Computer Laboratory

Alice Hutchings

**********NEWS**********

Papers soon to be released include:

• Cybercrime: A social ecology, co-authored with Ben Collier, to appear as a chapter of the Oxford Handbook of Criminology, 2023 edition.
• Can't Keep Them Away: The failures of anti-stalking protocols in personal item tracking devices, co-authored with Kieron Ivy Turk and Alastair Beresford, to appear in the proceedings of the Security Protocols Workshop 2023.
• Click Here to Exit: An evaluation of quick exit buttons, co-authored with Kieron Ivy Turk, to appear in the proceedings of the CHI Conference on Human Factors in Computing Systems (CHI) 2023.

My most recent publications include:

• Short paper: DeFi Deception — Uncovering the prevalence of rugpulls in cryptocurrency projects, co-authored with Sharad Agarwal, Gilberto Atondo-Siu, Marilyne Ordekian, Enrico Mariconti, and Marie Vasek, accepted at Financial Cryptography and Data Security 2023.
• ''Invest in crypto!'': An analysis of investment scam advertisements found in Bitcointalk, co-authored with Gilberto Atondo-Siu, Marie Vasek, and Tyler Moore, in the proceedings of the APWG Symposium on Electronic Crime Research (eCrime) 2022.
• Automated hate speech detection and span extraction in underground hacking and extremist forums, co-authored with Linda Zhou, Andrew Caines, and Ildiko Pete, published in Natural Language Engineering.
• POSTCOG: A Tool for Interdisciplinary Research into Underground Forums at Scale, co-authored with Ildiko Pete, Jack Hughes, Andrew Caines, Anh V. Vu, Harshad Gupta, Ross Anderson, and Paula Buttery, accepted at the Proceedings of the IEEE European Symposium on Security and Privacy Workshop on Attackers and Cyber-Crime Operations.
• Influence, infrastructure, and recentering cybercrime policing: evaluating emerging approaches to online law enforcement through a market for cybercrime services, co-authored with Ben Collier, Richard Clayton, Daniel Thomas, and Yi Ting Chua, published in Policing and Society: An International Journal of Research and Policy.

****************************

I am an Associate Professor in the Security Group at the Computer Laboratory, University of Cambridge, and a Fellow of King's College. I am also Director of the Cambridge Cybercrime Centre, an interdisciplinary initiative combining expertise from computer science, criminology, and law. We take a data-driven approach to improve our understanding of criminal activity and develop robust identifiers and evidence of criminal behaviour. An important goal of the project is to provide data to other academics and therefore improve the quantity and quality of cybercrime research.

Prior to taking up a lectureship I was a researcher at the Computer Laboratory from January 2014 to October 2018, and a College Research Associate at St John's College, Cambridge, from 2017 to 2018. Before moving to Cambridge I was a Senior Research Analyst at the Australian Institute of Criminology from 2011 to 2013.

Before entering academia I had a varied research career in local government, parliament, law, and private investigation (intellectual property). I first began researching cybercrime in the late 1990s, while working in industry (mainly relating to domain name misuse and software counterfeiting).

The thesis of my PhD, conferred in 2013, examined why computer crime offenders, namely those engaged in unauthorised access and computer fraud, begin offending, why they continue, and why they stop. My research used a framework of multiple theories of crime, which were integrated to create one theoretical model based on data from current and former offenders.

Diversity is important to me. I helped set up the department's LGBTQ+@CL network. I also made a list to highlight some academic researchers who do excellent cybercrime research but who I think are under-appreciated. This is not a list of women, it's a list that only has women on it. Just like some citation lists, editor lists, program committee membership lists, and conference agendas are not lists of (but only include) men.

Research interests

Current and previous grants include:

• Interdisciplinary Cybercrime Project (iCrime) (PI), funded by the European Research Council (ERC), 2021-2026.
• AP4L: Adaptive PETs to Protect & emPower People during Life Transitions (Co-I), funded by the Engineering and Physical Sciences Research Council (EPSRC), 2022-25.
• COVID-19 Tracking Covid Cybercrime and Abuse (Co-I), funded by the Engineering and Physical Sciences Research Council (EPSRC), 2020-22.
• CybercrimeNLP (CC-NLP): A natural language processing toolkit for the interdisciplinary analysis of underground online forums (PI), funded by the Economic and Social Research Council (ESRC), 2020-21.
• Data science approaches to understanding key actors on online hacking forums (Co-I), funded by the Alan Turing Institute, 2017-18.
• Cambridge Cybercrime Centre (Co-I), funded by the Engineering and Physical Sciences Research Council (EPSRC), 2015-20.

