̽��ֱ�� of Cambridge - Ross Anderson

Online tool can measure individuals’ likelihood to fall for internet scams

sc604 — Wed, 04 Apr 2018 10:21:58 +0000

̽��ֱ��psychometric tool, developed by researchers at the Universities of Cambridge and Helsinki, asks participants to answer a range of questions in order to measure how likely they are to respond to persuasive techniques. ̽��ֱ��test, called Susceptibility to Persuasion II (StP-II) is freely available and consists of the StP-II scale and several other questions to understand persuadability better. A brief, automated, interpretation of the results is displayed at the end of the questionnaire.

̽��ֱ��results of the test can be used to predict who will be more likely to become a victim of cybercrime, although the researchers say that StP-II could also be used for hiring in certain professions, for the screening of military personnel or to establish the psychological characteristics of criminal hackers. Their results are reported in the journal PLOS One.

“Scams are essentially like marketing offers, except they’re illegal,” said paper’s first author Dr David Modic from Cambridge’s Department of Computer Science and Technology. “Just like in advertising, elements of consumer psychology and behavioural economics all come into the design of an online scam, which is why it’s useful to know which personality traits make people susceptible to them.”

Modic and his colleagues at the ̽��ֱ�� of Exeter designed an initial version of the test five years ago that yielded solid results but was not sufficiently detailed. ̽��ֱ��new version is far more comprehensive and robust.

“We are not aware of an existing scale that would measure all the constructs that are part of StP-II,” said Modic, who is also a senior member of King’s College, Cambridge. “There are existing scales that measure individual traits, but when combined, the sheer length of these scales would present the participant with a psychometric tool that is almost unusable.”

̽��ֱ��questions in StP-II fall into 10 categories, measuring different traits which might make people more susceptible to fraud: the ability to premeditate, consistency, sensation seeking, self-control, social influence, need for similarity, attitude towards risk, attitude towards advertising, cognition and uniqueness. Participants are given a score out of seven in each of the ten areas.

Using a large data set obtained from a collaboration with the BBC, the researchers found that the strongest predictor was the ability to premeditate: individuals who fail to consider the possible consequences of a particular action are more likely to engage with a fraudster. However, they found that the likelihood of falling for one of the measured categories of Internet fraud is partially explained by at least one of the mechanisms in StP-II.

“Over the past ten years, crime, like everything else, has moved online,” said co-author Professor Ross Anderson, also from Cambridge’s Department of Computer Science. “This year, about a million UK households will be the victim of typical household crime, such as burglary, where the average victim is an elderly working-class woman. However, now 2.5 million households will be the victims of an online or electronic scam, where the victims are younger and more educated. Crime is moving upmarket.”

“Scams have been around for hundreds of years, and over the centuries, they haven’t really changed that much – the only difference now is with the internet, it requires a lot less effort to do it,” said Modic.

̽��ֱ��researchers say that despite the changing demographics of crime victims, there isn’t a ‘typical victim of cybercrime. “Older generations might be seen as less internet-savvy, but younger generations are both more exposed to scams and might be seen as more impulsive,” said co-author Jussi Palomӓki, from the ̽��ֱ�� of Helsinki’s Cognitive Science Unit. “There isn’t a specific age range – there are many different risk factors.”

“ ̽��ֱ��immediate benefit of StP-II is that people will get an indication of the sorts of things they should look out for – I’m not saying it’s a sure-fire way that they will not be scammed, but there are things they should be aware of,” said Modic. “StP-II doesn’t just measure how likely you are to fall for scams, it’s how likely you are to change your behaviour.”

Ross Anderson’s blog on the paper can be found at: https://www.lightbluetouchpaper.org/2018/03/16/we-will-make-you-like-our-research/.

Reference:
David Modic, Ross Anderson and Jussi Palomäki. ‘We will make you like our research: ̽��ֱ��development of a susceptibility-to-persuasion scale.’ PLOS ONE (2018). DOI: 10.1371/journal.pone.0194119

Researchers have developed an online questionnaire which measures a range of personality traits to identify individuals who are more likely to fall victim to internet scams and other forms of cybercrime.

Scams have been around for hundreds of years, and over the centuries, they haven’t really changed that much – the only difference now is with the internet, it requires a lot less effort to do it.

David Modic

Photo by Kaitlyn Baker on Unsplash

̽��ֱ��text in this work is licensed under a Creative Commons Attribution 4.0 International License. For image use please see separate credits above.

