Tandy Professor of Cyber Security & Information Assurance
In the News
Occasionally my papers get written up in the press. I try to include links to relevant news articles on the publications page, but I also link to the articles here. Periodically, I write brief summaries of my research on Light Blue Touchpaper, the Cambridge Security Group blog.
Invariably this page is often out of date, so you can always ask Google for the latest updates.
Richard Clayton and I investigated what happens to US banking websites after the bank itself closes, due to acquistion or failure. In a paper presented at Financial Crypto, we found that around one third of the websites have been taken over by non-banks in order to profit from the residual traffic. BBC News reported on our findings.
Garrick Hileman from CoinDesk reported on our research documenting the prevalence of denial-of-service attacks on Bitcoin services such as currency exchanges, mining pools and gambling operations.
There has been a lot of hype surrounding eye-popping estimates for the cost of cybercrime, such as McAfee's $1 trillion estimate and Detica's GBP27 billion estimate for the UK. I wrote about why Detica's estimate is methodologically unsound, and others have found similar problems with McAfee's estimate.
In order to be more constructive, I co-authored a paper for WEIS 2012 together with several experts on cybercrime where we set out to provide a defensible estimate of the cost of cybercrime. This paper has attracted considerable media attention, being referenced in BBC News and The Economist, among others. Business Week created an infographic based on the data presented in the paper, as part of a feature on cybersecurity.
I wrote a blog post summarizing our USENIX Security 2011 paper on search-redirection attacks advertising illicit online pharmacies. The American Medical Association published a news article outlining our findings. The work was also covered by NPR.
Ben Edelman and I completed an empirical study of typosquatting. We estimated that nearly a million close misspellings of the top 3,264 .COM domains are in active use, the vast majority of which are monetized by pay-per-click ads syndicated by ad platforms. The work was covered by New Scientist, The Register and ZDNet.
My WEIS 2008 paper with Richard Clayton comparing the speed of website removal for various types of wicked content has been written up in the Guardian. Richard has written a blog post describing the part of the paper which has attracted the media's attention, namely, that websites hosting child-sexual-abuse images are removed much more slowly than any other type of content being actively removed from the Internet.
ENISA -- the European Network and Information Security Agency -- has published a report on security economics and European policy, which I co-authored along with Ross Anderson, Rainer Böhme and Richard Clayton. The report weighs policy options for tackling information security threats in a comprehensive manner. See press coverage in The Register. A shortened version summarizing the recommendations appeared at WEIS 2008, and is available here. After I presented the paper at WEIS, this work attracted additional press coverage in Network World and Security Focus.
My paper with Richard Clayton examining the effectiveness of phishing site take-down strategies has been written up in the Guardian, Infosecurity Magazine, Computing (article and leader), and BCS News.
I recently wrote an article entitled Phishing and the economics of e-crime for Infosecurity Magazine. The article describes at a high level the empirical measurements of phishing I have been working on with Richard Clayton.