Het platform voor open praktijkgericht onderzoek

product

Criminal expertise and hacking efficiency

Criminal expertise plays a crucial role in the choices offenders make when committing a crime, including their modus operandi. However, our knowledge about criminal decision making online remains limited. Drawing on insights from cyber security, we conceptualize the cybercrime commission process as the sequence of phases of the cyber kill chain that offenders go through. We assume that offenders who follow the sequence consecutively use the most efficient hacking method. Building upon the expertise paradigm, we hypothesize that participants with greater hacking experience and IT skills undertake more efficient hacks. To test this hypothesis, we analyzed data from 69 computer security and software engineering students who were invited to hack a vulnerable website in a computer lab equipped with monitoring software, which allowed to collect objective behavioral measures. Additionally, we collected individual measures regarding hacking expertise through an online questionnaire. After quantitatively measuring efficiency using sequence analysis, a regression model showed that the expertise paradigm may also apply to hackers. We discuss the implications of our novel research for the study of offender decision-making processes more broadly.

DOCUMENT

product

Under Attack

Attack surfaces are increasing as products are increasingly more connected. This has been acknowledged by the European Commission in their Europe: fit for the digital age strategy and in recent legislative proposals. Most importantly, the proposed Cyber Resilience Act (CRA) sets minimum cybersecurity requirements for products with digital elements. These requirements range from effective and regular tests to the dissemination of free security updates in case of a cybersecurity breach. This should ensure a base level of cybersecurity throughout the product’s lifetime. Unfortunately, there is a catch: not all products with digital elements fall within the scope of the proposed CRA. For instance, vehicles are not subject to the proposed Act. The exclusion of this category of products with digital elements seems to be based on the premise that ‘the sectoral rules achieve the same level of protection as the one provided for by this Regulation’ (recital 14). This contribution is challenging this premise, as it explores the level of cybersecurity as laid down in the proposed CRA and compares it to the level of cybersecurity ensured by the sectoral rules in vehicle regulation. Could this mean that your smartphone is going to be more cybersecure than your car?

MULTIFILE

product

Online inbrekers bekeken

MULTIFILE

product

Examining the cyclical nature of crimes: A looped crime script of data theft from organizational networks

Prior research on network attacks is predominantly technical, yet little is known about behavioral patterns of attackers inside computer systems. This study adopts a criminological perspective to examine these patterns, with a particular focus on data thieves targeting organizational networks. By conducting interviews with cybersecurity experts and applying crime script analysis, we developed a comprehensive script that describes the typical progression of attackers through organizational systems and networks in order to eventually steal data. This script integrates phases identified in previous academic literature and expert-defined phases that resemble phases from industry threat models. However, in contrast to prior cybercrime scripts and industry threat models, we did not only identify sequential phases, but also illustrate the circular nature of network attacks. This finding challenges traditional perceptions of crime as a linear process. In addition, our findings underscore the importance of considering both successful and failed attacks in cybercrime research to develop more effective cybersecurity strategies.

MULTIFILE

Examining the cyclical nature of crimes: A looped crime script of data theft from organizational networks

product

Effectiveness of CTF education: Measuring the learning outcomes of Jeopardy CTF’s

Adversarial thinking is essential when dealing with cyber incidents and for finding security vulnerabilities. Capture the Flag (CTF) competitions are used all around the world to stimulate adversarial thinking. Jeopardy-style CTFs, given their challenge-and-answer based nature, are used more and more in cybersecurity education as a fun and engaging way to inspire students. Just like traditional written exams, Jeopardy-style CTFs can be used as summative assessment. Did a student provide the correct answer, yes or no. Did the participant in the CTF competition solve the challenge, yes or no. This research project provides a framework for measuring the learning outcomes of a Jeopardy-style CTF and applies this framework to two CTF events as case studies. During these case studies, participants were tested on their knowledge and skills in the field of cybersecurity and queried on their attitude towards CTF education. Results show that the main difference between traditional written exam and a Jeopardy-style CTF is the way in which questions a re formulated. CTF education is stated to be challenging and fun because questions are formulated as puzzles that need to be solved in a gamified and competitive environment. Just like traditional written exams, no additional insight into why the participant thinks the correct answer is the correct answer has been observed or if the participant really did learn anything new by participating. Given that the main difference between a traditional written exam and a Jeopardy-style CTF is the way in which questions are formulated, learning outcomes can be measured in the same way. We can ask ourselves how many participants solved which challenge and to which measurable statements about “knowledge, skill and attitude” in the field of cybersecurity each challenge is related. However, when mapping the descriptions of the quiz-questions and challenges from the two CTF events as case studies to the NICE framework on Knowledge, Skills and Abilities in cybersecurity, the NICE framework did not provide us with detailed measurable statements that could be used in education. Where the descriptions of the quiz-questions and challenges were specific, the learning outcomes of the NICE framework are only formulated in a quite general matter. Finally, some evidence for Csíkszentmihályi’s theory of Flow has been observed. Following the theory of Flow, a person can become fully immersed in performing a task, also known as “being in the zone” if the “challenge level” of the task is in line with the person’s “skill level”. The persons mental state towards a task will be different depending on the challenge level of the task and required skill level for completing it. Results show that participants state that some challenges were difficult and fun, where other challenges were easy and boring. As a result of this9 project, a guide / checklist is provided for those intending to use CTF in education.

