Alice Hutchings
**********NEWS**********
I am the new Department Editor (Cybercrime) for the IEEE Security & Privacy Magazine.
Papers soon to be released include:
- ModZoo: A large-scale study of modded Android apps and their markets, co-authored with Luis A. Saavedra del Toro, Hridoy Sankar Dutta, and Alastair Beresford, to appear in the proceedings of the APWG Symposium on Electronic Crime Research (eCrime) 2024.
- Love Bytes Back: Cybercrime following relationship breakdown, co-authored with Quincy Taylor and Anna Talas, to appear in the proceedings of the APWG Symposium on Electronic Crime Research (eCrime) 2024.
- Stop Following Me! Evaluating the malicious uses of personal item tracking devices and their anti-stalking features, co-authored with Kieron Ivy Turk, to appear in the proceedings of the ACM European Symposium on Usable Security (EuroUSEC) 2024.
- Investigating wrench attacks: Physical attacks targeting cryptocurrency users, co-authored with Marilyne Ordekian, Gilberto Atondo-Siu, and Marie Vasek, to appear in the proceedings of Advances in Financial Technologies 2024.
My most recent publications include:
- Measuring the unmeasurable: Estimating true population of hidden online communities, co-authored with Jonah Gibbon, Tina Marjanov, and John Aston, in the proceedings of the Workshops of the IEEE European Symposium on Security & Privacy 2024.
- No Easy Way Out: The effectiveness of deplatforming an extremist forum to suppress hate and harassment, co-authored with Anh V. Vu and Ross Anderson, in the proceedings of the 45th IEEE Symposium on Security and Privacy (IEEE S&P) 2024.
- Getting Bored of Cyberwar: Exploring the role of low-level cybercrime actors in the Russia-Ukraine conflict, co-authored with Anh V. Vu, Daniel Thomas, Ben Collier, Richard Clayton and Ross Anderson, in the proceedings of the ACM Web Conference 2024.
- Position Paper: The amplification of online deviancy through the language of violent crime, war, and aggression in IEEE Security and Privacy.
- Breaking the ice: Using transparency to overcome the cold start problem in an underground market, co-authored with Tina Marjanov, Konstantinos Ioannidis, Tom Hyndman and Nicolas Seyedzadeh, at the Workshop on the Economics of Information Security (WEIS) 2024.
- The
scienceart of cybercrime community research, co-authored with Jack Hughes, Sergio Pastrana, Sadia Afroz, Sagar Samtani, Weifeng Li and Ericsson Marin, in ACM Computing Surveys. - Autism disclosures and cybercrime discourse on a large underground forum, co-authored with Jessica Man and Gilberto Atondo-Siu, in the proceedings of the APWG Symposium on Electronic Crime Research (eCrime) 2023. Awarded best student paper.
- Hacker’s Paradise: Analysing music in a cybercrime forum, co-authored with Anna Talas, in the proceedings of the APWG Symposium on Electronic Crime Research (eCrime) 2023.
- In the market for a Botnet? An in-depth analysis of botnet-related listings on Darkweb marketplaces, co-authored with Dimitrios Georgoulias, Jens Myrup Pedersen, Morten Falch, and Emmanouil Vasilomanolakis, in the proceedings of the APWG Symposium on Electronic Crime Research (eCrime) 2023.
- Can't Keep Them Away: The failures of anti-stalking protocols in personal item tracking devices, co-authored with Kieron Ivy Turk and Alastair Beresford, in the proceedings of the Security Protocols Workshop 2023.
- Cybercrime: A social ecology, co-authored with Ben Collier, was published as a chapter of the Oxford Handbook of Criminology, 2023 edition.
- A Graph-based Stratified Sampling Methodology for the Analysis of (Underground) Forums, co-authored with Giorgio Di Tizio, Gilberto Atondo-Siu, and Fabio Massacci, in IEEE Transactions on Information Forensics & Security.
- An evaluation of police interventions for cybercrime prevention, co-authored with Maria Bada, Yanna Papadodimitraki, and Richard Clayton, Technical Report No. 983.
- "Get a higher return on your savings!”: Comparing adverts for cryptocurrency investment scams across platforms, co-authored with Gilberto Atondo-Siu, in the proceedings of the Workshops of the IEEE European Symposium on Security & Privacy 2023.
- Digital drift and the evolution of a large cybercrime forum, co-authored with Jack Hughes, in the proceedings of the Workshops of the IEEE European Symposium on Security & Privacy 2023.
- Argot as a trust signal: Slang, jargon & reputation on a large cybercrime forum, co-authored with Jack Hughes and Andrew Caines, at the 22nd Workshop on the Economics of Information Security (WEIS).
- Click Here to Exit: An evaluation of quick exit buttons, co-authored with Kieron Ivy Turk, in the proceedings of the ACM Conference on Human Factors in Computing Systems (CHI) 2023.
