Cryptocurrency investment scams have become an increasingly prevalent threat, leveraging sophisticated methods to deceive and exploit victims. The phenomenon of pig butchering has gained prominence, but victims rarely see the perpetrators getting justice. There is a need for more decisive action of law enforcement, but several factors limit the feasibility of prosecution. In order to strengthen the knowledge position of law enforcement, this research aims to capture the Tactics, Techniques, and Procedures (TTP) of the owners and creators of cryptocurrency investment scam websites. The feasibility of conducting a criminal investigation into a scam operation is assessed. This feasibility is compared to that of a Notice and Takedown procedure. This is done by focusing on clusters of scam websites with very similar content. We created a dataset consisting of 436 websites. Each website belongs to one of four identified scam website templates. By monitoring the websites in the dataset over a period of 40 days, it was discovered that the majority of the websites goes offline after exactly one year. The contents of the webpages in the dataset are scraped and the similarities between the websites are measured. It was found that instances of the same template are similar enough, allowing us to use known scams to automatically detect new scam websites. Until generative AI becomes more widely used by scam website creators to fill their templates, fingerprints of known templates can be used to discover new templates. Clustering the websites based on their contents can identify which websites are likely to follow identical scamming procedures and which websites deviate from this. This can inform law enforcement on how to funnel investigative resources. The study was not able to conclude whether a template has one owner with multiple scammers hosting their own acquired instance(s) or that a template owner themself hosts multiple instances – with the existence of some copycats. There was evidence for both scenarios. The process of gathering metadata and content data revealed that free Cloudflare services provide scammers with additional security. Firstly, the Cloudflare Turnstile page prevents the website from being archived, which causes a lack of evidence about the website’s content at the time of a scam. Secondly, Cloudflare’s function as proxy hides the website’s IP address, which creates an accountability void due to the absence of a geolocation. This complicates the process of starting a criminal investigation. In order for law enforcement to make a difference, it is advised to invest effort and money into creating an automated Notice and Takedown pipeline. This will reduce the effort needed to take down a scam and will simultaneously increase the effort and financial means needed by scam operations.

This research studies the Projected Bidirectional Long Short-Term Memory Time Delayed Neural Network (TDNN-BLSTM) model for English phoneme recognition. It contributes to the field of phoneme recognition by analyzing the performance of the TDNN-BLSTM model based on the TIMIT corpus and the Buckeye corpus, respectively containing read speech and spontaneous speech. The TIMIT corpus can be used as benchmark to make comparisons between architectures. The Buckeye corpus is used to better understand how the TDNN-BLSTM architecture would perform on recorded informal conversations.
Parameter values are taken from literature and are optimized.
Using the improved parameters, the results show Phoneme Error Rates (PER) for read speech to be 31.78% and for spontaneous speech to be 54.03%. Related work shows PER scores for read speech to be 14.9% and for spontaneous speech to be 23.4%.
This indicates that the TDNN-BLSTM architecture does not perform as well as other acoustic models for both spontaneous and read speech.