Yes

Combating cybercrime when there's plenty of phish in the sea

sc604 — Fri, 21 Oct 2016 07:51:23 +0000

We’ve all received the emails, hundreds, maybe thousands of them. Warnings that our bank account will be closed tomorrow, and we’ve only got to click a link and send credit card information to stop it from happening. Promises of untold riches, and it will only cost a tiny fee to access them. Stories of people in desperate circumstances, who only need some kind soul to go to the nearest Western Union and send a money transfer to save them.

Tricking people into handing over sensitive information such as credit card details – known as ‘phishing’ – is one of the ways criminals scam people online. Most of us think we’re smarter than these scams. Most of us think that we could probably con the con artist if we tried. But we would be wrong.

Across the world, cybercrime is booming. When the UK government included cybercrime in the national crime statistics for the first time in 2015, it doubled the crime rate overnight. Millions of people worldwide are victimised by online scams, whether it’s blocking access to a website, stealing personal or credit card information, or attempting to extort money by remotely holding the contents of a personal computer hostage.

“Since 2005, the police have largely ignored cybercrime,” says Professor Ross Anderson of Cambridge’s Computer Laboratory. “Reported crime fell by as much as a half in some categories. Yet, now that online and electronic fraud are included, the number of reported crimes has more than doubled. Crime was not falling; it was just moving online.”

In 2015, computer scientists, criminologists and legal academics joined forces to form the Cambridge Cybercrime Centre, with funding from the Engineering and Physical Sciences Research Council. Their aim is to help governments, businesses and ordinary users to construct better defences.

To understand how the criminals operate, researchers use machine learning and other techniques to recognise bad websites, understand what kinds of brands tend to be attacked and how often, determine how many criminals are behind an attack by looking at the pattern of the creation of fake sites and how effective the various defence systems are at getting them taken down.

One way in which studying cybercrime differs from many other areas of research is that the datasets are difficult to come by. Most belong to private companies, and researchers need to work hard to negotiate access. This is generally done through nondisclosure agreements, even if the data is out of date. And once researchers complete their work, they cannot make the data public, since it would reduce the competitive advantage of corporate players, and it may also make it possible for criminals to reverse engineer what was detected (and what wasn’t) and stay one step ahead of law enforcement.

One of the goals of the Cambridge Cybercrime Centre is to make it easier for cybercrime researchers from around the world to get access to data and share their results with colleagues.

To open up cybercrime research to colleagues across the globe, the team will leverage their existing relationships to collect and store cybercrime datasets, and then any bona fide researcher can sign a licence with the Centre and get to work without all the complexity of identifying and approaching the data holders themselves.

“Right now, getting access to data in this area is incredibly complicated,” says Dr Richard Clayton of Cambridge’s Computer Laboratory, who is also Director of the Centre. “But we think the framework we’ve set up will create a step change in the amount of work in cybercrime that uses real data. More people will be able to do research, and by allowing others to work on the same datasets more people will be able to do reproducible research and compare techniques, which is done extremely rarely at the moment.”

One of the team helping to make this work is Dr Julia Powles, a legal researcher cross-appointed between the Computer Laboratory and Faculty of Law. “There are several hurdles to data sharing,” says Powles. “Part of my job is to identify which ones are legitimate – for example, when there are genuine data protection and privacy concerns, or risks to commercial interests – and to work out when we are just dealing with paper tigers. We are striving to be as clear, principled and creative as possible in ratcheting up research in this essential field.”

Better research will make for better defences for governments, businesses and ordinary users. Today, there are a lot more tools to help users defend themselves against cybercrime – browsers are getting better at recognising bad URLs, for example – but, at the same time, criminals are becoming ever more effective, and more and more people are getting caught in their traps.

“You don’t actually have to be as clever as people once thought in order to fool a user,” says Clayton when explaining how fake bank websites are used to ‘phish’ for user credentials. “It used to be that cybercriminals would register a new domain name, like Barclays with two Ls, for instance. But they generally don’t do that for phishing attacks anymore, as end users aren’t looking at the address bar, they’re looking at whether the page looks right, whether the logos look right.”

̽��ֱ��Centre is also looking at issues around what motivates someone to commit cybercrime, and what makes them stop.

According to Dr Alice Hutchings, a criminologist specialising in cybercrime, cybercriminals tend to fall into two main categories. ̽��ֱ��first category is the opportunistic offender, who may be motivated by a major strain in their lives, such as financial pressures or problems with gambling or addiction, and who uses cybercrime as a way to meet their goals. ̽��ֱ��second type of offender typically comes from a more stable background, and is gradually exposed to techniques for committing cybercrime through associations with others.