- Short paper: DeFi Deception — Uncovering the prevalence of rugpulls in cryptocurrency projects, co-authored with Sharad Agarwal, Gilberto Atondo-Siu, Marilyne Ordekian, Enrico Mariconti, and Marie Vasek, accepted at Financial Cryptography and Data Security 2023.
- Automated hate speech detection and span extraction in underground hacking and extremist forums, co-authored with Linda Zhou, Andrew Caines, and Ildiko Pete, published in Natural Language Engineering, 29(5), 1247-1274.
****************************
I am Professor of Emergent Harms in the Security Group at the Computer Laboratory, University of Cambridge, and a Fellow of King's College. I am also Director of the Cambridge Cybercrime Centre, an interdisciplinary initiative combining expertise from computer science, criminology, and law. We take a data-driven approach to improve our understanding of criminal activity and develop robust identifiers and evidence of criminal behaviour. An important goal of the project is to provide data to other academics and therefore improve the quantity and quality of cybercrime research.
Prior to taking up a lectureship I was a researcher at the Computer Laboratory from January 2014 to October 2018, and a College Research Associate at St John's College, Cambridge, from 2017 to 2018. Before moving to Cambridge I was a Senior Research Analyst at the Australian Institute of Criminology from 2011 to 2013. Before entering academia I had a varied research career in local government, parliament, law, and private investigation (intellectual property). I first began researching cybercrime in the late 1990s, while working in industry (mainly relating to domain name misuse and software counterfeiting).
Diversity is important to me. I helped set up the department's LGBTQ+@CL network. I also made a list to highlight some academic researchers who do excellent cybercrime research but who I think are under-appreciated. This is not a list of women, it's a list that only has women and non-binary academic researchers on it. Just like some citation lists, editor lists, program committee membership lists, and conference agendas are not lists of (but only include) men.
Research interests
Current and previous grants include:
- Interdisciplinary Cybercrime Project (iCrime) (PI), funded by the European Research Council (ERC), 2021-2026.
- AP4L: Adaptive PETs to Protect & emPower People during Life Transitions (Co-I), funded by the Engineering and Physical Sciences Research Council (EPSRC), 2022-25.
- COVID-19 Tracking Covid Cybercrime and Abuse (Co-I), funded by the Engineering and Physical Sciences Research Council (EPSRC), 2020-22.
- CybercrimeNLP (CC-NLP): A natural language processing toolkit for the interdisciplinary analysis of underground online forums (PI), funded by the Economic and Social Research Council (ESRC), 2020-21.
- Data science approaches to understanding key actors on online hacking forums (Co-I), funded by the Alan Turing Institute, 2017-18.
- Cambridge Cybercrime Centre (Co-I), funded by the Engineering and Physical Sciences Research Council (EPSRC), 2015-20.
I am an interdisciplinary researcher. Specialising in cybercrime and online harms, I bridge the gap between criminology and computer science. Generally, my research interests include understanding offenders, cybercrime events, and the prevention and disruption of online crime and harms. Specific topics I am particularly interested in include:
- Applying natural language processing and data science approaches to better understand underground forums. The paper Characterizing Eve: Analysing cybercrime actors in a large underground forum, is the result of a collaboration funded by the Alan Turing Institute. For this project we also compared aggressive language on an online hacking forum with Wikipedia page edits.
- Developing tools to enrich and enable the use of large, messy, datasets. In particular, we have developed PostCog for researchers using our underground forum data.
- The use of crime script analysis to understand complex crime types. This methodology has been used to understand the crime commission process of airline ticketing fraud, eWhoring, the illicit online prescription drug trade, and the online stolen data market economy.
- Understanding policing approaches to complex online crimes, including evaluating their approaches to disrupt DDoS-for-hire markets, understanding complex jurisdictional issues, and comparing their responses to industry-led interventions.
- Research ethics, which are explored in the papers Ethical issues in research using datasets of illicit origin and Interviewing cybercrime offenders.
- Stolen data markets, including how actors interact and the actions they perform, how actors trust in inherently untrustworthy situations, disruption and intervention opportunities, and target selection and knowledge transmission.
- Understanding the gendered dimensions of cybercrime, including the barriers women face when engaging with the predominantly masculine online communities that are important for learning and sharing information.
- Offender pathways into (and out of) cybercrime. This was the topic of my PhD thesis (conferred in 2013), and a brief overview of my integrated theory of initiation, maintenance, and desistance has been published as a book chapter. This theoretical framework has since been applied to explore how offenders begin providing denial of service attacks for a fee (commonly known as 'booter services').
I established and maintain the Cambridge Computer Crime Database (CCCD), a database of computer crime events where the offender has been arrested, charged and/or prosecuted in the United Kingdom. Please get in touch with me if you have data for inclusion in the CCCD, or if you are an academic considering setting up a similar database in another country. Cybercrime is an international issue, and this should be reflected in the data. I'm happy to assist setting up the relevant data collection mechanisms, and to ensure similar variables are being captured for comparative purposes.
