Monthly Archives: December 2022

Evidence based policing (of booters)

“Booters” (they usually call themselves “stressers” in a vain attempt to appear legitimate) are denial-of-service-for-hire websites where anyone can purchase small scale attacks that will take down a home Internet connection, a High School (perhaps there’s an upcoming maths test?) or a poorly defended business website. Prices vary but for around $20.00 you can purchase as many 10 minute attacks as you wish to send for the next month! In pretty much every jurisdiction, booters are illegal to run and illegal to use, and there have been a series of Law Enforcement take-downs over the years, notably in the US, UK, Israel and the Netherlands.

On Wednesday December 14th, in by far the biggest operation to date, the FBI announced the arrest of six booter operators and the seizure of 49 (misreported as 48) booter domain names. Visiting those domains will now display a “WEBSITE SEIZED” splash page.

FBI website seizure splash page

The seizures were “evidence based” in that the FBI specifically targeted the most active booters by taking advantage of one of the datasets collected by the Cambridge Cybercrime Centre, which uses self-reported data from booters.
Continue reading Evidence based policing (of booters)

Hiring for AP4L

I’m hiring a Research Assistant/Associate to work on the EPSRC-funded Adaptive PETs to Protect & emPower People during Life Transitions (AP4L) project. The project is being undertaken with the Universities of Surrey, Queen Mary, Strathclyde, Edge Hill, and Edinburgh.

AP4L is a program of interdisciplinary research, centring on the online privacy & vulnerability challenges that people face when going through major life transitions. The four transitions we are considering in the scope of this project are relationship breakdowns; LBGT+ transitions or transitioning gender; entering/ leaving employment in the Armed Forces; and developing a serious illness or becoming terminally ill. Our central goal is to develop privacy-by-design technologies to protect & empower people during these transitions.

We are looking for a researcher with experience in quantitative data analysis, threat assessment, data science, machine learning and/or natural language processing, as well as excellent programming and technical writing skills. Expertise in cybercrime or privacy enhancing technologies (PETs) research is desirable, but not essential. Successful applicants will review the relevant literature, design research projects, develop tools, collect and analyse data, and write research outputs.

The role will analyse life transitions from the attacker’s perspective, such as how and where they gather information about their victims. This will require the analysis of cybercrime forums and similar data at scale. Furthermore, the tools we develop are designed for an adversarial context. Adversaries include those known to individuals, such as interfamilial abuse, as well as targeted and indiscriminate attacks. The researcher will also undertake a rigorous threat analysis for each of the tools developed within the overall project.

The full details are available here.