Both groups will usually keep offending as long as cybercrime meets their particular needs, whether it’s financial gratification, or supporting a drug habit, or giving them recognition within their community. What often makes offenders stop is the point at which the costs of continuing outweigh the benefits: for instance, when it takes a toll on their employment, other outside interests or personal relationships.

“Most offenders never get caught, so there’s no reason to think that they won’t go back to cybercrime,” says Hutchings. “They can always start again if circumstances in their lives change.

“There is so much cybercrime happening out there. You can educate potential victims, but there will always be other potential victims, and new ways that criminals can come up with to social engineer somebody’s details, for example. Proactive prevention against potential offenders is a good place to start.”

Criminologist Professor Lawrence Sherman believes the collaboration between security engineering and criminology is long overdue, both at Cambridge and globally: “Cybercrime is the crime of this century, a challenge we are just beginning to understand and challenge with science.”

“We’re extremely grateful to the people giving us this data, who are doing it because they think academic research will make a difference,” says Clayton. “Our key contribution is realising that there was a roadblock in terms of being able to distribute the data. It’s not that other people couldn’t get the data before, but it was very time-consuming, so only a limited number of people were doing research in this area – we want to change that.”

“Our Cybercrime Centre will not only provide detailed technical information about what’s going on, so that firms can construct better defences,” says Anderson. “It will also provide strategic information, as a basis for making better policy.”

As more and more crime moves online, computer scientists, criminologists and legal academics have joined forces in Cambridge to improve our understanding and responses to cybercrime, helping governments, businesses and ordinary users construct better defences.

You don’t actually have to be as clever as people once thought in order to fool a user

Richard Clayton

LastHuckleBerry

TeQi's Graffitti Phish

̽��ֱ��text in this work is licensed under a Creative Commons Attribution 4.0 International License. For image use please see separate credits above.

Yes

Licence type:

Attribution-ShareAlike

Cambridge academics elected as Fellows of the Royal Society

bjb42 — Fri, 15 May 2009 00:00:00 +0000

̽��ֱ��new Fellows, elected for their scientific excellence, are:

Professor Ross Anderson is the Professor of Security Engineering at the Computer Laboratory. Professor Anderson is a pioneer and world leader in security engineering, and is distinguished for starting a number of new areas of research in hardware, software and systems. His early work on how systems fail established a base of empirical evidence for building threat models for a wide range of applications from banking to healthcare. He has made trailblazing contributions that helped establish a number of new research topics, including security usability, hardware tamper-resistance, information hiding, and the analysis of application programming interfaces. He is also one of the founders of the study of information security economics, which not only illuminates where the most effective attacks and defences may be found, but is also of fundamental importance to making policy for the information society.

Professor Jennifer Clack is Professor and Curator of Vertebrate Palaeontology in the Museum of Zoology. Professor Clack is a palaeontologist whose work has fundamentally changed our understanding of the origin and early evolution of tetrapods, rewriting the textbooks and revitalising the subject area. Ranging from geology through phylogenetics, anatomy and development to neuroscience, her publications document the transition from fish to tetrapods. She led the field in showing that the earliest tetrapods were aquatic and polydactylous, in describing some of the earliest terrestrial tetrapods and in tracing the subsequent evolution of skeletal and sensory systems. Her work has stimulated worldwide interest and a renaissance of collecting and research related to the fish/tetrapod transition. In 2007, Professor Clack's work was recognised by the award of the Daniel Giraud Elliot medal of the US National Academy of Sciences

Professor David Glover is the Arthur Balfour Professor of Genetics in the Department of Genetics and a Fellow of Fitzwilliam College. Professor Glover is principally known for his work in the control of the cell cycle in Drosophila. Amongst the many genes discovered by his lab are those encoding the Polo and Aurora protein kinases that are required for progression through mitosis. Glover has documented the multiple roles played by these enzymes in mitosis and cytokinesis and has helped to develop small molecule inhibitors that may prove useful for cancer therapy, since these proteins are overexpressed in certain tumours. As a postdoctoral fellow in Stanford, Glover was one of the pioneers of cloning eukaryotic DNA in bacterial vectors, and discovered the presence of introns in the ribosomal RNA genes of Drosophila.

