Combating Robocalls to Enhance Trust in Converged Telephony

Telephone scams are now on the rise and without effective countermeasures there is no stopping. The number of scam/spam calls people receive is increasing every day. YouMail estimates that June 2021 saw 4.4 billion robocalls in the United States and the Federal Trade Commission (FTC) phone complaint portal receives millions of complaints about such fraudulent and unwanted calls each year. Voice scams have become such a serious problem that people often no longer pick up calls from unknown callers. In several scams that have been reported widely, the telephony channel is either directly used to reach potential victims or as a way to monetize scams that are advertised online, as in the case of tech support scams. The vision of this research is to bring trust back to the telephony channel. We believe this can be done by stopping unwanted and fraud calls and leveraging smartphones to offer a novel interaction model that can help enhance the trust in voice interactions. Thus, our research explores defenses against unwanted calls that include blacklisting of known fraudulent callers, detecting robocalls in presence of caller ID spoofing and proposing a novel virtual assistant that can stop more sophisticated robocalls without user intervention. We first explore phone blacklists to stop unwanted calls based on the caller ID received when a call arrives. We study how to automatically build blacklists from multiple data sources and evaluate the effectiveness of such blacklists in stopping current robocalls. We also used insights gained from this process to increase detection of more sophisticated robocalls and improve the robustness of our defense system against malicious callers who can use techniques like caller ID spoofing. To address the threat model where caller ID is spoofed, we introduce the notion of a virtual assistant. To this end, we developed a Smartphone based app named RobocallGuard which can pick up calls from unknown callers on behalf of the user and detect and filter out unwanted calls. We conduct a user study that shows that users are comfortable with a virtual assistant stopping unwanted calls on their behalf. Moreover, most users reported that such a virtual assistant is beneficial to them. Finally, we expand our threat model and introduce RobocallGuardPlus which can effectively block targeted robocalls. RobocallGuardPlus also picks up calls from unknown callers on behalf of the callee and engages in a natural conversation with the caller. RobocallGuardPlus uses a combination of NLP based machine learning models to determine if the caller is a human or a robocaller. To the best of our knowledge, we are the first to develop such a defense system that can interact with the caller and detect robocalls where robocallers utilize caller ID spoofing and voice activity detection to bypass the defense mechanism. Security analysis explored by us shows that such a system is capable of stopping more sophisticated robocallers that might emerge in the near future. By making these contributions, we believe we can bring trust back to the telephony channel and provide a better call experience for everyone.Ph.D

A qualitative examination of cybercriminal governance in China

Profit-driven cybercrime has evolved into a sophisticated industry, inflicting millions of dollars in losses on the world economy. However, limited research has been conducted on the extra-legal governance of this industry, particularly in China, one of the world's most prominent cybercrime hotspots. This study, based on comprehensive fieldwork in China from 2020 to 2022 and an analysis of both primary and secondary data, seeks to address this gap. It endeavours to answer the question: How is the cybercrime industry governed in China? In line with previous research on extra-legal governance, this study finds that Chinese cybercriminals have developed a series of private governance systems, encompassing both self-governance and third-party governance, to facilitate their business interactions. In addition, this study offered three main new findings that can be added to our understanding of extra-legal governance. Firstly, self-governance is notably effective in online marketplaces due to the swift transmission of information, thus diminishing the necessity for third-party governance in the cybercrime market and the use of violence. Secondly, cybercriminal firms tend to be less predatory than traditional criminal firms, likely attributed to the reduced need for territorial resources. Lastly, cybercriminals can relocate to countries where protectors are present and continue their illicit activities remotely, with protection being more likely offered when the inflicted harm does not impact the protector's own country’s residents, and the political and economic gains outweigh the costs. This availability of protection could potentially elucidate the ongoing global dispersion of cybercriminals

Improving Cybercrime Reporting in Scotland : A Systematic Literature Review

I have explored how to improve cybercrime reporting in Scotland by conducting a systematic literature review. Due to the lack of data on Scotland, I have frequently extrapolated from both the UK and the West. The research questions were: 1. What is known about cybercrime in the UK to date? 2. What is known about cybercrime victims in the UK to date? 3. What is known about cybercrime reporting to date? The answers were retrieved by combining Boolean variables with keywords into Scopus, Web of Science and ProQuest. This resulted in the analysis of 100 peer-reviewed articles. The analysis revealed a common trend, a novel taxonomy and an original conclusion. The common trend is that of responsibilisation, which is the shifting of responsibility for policing cybercrime from the government onto the citizens and private sector. The novel taxonomy is for classifying cybercrime reporting systems according to three pillars, which I referred to as Human-To-Human (H2H), Human-To-Machine (H2M) and Machine-To-Machine (M2M). The original conclusion is that to improve cybercrime reporting in Scotland, the process needs to be treated also as a social one rather than a purely mathematical one

Unauthorized Access

Going beyond current books on privacy and security, this book proposes specific solutions to public policy issues pertaining to online privacy and security. Requiring no technical or legal expertise, it provides a practical framework to address ethical and legal issues. The authors explore the well-established connection between social norms, privacy, security, and technological structure. They also discuss how rapid technological developments have created novel situations that lack relevant norms and present ways to develop these norms for protecting informational privacy and ensuring sufficient information security