WACCO 2020

2nd Workshop on Attackers and Cyber-Crime Operations

IEEE European Symposium on Security and Privacy 2020

September 7 - Virtual Conference

Important News - All-digital conference rescheduled
IEEE European Symposium on Security and Privacy 2020 conference is being rescheduled to September 7-11, 2020 and will be an all-digital conference.
More information can be found on the EuroS&P website

The emergence and commoditization of cyber-criminal activities calls for new empirical methods, measures, and technologies to quantify and understand offender operations across all forms of cyber-crime: from malware engineering and attack delivery, to running underground operations trading illegal goods such as drugs and illegal pornography, to spreading disinformation and planning (cyber-)terrorism operations. Without appropriate scientific measures of cyber-offender and attacker operations, capabilities, and resources, it remains impossible to derive sound policies, strategies and technologies that appropriately address realistic and evidence-based attacker and offender models.

The 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020) aims to provide a venue for research and discussion on cyber-criminal activities. WACCO 2020 is co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020).

Call for Papers

WACCO 2020 calls for all contributions aiming at providing methods, measures, metrics, and technologies or tools to quantitatively or qualitatively evaluate cyber-offenders and attackers from technical and non-technical angles. The workshop invites contributions from, but not limited to, the fields of computer science and computer security, criminology, psychology, law, and economics addressing this issue.
Topics of interest include, but are not limited to:

  • Empirical studies on attacker operations and communities
  • Novel methods to perform attacker measurements at scale across several communities
  • Cooperation and trust as a source of attackers’ effectiveness
  • Attackers’ skill set
  • Attackers’ operational security
  • Measuring the spread of false information campaigns on social media
  • Quantitative and qualitative methods to measure, track, and counter cybercrime
  • Cybercrime measurement and networks
  • Cybercrime policy
  • Economics of cybercrime
  • Profiling of cybercriminals
  • Security metric design and evaluation
  • Security patch measurement
  • Statistical exploration and prediction of security incidents
  • Open Source Intelligence and digital footprints

The workshop is co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020).

Important Dates

All deadlines are Anywhere on Earth (AoE = UTC-12h).

First cycle paper submissions due February 21, 2020 March 9, 2020 11:59 pm [EXTENDED]
First cycle acceptance notice to authors April 10, 2020
Second cycle paper submissions due May 18, 2020
Second cycle acceptance notice to authors June 10, 2020
Camera ready for accepted papers June 24, 2020
Virtual Workshop September 7, 2020

Accepted Papers

Full Papers:

  • A Social Network Analysis and Comparison of Six Dark Web Forums

    Ildikó Pete, Jack Hughes, Yi Ting Chua and Maria Bada

  • A tight scrape: methodological approaches to cybercrime research data collection in adversarial environments

    Kieron Turk, Sergio Pastrana and Ben Collier

  • Growth and Commoditization of Remote Access Trojans

    Veronica Valeros and Sebastian Garcia

  • How can data from fitness trackers be obtained and analyzed with a forensic approach?

    Florian Hantke and Andreas Dewald

  • My Boss is Really Cool: Malware-Induced Misperception in Workplace Communication Through Covert Linguistic Manipulation of Emails

    Filipo Sharevski, Peter Jachim, Paige Treebridge, Audrey Li and Adam Babin

  • #ISIS vs #ActionCountersTerrorism: A Computational Analysis of Extremist and Counter-extremist Twitter Narratives

    Fatima Zahrah, Jason Nurse and Michael Goldsmith

Short Papers:

  • A Measurement Study on the Advertisements Displayed to Web Users Coming from the Regular Web and from Tor

    Dario Adriano Bermudez Villalva, Gianluca Stringhini and Mirco Musolesi

  • Are You a Favorite Target For Cryptojacking? A Case-Control Study On The Cryptojacking Ecosystem

    Giorgio Di Tizio and Chan Nam Ngo

  • Don’t Forget the Human: a Crowdsourced Approach to Automate Response and Containment Against Spear Phishing Attacks

    Pavlo Burda, Luca Allodi and Nicola Zannone

  • Knowledge is power: An analysis of discussions on hacking forums

    John McAlaney, Emily Kimpton and Helen Thackray

  • Mapping the Geography of Cybercrime: A Review of Indices of Digital Offending by Country

    Jonathan Lusthaus, Miranda Bruce and Nigel Phair

  • Towards Automatic Identification of Typosquatting Attacks in PyPI

    Duc Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate and Antonino Sabetta


Papers should be written in English and formatted following the IEEE guidelines for EuroS&P 2020 reported here. Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template supplied by IEEE EuroS&P. We suggest you first compile the supplied LaTeX source as is, checking that you obtain the same PDF as the one supplied, and then write your paper into the LaTeX template, replacing the boilerplate text. Please do not use other IEEE templates. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.
WACCO welcomes full as well as position papers for submission. Length limits are of 10 pages and 6 pages respectively. Position papers should present new open and interesting questions that the community should address or open questions that past research papers have not yet addressed. We expect position papers to be presented in panels or poster-platform sessions.

Anonymous submissions

Papers should be fully anonymized before review: author names or affiliations may not appear or be revealed in the text. Previous work of the authors should be referred to the third person. In the unusual case that an anonymous reference is not possible, the authors should blind the reference (e.g. “[x] Blinded citation to preserve submission anonymity”). Papers that are not properly anonymized may be desk rejected.


All papers will be published by IEEE CS and posted on the IEEE digital libraries. At least an author for each accepted paper is expected to present their paper at the workshop.

This year WACCO will adopt the REFSQ model for paper presentation, where authors and audience are structurally engaged in the discussion. As a highly multidisciplinary workshop, we expect this model to foster discussion and exchanges from a multitude of different perspectives. Presenting authors and members of the audience will be contacted by the chairs before the workshop for the (short) necessary preparations.

Submission site

Please submit your paper through EasyChair here.

Program Committee Co-chairs

Luca AllodiEindhoven University of Technology
Alice HutchingsUniversity of Cambridge
Fabio MassacciUniversity of Trento
Sergio PastranaUniversity Carlos III of Madrid
Marie VasekUniversity College London


Publicity-ChairGiorgio Di TizioUniversity of Trento
Publicity-ChairJack HughesUniversity of Cambridge

Program Committee

Venue and Registration

The workshop is co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020). To register please visit the registration page of the main event.