The dark side of science: Confronting the quick conclusions and shortcuts of cybersecurity “researchers”

The presentation will shed light on the behind-the-scenes of scientific research by exploring the need to understand and analyze previous studies that arrive at results divergent from ours.

Two case studies will be presented.

In the first case, we question researchers who claim to observe an increased risk of being a victim of cybercrime during the holiday season.

In the second case, we will refute a study which mentions that attackers only use leaked passwords exclusively to carry out brute force attacks.

In addition to arriving at different results, this second investigation also allowed us to study the difference in victimization between people who use network-level authentication (NLA) and non-network-level authentication (Transport Layer Security or TLS) over the remote access protocol.

The objective of this presentation is to illustrate the importance of rigor and objectivity in scientific research, at the risk of raising controversy.

About the speaker

Andréanne Bergeron has a doctorate in criminology and works as a cybersecurity researcher at GoSecure.

Her expertise explores the intersection between criminology and cybersecurity, focusing on the behaviors of online attackers and their decision-making process.

In addition to her position as a researcher, Andréanne is an associate professor at the School of Criminology at the University of Montreal, establishing a link between academia and industry.

As an experienced presenter, Andréanne has presented her research at prestigious conferences such as BlackHat USA, Defcon, NorthSec, CyperCon and BSides Montreal among others.