Research students
I am currently supervising the following PhD candidates:
- Gilberto Atondo Siu, from October 2020.
- Kieron Ivy Turk, from October 2021.
- Anh V. Vu, from January 2022.
- Tina Marjanov, from October 2023.
- Anna Talas, from October 2023.
- Luna Rae Wang, from October 2023 (co-supervised with Andrew Caines).
My past completed PhD students are:
- Jack Hughes: 'Computational criminology: At scale quantitative analysis of the evolution of cybercrime forums' (2019-23).
I have supervised the following MPhil research projects:
- Jack Hughes: 'An analysis of cybercrime activity within an underground gaming forum' (2018-19).
- Gilberto Atondo Siu: 'Automated NLP approaches for currency exchange analysis in underground forums' (2019-20).
- Nnaemeka Obodoekwe: 'Automatically analyzing negative interactions and relationships between members of an underground forum' (2019-20).
- Anna Talas: 'Hacker’s Paradise: Analysing music in a cybercrime forum' (2022-23).
- Jessica Man: 'An analysis of autism-related conversations on cybercrime forums' (2022-23).
- Quincy Taylor: 'Love Bytes Back: Online Risk Following Relationship Breakdown' (2023-24).
If you are interested in applying to Cambridge for a research-oriented MPhil or PhD in cybercrime or a related area please get in touch regarding your research topic of interest. More information on the two programmes, including application requirements and information on initial research proposals, can be found on the MPhil in Advanced Computer Science and PhD in Computer Science pages at the Computer Laboratory.
If you are a Cambridge computer science student interested in an undergraduate or Part III project, please contact me by email.
Teaching
I am currently teaching:
- Economics, Law and Ethics (Part IB CST 75%, Part II CST 50%), 2019-present
- R254: Cybercrime (MPhil ACS, Part III, Part II, with Ross Anderson and Richard Clayton), 2018-present
- R209: Computer Security: Principles and Foundations (MPhil ACS, Part III, with Ross Anderson, Alastair Beresford, and Robert Watson), 2019-present
Program Committees and reviewing
I am involved in organising the following conferences and workshops:
- Co-Organiser of the Cambridge Cybercrime Conference since 2016
- Co-Organiser of the Workshop on Security and Human Behavior (SHB 2020-2022)
- Co-Chair of the Program Committee for the Workshop on Attackers and Cyber-Crime Operations (WACCO), held jointly with the IEEE European Symposium on Security and Privacy 2019-2024
- Co-Chair of the Program Committee for the APWG Symposium on Electronic Crime Research (eCrime) in 2020 and 2021
I have been a Program Committee member for the following conferences and workshops:
- USENIX Security 2023-2025
- The Web Conference 2022 and 2025
- IEEE Symposium on Security and Privacy (Oakland 2022)
- ACM Internet Measurement Conference (IMC 2021)
- Enigma 2021-2022
- Workshop on Cybersecurity Experimentation and Test (CSET) 2020 & 2023
- International Conference on Financial Cryptography and Data Security (FC) 2020-2021
- Workshop on the Economics of Information Security (WEIS) 2020, 2023-2024
- APWG Symposium on Electronic Crime Research (eCrime) 2015-2019, 2022-2024
I am Department Editor (Cybercrime) for the IEEE Security & Privacy Magazine, and Area Editor (Cybercrime) for the Journal of Cybersecurity. I have also reviewed submissions for the following academic journals:
- American Behavioral Scientist
- Communications of the ACM
- Computers & Society
- Crime & Delinquency
- Crime Science
- Crime, Law and Social Change
- Criminology
- Criminology & Criminal Justice
- Criminology & Public Policy
- Global Crime
- IEEE Security and Privacy
- International Journal of Cyber Criminology
- Journal of Contemporary Criminal Justice
- Journal of Experimental Criminology
- Journal of Qualitative Criminal Justice and Criminology
- Social Science Computer Review
- Sociological Forum
I am a member of the ESRC Peer Review College.
Committees
My committee roles include:
- Co-Chair of the Department's Ethics Committee (from 2019)
- Member of the University Research Ethics Committee (from 2023)
- Member of the Department's Equality and Diversity Committee (from 2023)
In 2015, I was elected to serve on the University Council, the principal executive and policy making body of the University of Cambridge. In this capacity I served on a number of other committees and working groups, including the Governance Review Working Group, the University Council's Business Committee, the Risk Steering Committee, and the Sports Committee. I was also co-opted as a member of the Council of the School of Technology. In October 2018, I resigned from the University Council.
While a member of the University's research staff (2014-2018), I was an elected committee member of the Postdocs of Cambridge (PdOC) Society and a member of the Computer Laboratory's Research Staff Forum.
Email
alice.hutchings [at] cl.cam.ac.uk
Phone
+44 (0) 1223 763660
Office
GE22
Mail
Dr Alice Hutchings
Computer Laboratory
15 JJ Thomson Avenue
Cambridge CB3 0FD
United Kingdom
Pronouns
she/her