I am an interdisciplinary researcher. Specialising in cybercrime, I bridge the gap between criminology and computer science. Generally, my research interests include understanding cybercrime offenders, cybercrime events, and the prevention and disruption of online crime. Specific topics I am particularly interested in include:

• Applying natural language processing and data science approaches to better understand underground forums. The paper Characterizing Eve: Analysing cybercrime actors in a large underground forum, is the result of a collaboration funded by the Alan Turing Institute. For this project we also compared aggressive language on an online hacking forum with Wikipedia page edits.
• Airline ticketing fraud, with prior papers scripting the crime commission process (Leaving on a Jet Plane: The trade in fraudulently obtained airline tickets) and exploring the blackmarket and policing aspects (Flying in cyberspace: Policing global travel fraud).
• Research ethics, which are explored in the papers Ethical issues in research using datasets of illicit origin and Interviewing cybercrime offenders.
• Stolen data markets, including how actors interact and the actions they perform, how actors trust in inherently untrustworthy situations, disruption and intervention opportunities, and target selection and knowledge transmission.
• Understanding the gendered dimensions of cybercrime, including the barriers women face when engaging with the predominantly masculine online communities that are important for learning and sharing information.
• Offender pathways into (and out of) cybercrime. This was the topic of my PhD thesis, and a brief overview of my integrated theory of initiation, maintenance, and desistance has been published as a book chapter. This theoretical framework has since been applied to explore how offenders begin providing denial of service attacks for a fee (commonly known as 'booter services').

I established and maintain the Cambridge Computer Crime Database (CCCD), a database of computer crime events where the offender has been arrested, charged and/or prosecuted in the United Kingdom. Please get in touch with me if you have data for inclusion in the CCCD, or if you are an academic considering setting up a similar database in another country. Cybercrime is an international issue, and this should be reflected in the data. I'm happy to assist setting up the relevant data collection mechanisms, and to ensure similar variables are being captured for comparative purposes.

Research students

I am currently supervising the following PhD candidates:

• Jack Hughes, from October 2019.
• Gilberto Atondo Siu, from October 2020.
• Kieron Ivy Turk, from October 2021.
• Anh V. Vu, from January 2022.

I have supervised the following MPhil research projects:

• Jack Hughes: 'An analysis of cybercrime activity within an underground gaming forum' (2018-19).
• Gilberto Atondo Siu: 'Automated NLP approaches for currency exchange analysis in underground forums' (2019-20).
• Nnaemeka Obodoekwe: 'Automatically analyzing negative interactions and relationships between members of an underground forum' (2019-20).

If you are interested in applying to Cambridge for a research-oriented MPhil or PhD in cybercrime or a related area please get in touch regarding your research topic of interest. More information on the two programmes, including application requirements and information on initial research proposals, can be found on the MPhil in Advanced Computer Science and PhD in Computer Science pages at the Computer Laboratory.

If you are a Cambridge computer science student interested in an undergraduate or MPhil project, please contact me by email.

Teaching

I am currently teaching:

• Economics, Law and Ethics (Part IB CST 75%, Part II CST 50%), 2019-present
• R254: Cybercrime (MPhil ACS, Part III, Part II, with Ross Anderson and Richard Clayton), 2018-present
• R209: Computer Security: Principles and Foundations (MPhil ACS, Part III, with Ross Anderson, Alastair Beresford, and Robert Watson), 2019-present

Program Committees and reviewing

I am involved in organising the following conferences and workshops:

• Co-Organiser of the Cambridge Cybercrime Conference since 2016
• Co-Organiser of the 13th Workshop on Security and Human Behavior (SHB 2020)
• Co-Chair of the Program Committee for the Workshop on Attackers and Cyber-Crime Operations (WACCO), held jointly with the IEEE European Symposium on Security and Privacy 2019-2021
• Co-Chair of the Program Committee for the APWG Symposium on Electronic Crime Research (eCrime) in 2020 and 2021

I have been a Program Committee member for the following conferences and workshops:

• USENIX Security 2023
• The Web Conference 2022
• IEEE Symposium on Security and Privacy (Oakland 2022)
• ACM Internet Measurement Conference (IMC 2021)
• Enigma 2021-2022
• Workshop on Cybersecurity Experimentation and Test (CSET) 2020 & 2023
• International Conference on Financial Cryptography and Data Security (FC) 2020-2021
• Workshop on the Economics of Information Security (WEIS) 2020, 2023
• APWG Symposium on Electronic Crime Research (eCrime) 2015-2019, 2022

I am area editor (cybercrime) for the Journal of Cybersecurity. I have also reviewed submissions for the following academic journals:

• American Behavioral Scientist
• Communications of the ACM
• Computers & Society
• Crime Science
• Crime, Law and Social Change
• Criminology
• Criminology & Public Policy
• Global Crime
• IEEE Security and Privacy
• International Journal of Cyber Criminology
• Journal of Contemporary Criminal Justice
• Journal of Experimental Criminology
• Journal of Qualitative Criminal Justice and Criminology
• Social Science Computer Review
• Sociological Forum

Committees

My committee roles include:

• Member of the University Research Ethics Committee (from 2023)
• Co-Chair of the Department's Ethics Committee (from 2019)
• Member of the Department's Workload Committee (from 2019)
• Member of the Steering Committee for the Centre for the Study of Global Human Movement (from 2017)
• Member of the University's Working Group on Handling Security-Sensitive Research Material (from 2016)

In 2015, I was elected to serve on the University Council, the principal executive and policy making body of the University of Cambridge. In this capacity I served on a number of other committees and working groups, including the Governance Review Working Group, the University Council's Business Committee, the Risk Steering Committee, and the Sports Committee. I was also co-opted as a member of the Council of the School of Technology. In October 2018, I resigned from the University Council.

While a member of the University's research staff (2014-2018), I was an elected committee member of the Postdocs of Cambridge (PdOC) Society and a member of the Computer Laboratory's Research Staff Forum.