Botconf Author Listing

This presentation discusses employee liability in the context of cyber-attacks, with a focus on ransomware cases. We aim to present a series of case studies in which we detail cyberattacks committed against private and public actors: we analyze the possible behavior and involvement of employees, identify the applicable criminal law rules, and evaluate whether the employees can be held directly liable. We also touch on the topic of civil liability in relation to the damages caused by the attack. Although our case studies will be presented though the scope of Swiss law, a comparative approach focused on legal solutions from other countries, such as France and the US, will also be included.

Discussion forums are asynchronous communication channels hosted on internet websites. An important component of discussion forums is the marketplace section most forums host. This section enables official and unofficial vendors to post messages about goods and services for sale, and for customers to request certain products as well. The aim of this research is to describe and understand the impacts of the private nature of discussion forums on their participants’ activities. Our driving hypothesis is that private discussion forums are host to more sophisticated participants that will, in turn, offer and have access to more sophisticated tools. More specifically, this paper will compare public and private discussion forums to describe and understand the primary and secondary types of malware their participants advertise, the infrastructure the malware targets, the freshness of the malware being advertised, the quality based on price of the malware being advertised and, finally, the level of trust in the sellers of malware. Our findings suggest that while private discussion forums may not be the place where unknown and more sophisticated malware are offered for sale, but it just may be the place where the most significant and organized threats come from.