaches to disrupt DDoS-for-hire markets, understanding complex jurisdictional issues, and comparing their responses to industry-led interventions.
• Research ethics, which are explored in the papers Ethical issues in research using datasets of illicit origin and Interviewing cybercrime offenders.
• Stolen data markets, including how actors interact and the actions they perform, how actors trust in inherently untrustworthy situations, disruption and intervention opportunities, and target selection and knowledge transmission.
• Understanding the gendered dimensions of cybercrime, including the barriers women face when engaging with the predominantly masculine online communities that are important for learning and sharing information.
• Offender pathways into (and out of) cybercrime. This was the topic of my PhD thesis (conferred in 2013), and a brief overview of my integrated theory of initiation, maintenance, and desistance has been published as a book chapter. This theoretical framework has since been applied to explore how offenders begin providing denial of service attacks for a fee (commonly known as 'booter services').

I established and maintain the Cambridge Computer Crime Database (CCCD), a database of computer crime events where the offender has been arrested, charged and/or prosecuted in the United Kingdom. Please get in touch with me if you have data for inclusion in the CCCD, or if you are an academic considering setting up a similar database in another country. Cybercrime is an international issue, and this should be reflected in the data. I'm happy to assist setting up the relevant data collection mechanisms, and to ensure similar variables are being captured for comparative purposes.

Research students

I am currently supervising the following PhD candidates:

• Jack Hughes, from October 2019.
• Gilberto Atondo Siu, from October 2020.
• Kieron Ivy Turk, from October 2021.
• Anh V. Vu, from January 2022.
• Tina Marjanov, from October 2023.
• Anna Talas, from October 2023.
• Raymond Wang, from October 2023 (co-supervised with Andrew Caines).

I have supervised the following MPhil research projects:

• Jack Hughes: 'An analysis of cybercrime activity within an underground gaming forum' (2018-19).
• Gilberto Atondo Siu: 'Automated NLP approaches for currency exchange analysis in underground forums' (2019-20).
• Nnaemeka Obodoekwe: 'Automatically analyzing negative interactions and relationships between members of an underground forum' (2019-20).
• Anna Talas: 'Hacker’s Paradise: Analysing music in a cybercrime forum' (2022-23).
• Jessica Man: 'An analysis of autism-related conversations on cybercrime forums' (2022-23).

If you are interested in applying to Cambridge for a research-oriented MPhil or PhD in cybercrime or a related area please get in touch regarding your research topic of interest. More information on the two programmes, including application requirements and information on initial research proposals, can be found on the MPhil in Advanced Computer Science and PhD in Computer Science pages at the Computer Laboratory.

If you are a Cambridge computer science student interested in an undergraduate or Part III project, please contact me by email.

Teaching

I am currently teaching:

• Economics, Law and Ethics (Part IB CST 75%, Part II CST 50%), 2019-present
• R254: Cybercrime (MPhil ACS, Part III, Part II, with Ross Anderson and Richard Clayton), 2018-present
• R209: Computer Security: Principles and Foundations (MPhil ACS, Part III, with Ross Anderson, Alastair Beresford, and Robert Watson), 2019-present

Program Committees and reviewing

I am involved in organising the following conferences and workshops:

• Co-Organiser of the Cambridge Cybercrime Conference since 2016
• Co-Organiser of the Workshop on Security and Human Behavior (SHB 2020-2022)
• Co-Chair of the Program Committee for the Workshop on Attackers and Cyber-Crime Operations (WACCO), held jointly with the IEEE European Symposium on Security and Privacy 2019-2023
• Co-Chair of the Program Committee for the APWG Symposium on Electronic Crime Research (eCrime) in 2020 and 2021

I have been a Program Committee member for the following conferences and workshops:

• USENIX Security 2023-2024
• The Web Conference 2022
• IEEE Symposium on Security and Privacy (Oakland 2022)
• ACM Internet Measurement Conference (IMC 2021)
• Enigma 2021-2022
• Workshop on Cybersecurity Experimentation and Test (CSET) 2020 & 2023
• International Conference on Financial Cryptography and Data Security (FC) 2020-2021
• Workshop on the Economics of Information Security (WEIS) 2020, 2023-2024
• APWG Symposium on Electronic Crime Research (eCrime) 2015-2019, 2022-2023

I am area editor (cybercrime) for the Journal of Cybersecurity. I have also reviewed submissions for the following academic journals:

• American Behavioral Scientist
• Communications of the ACM
• Computers & Society
• Crime Science
• Crime, Law and Social Change
• Criminology
• Criminology & Criminal Justice
• Criminology & Public Policy
• Global Crime
• IEEE Security and Privacy
• International Journal of Cyber Criminology
• Journal of Contemporary Criminal Justice
• Journal of Experimental Criminology
• Journal of Qualitative Criminal Justice and Criminology
• Social Science Computer Review
• Sociological Forum

Committees

My committee roles include:

• Co-Chair of the Department's Ethics Committee (from 2019)
• Member of the University Research Ethics Committee (from 2023)
• Member of the Department's Equality and Diversity Committee (from 2023)

In 2015, I was elected to serve on the University Council, the principal executive and policy making body of the University of Cambridge. In this capacity I served on a number of other committees and working groups, including the Governance Review Working Group, the University Council's Business Committee, the Risk Steering Committee, and the Sports Committee. I was also co-opted as a member of the Council of the School of Technology. In October 2018, I resigned from the University Council.

While a member of the University's research staff (2014-2018), I was an elected committee member of the Postdocs of Cambridge (PdOC) Society and a member of the Computer Laboratory's Research Staff Forum.