Cultural dimensions of cybercriminal groups
Speaker: Konstantinos Mersinas Royal Holloway, University of London
Location: Online
Date: Wednesday, 7th February, 13:00-14:00
Location: Online
Organiser: Lancaster University
Seminar Details
Cybercriminal profiling and cyber-attack attribution have been elusive goals world-wide, due to their effects on societal and geopolitical balance and stability. Attributing actions to a group or state is a complex endeavour, with traditional established approaches including cyber threat intelligence and analysis of technical means such as malware analysis, network forensics and geopolitical intelligence. However, we propose an additional component for profiling threat actor groups through analysing cultural aspects of human behaviours and interactions. We utilise a set of variables which determine characteristics of national and organisational culture to create a cultural ‘footprint’ of cybercriminal groups. As a case study, we conduct thematic analysis across the six dimensions of the Hofstede national culture classification and the eight dimensions of the Meyer classification on leaked internal communications of the ransomware group Conti. We propose that a systematic analysis of similar communications can serve as a practical tool for a) understanding the modus operandi of cybercrime and cyberwarfare-related groups, and b) profiling cybercriminal groups and/or nation-state actors. Insights from such applications can, first, assist in combating cybercrime and, second, if combined with additional cyber threat intelligence, can provide a level of confidence in nuanced cyber-attack attribution processes.
About the speaker
Dr Konstantinos Mersinas, PhD, CISSP, is an Associate Professor at the Information Security Group at Royal Holloway, University of London. Konstantinos has worked in various information security industry roles before moving to academia. A trained mathematician, his research interests lie with behavioural and experimental economics in cybersecurity, decision-making, and cybercrime. His research has been funded by the National Cyber Security Centre (NCSC) in the UK. Konstantinos co-founded the interdisciplinary research group HIVE (Hub for Interdisciplinary research into Vulnerability to Exploitation) to bridge psychology, law and cybersecurity, and has been providing expert feedback for the UK All-Party Parliamentary Group (APPG) on Cybersecurity, and for the Fraud Act 2006 and Digital Fraud Committee. He collaborates with the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) on cybercrime and cyber threat intelligence, and he is a Director at the International Cyber Security Center of Excellence (INCS-CoE.org), an initiative established between universities in the UK, US, and Japan to promote international research in cybersecurity.