Professor Christine Holt, a Fellow of Gonville and Caius College, is Professor of Developmental Neuroscience in the Department of Physiology, Development and Neuroscience. Professor Holt is distinguished for her fundamental studies of axon guidance and topographic mapping in the visual system. She initiated the analysis of guidance and mapping in living embryos. She demonstrated the accurate targeting of the earliest retinal axons, and pioneered the dynamic imaging of axons and growth cones. She revealed the molecular basis of pathway choice at the chiasm, demonstrated the context dependent response of growth cones to guidance molecules and showed that local protein synthesis and degradation are essential to growth cone steering. She has identified the molecular basis for the dorso-ventral axis of Sperry's retinotectal map.

Professor David Mackay, a Fellow of Darwin College, is Professor of Natural Philosophy in the Department of Physics. Professor MacKay introduced more efficient types of error-correcting code that are now used in satellite communications, digital broadcasting and magnetic recording. He advanced the field of Machine Learning by providing a sound Bayesian foundation for artificial neural networks. Using this foundation, he significantly improved their performance, allowing them to be used for designing new types of steel that are now used in power stations. He used his expertise in information theory to design a widely-used interface called "dasher" that allows disabled people to write efficiently using a single finger or head-mounted pointer. He is the author of the critically acclaimed book, "Sustainable Energy - without the hot air", which sets out the various low-carbon energy options open to us.

Professor Wolfram Schultz, a Fellow of Churchill College, is Professor of Neuroscience in the Department of Physiology, Development and Neuroscience and Wellcome Trust Principal Research Fellow. He has been the most influential electrophysiologist working in the area of the reward and reinforcement in the last decade. He discovered that dopamine activity, rather than being directly related to movement, is driven by rewards and reward predicting stimuli. Moreover, he has established that the profile of activity in a variety of behavioural paradigms demonstrates that the dopamine neurons encode not simply the occurrence of the reward but rather the prediction error generated by the reward. This important finding has had a major impact on contemporary theories of learning and reinforcement. His more recent work suggests that dopamine activity may also encode an aggregate signal of reward magnitude and probability, thereby providing a critical input into economic decision processes.

Professor Henning Sirringhaus, a Fellow of Churchill College, is the Hitachi Professor of Electron Device Physics in the Department of Physics. Henning Sirringhaus is distinguished for his work on semiconductor device physics and engineering. Early in his career, at the ETH Zurich, he pioneered the technique of ballistic electron emission microscopy. At Cambridge he has transformed the field of organic semiconductor transistors from curiosity to fully manufacturable technology through both fundamental science and engineering. His insights into the polaronic nature of electron states in these materials and the control of interfacial structure made possible large increases in field-effect carrier mobility. His work on novel processing methods, including ink-jet printing, has made possible new manufacturing methods. A recent highlight is his realisation of a light-emitting field-effect transistor.

Professor John Todd, a Fellow of Gonville and Caius, is Professor of Medical Genetics at Cambridge ̽��ֱ�� and Director of the Juvenile Diabetes Research Foundation/Wellcome Trust Diabetes and Inflammation Laboratory in the Cambridge Institute for Medical Research. Todd is distinguished for his research on the genetics of common complex disease. In work spanning 20 years, he has pioneered theoretical and experimental approaches that have allowed him to resolve many aspects of the inheritance of type 1 diabetes. His elucidation of the molecular basis of the major gene effect in type 1 diabetes, together with his results from genome-wide analyses, have recently culminated in his successful dissection of the genetic architecture of type 1 diabetes, revealing a multiplicity of susceptibility genes converging on an aetiology of common, quantitative alterations in immune regulation.

Professor Burt Totaro is Lowndean Professor of Astronomy and Geometry in the Department of Pure Mathematics and Mathematical Statistics. ̽��ֱ��central part of Burt Totaro's work has been devoted to the interaction between two of the major areas of pure mathematics, topology and algebraic geometry. Inspired by the Hodge conjecture, Totaro has worked to unc

over the fundamental topological structure of algebraic geometry. Each step has made possible the solution of a well-known problem in algebraic geometry and demonstrated that progress towards the Hodge conjecture will come through topology. Totaro's work has influenced a large group of algebraic geometers to use deeper topological methods in their work. His ideas have also had unexpected payoffs in a wide variety of other mathematical fields, including representation theory, Lie groups and group cohomology.

Nine of the 44 new Royal Society Fellows announced today are Cambridge academics. Their election to the Fellowship of the Royal Society recognises their exceptional contributions to society. As Fellows of the UK's national academy of science, these leaders in the fields of science, engineering and medicine join other famous Cambridge names such as Isaac Newton, Charles Darwin and Stephen Hawking.

yudis_asnar from Flickr

King's College Cambridge

This work is licensed under a Creative Commons Licence. If you use this content on your site please link back to this page.

Yes