DOCUMENT

Effectiveness of CTF education: Measuring the learning outcomes of Jeopardy CTF’s

product

Sanitary systems

Global society is confronted with various challenges: climate change should be mitigated, and society should adapt to the impacts of climate change, resources will become scarcer and hence resources should be used more efficiently and recovered after use, the growing world population and its growing wealth create unprecedented emissions of pollutants, threatening public health, wildlife and biodiversity. This paper provides an overview of the challenges and risks for sewage systems, next to some opportunities and chances that these developments pose. Some of the challenges are emerging from climate change and resource scarcity, others come from the challenges emerging from stricter regulation of emissions. It also presents risks and threats from within the system, next to external influences which may affect the surroundings of the sewage systems. It finally reflects on barriers to respond to these challenges. http://dx.doi.org/10.13044/j.sdewes.d6.0231 LinkedIn: https://www.linkedin.com/in/sabineeijlander/ https://www.linkedin.com/in/karel-mulder-163aa96/

MULTIFILE

product

Observing Taxi Behaviour at Charging Stations and Taxi Stands Using Image Recognition

City authorities want to know how to match the charging infrastructures for electric vehicles with the demand. Using camera recognition algorithms from artificial intelligence we investigated the behavior of taxis at a charging stations and a taxi stand.

MULTIFILE

product

Memes and the reactionary totemism of the theft of joy

(This is part III of a series of essays on meme theory, all published on this site. Part I is called They Say That We Can’t Meme: Politics of Idea Compression. Part II is entitled Rude Awakening: Memes as Dialectical Images)

MULTIFILE

Memes and the reactionary totemism of the theft of joy

product

State Machines

Today, we live in a world where every time we turn on our smartphones, we are inextricably tied by data, laws and flowing bytes to different countries. A world in which personal expressions are framed and mediated by digital platforms, and where new kinds of currencies, financial exchange and even labor bypass corporations and governments. Simultaneously, the same technologies increase governmental powers of surveillance, allow corporations to extract ever more complex working arrangements and do little to slow the construction of actual walls along actual borders. On the one hand, the agency of individuals and groups is starting to approach that of nation states; on the other, our mobility and hard-won rights are under threat. What tools do we need to understand this world, and how can art assist in envisioning and enacting other possible futures?This publication investigates the new relationships between states, citizens and the stateless made possible by emerging technologies. It is the result of a two-year EU-funded collaboration between Aksioma (SI), Drugo More (HR), Furtherfield (UK), Institute of Network Cultures (NL), NeMe (CY), and a diverse range of artists, curators, theorists and audiences. State Machines insists on the need for new forms of expression and new artistic practices to address the most urgent questions of our time, and seeks to educate and empower the digital subjects of today to become active, engaged, and effective digital citizens of tomorrow.Contributors: James Bridle, Max Dovey, Marc Garrett, Valeria Graziano, Max Haiven, Lynn Hershman Leeson, Francis Hunger, Helen Kaplinsky, Marcell Mars, Tomislav Medak, Rob Myers, Emily van der Nagel, Rachel O’Dwyer, Lídia Pereira, Rebecca L. Stein, Cassie Thornton, Paul Vanouse, Patricia de Vries, Krystian Woznicki.

MULTIFILE

Zoekresultaten

Producten 10

Criminal expertise and hacking efficiency

Under Attack

Online inbrekers bekeken

Examining the cyclical nature of crimes: A looped crime script of data theft from organizational networks

Effectiveness of CTF education: Measuring the learning outcomes of Jeopardy CTF’s

Sanitary systems

Observing Taxi Behaviour at Charging Stations and Taxi Stands Using Image Recognition

Memes and the reactionary totemism of the theft of joy

State Machines

Navigeer naar

Categorieën

Filters

Producten 10

Criminal expertise and hacking efficiency

Under Attack

Online inbrekers bekeken

Examining the cyclical nature of crimes: A looped crime script of data theft from organizational networks

Effectiveness of CTF education: Measuring the learning outcomes of Jeopardy CTF’s

Sanitary systems

Observing Taxi Behaviour at Charging Stations and Taxi Stands Using Image Recognition

Memes and the reactionary totemism of the theft of joy

State Machines