P.H. Hartel
32 records found
1
Law enforcement agencies struggle with criminals using end-to-end encryption (E2EE). A recent policy paper states: “while encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement”. The main argu
...
Investigating sentence severity with judicial open data
A case study on sentencing high-tech crime in the Dutch criminal justice system
Open data promotes transparency and accountability as everyone can analyse it. Law enforcement and the judiciary are increasingly making data available, to increase trust and confidence in the criminal justice system. Due to privacy legislation, judicial open data — like court ju
...
HeadPrint
Detecting anomalous communications through header-based application fingerprinting
Passive application fingerprinting is a technique to detect anomalous outgoing connections. By monitoring the network traffic, a security monitor passively learns the network characteristics of the applications installed on each machine, and uses them to detect the presence of ne
...
It is crucial that smart contracts are tested thoroughly due to their immutable nature. Even small bugs in smart contracts can lead to huge monetary losses. However, testing is not enough; it is also important to ensure the quality and completeness of the tests. There are already
...
Blockchain technology has become almost as famous for incidents involving security breaches as for its innovative potential. We shed light on the prevalence and nature of these incidents through a database structured using the STIX format. Apart from OPSEC-related incidents, we f
...
Since it takes time and effort to put a new product or service on the market, one would like to predict whether it will be a success. In general this is not possible, but it is possible to follow best practices in order to maximize the chance of success. A smart contract is inten
...
Teaching Empirical Social-Science Research to Cybersecurity Students
The Case of "Thinking Like a Thief"
We report on an educational experiment where computer science students perform empirical research into the human factor in cyber security. Most courses restrict students to work in a lab environment,but we encouraged our students to conduct a realistic experiment with real -world
...
Online anonymous markets have been around since early 2011 and are aprominent part of today’s cybercrime ecosystem. Their popularity as markets inillicit goods has steadily grown over the years. With the rise ofmarkets like Silk Road, similar marketplaces came into existence wher
...
Putting the privacy paradox to the test
Online privacy and security behaviors among users with technical knowledge, privacy awareness, and financial resources
Research shows that people's use of computers and mobile phones is often characterized by a privacy paradox: Their self-reported concerns about their online privacy appear to be in contradiction with their often careless online behaviors. Earlier research into the privacy paradox
...
We investigate the problem of detecting advanced covert channel techniques, namely victim-aware adaptive covert channels. An adaptive covert channel is considered victim-aware when the attacker mimics the content of its victim’s legitimate communication, such as application-layer
...
Physical Location of Smart Key Activators
A Building Security Penetration Test
Purpose – When security managers choose to deploy a smart lock activation system, the number of units needed and their location needs to be established. This study presents the results of a penetration test involving smart locks in the context of building security. We investigate
...
Every new technology brings new opportunity for crime, and information and communication technology (ICT) is no exception. This short article offers students of crime insights in the two main connections between ICT and criminology. On the one hand we show how ICT can be used as
...
Social engineering is een aanvalstechniek waarin misleiding en bedrog worden gebruikt om doelwitten actief te laten meewerken aan hun eigen slachtofferschap. In dit artikel wordt aan de hand van een praktisch voorbeeld en bijbehorende heorieën inzicht gegeven in social engineerin
...
On the anatomy of social engineering attacks
A literature-based dissection of successful attacks
The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into atta
...
Purpose - The purpose of this study is to explore how the opening phrase of a phishing email influences the action taken by the recipient. Design/methodology/approach - Two types of phishing emails were sent to 593 employees, who were asked to provide personally identifiable info
...
DECANTeR
DEteCtion of Anomalous outbouNd HTTP Traffic by Passive Application Fingerprinting
We present DECANTeR, a system to detect anomalous outbound HTTP communication, which passively extracts fingerprints for each application running on a monitored host. The goal of our system is to detect unknown malware and backdoor communication indicated by unknown fingerprints
...
User training is a commonly used method for preventing victimization from phishing attacks. In this study, we focus on training children, since they are active online but often overlooked in interventions. We present an experiment in which children at Dutch primary schools receiv
...
Towards the normalization of cybercrime victimization
A routine activities analysis of cybercrime in Europe
This study investigates the relationships between users' routine activities and socio-economic characteristics and three forms of cybercrime victimization of 1) online shopping fraud, 2) online banking fraud and 3) cyber-attacks (i.e. DDoS attacks). Data from the Eurobarometer, c
...
We address the problem of determining what data has been leaked from a system after its recovery from a successful attack. This is a forensic process which is relevant to give a better understanding of the impact of a data breach, but more importantly it is becoming mandatory acc
...
Aggregation of time-series data offers the possibility to learn certain statistics over data periodically uploaded by different sources. In case of privacy sensitive data, it is desired to hide every data provider's individual values from the other participants (including the dat
...