School of Social and Political Science

Description

Controversies in the Data Society 2026 series - Session 2

Modern information technology has created a vast scope for new harms, from hacking business and government, undermining critical infrastructures, to exploiting vulnerable people, especially children, on a global scale. The arrival of pretrained AI tools such as LLMs and image generators suggests that this is going to get increasingly worse. In this session, hear from speakers who work on detection of and understanding of cybercrime and child sexual exploitation and abuse. 

About this session

Existential risk scenarios trumpeted by AI salespeople often involve advanced AIs breaking loose and using hacking tools to radically expand their abilities and control over critical infrastructure. More plausibly, it might appear that changes to cybercrime could result from LLMs' diffusion as a consumer technology, that hacking and cybercrime communities might be the first place to look for evidence of transformative disruption.

This talk will argue that the reality is rather different. We apply innovation theory and evolutionary economics - treating cybercrime as an ecosystem of small and medium-scale tech start-ups - and explore what the diffusion of AI technologies within cybercrime could entail. We analyse early empirical data from a variety of large-scale digital sources from the cybercrime underground, and find that the reality is prosaic -- AI is seeing some early adoption in existing large-scale, low-profit passive income schemes and trivial forms of click fraud but is not giving rise to widespread disruption in cybercrime. It is also not being widely used as a skill multiplier or innovative disruptor for cybercrime-specific coding domains (which already rely heavily on old, pre-made resources, scripts and exploits). 

Instead, it is replacing existing means of code pasting, error checking, and cheatsheet consultation, mostly for generic aspects of software development involved in cybercrime - and largely for already skilled actors, with low-skilled actors finding little utility in vibe-coding tools compared to pre-made scripts. The role of jailbroken LLMs as hacking instructors is also overstated, given the prominence of deviant association and social learning in initiation - new users value the social connections, subculture, and community identity involved in learning hacking and cybercrime skills as much as the knowledge itself. Our initial results, therefore, suggest that even bemoaning the rise of the vibercriminal may be overstating the level of disruption to date.

About the speakers

Dr Ben Collier is Senior Lecturer in Science, Technology and Innovation Studies. His research sits at the intersection of Criminology and Science & Technology Studies, drawing theory and methods from both. He studies how digital infrastructures become sites where power of different kinds is exerted. Using qualitative, computational, and statistical approaches, his research falls into three strands:

The first involves large-scale ethnographic studies of digital infrastructure, such as his research on the Tor network (the subject of a book with MIT Press: https://mitpress.mit.edu/9780262548182/tor/). 

The second focuses on how digital technologies and infrastructures become used for crime and resistance, drawing on a mix of ethnographic and AI/data science approaches.

The third looks at digital infrastructure and state power, including in-depth studies and evaluations of law enforcement interventions (such as FBI takedowns) and a recent project looking at the use of digital influence campaigns by law enforcement and government to shape the behaviour and culture of the public, and achieve preventative policy goals.

James Stevenson is a Technology-Facilitated CSEA Data Specialist, at Childlight. James comes from a child-protection background, having worked in frontline child and family services for several years in Canada. He started work in addressing technology-facilitated child sexual exploitation and abuse (CSEA) at the Canadian Centre for Child Protection in 2022 before moving to Edinburgh in 2023. James is a part of the research team at Childlight, a centre based at the University of Edinburgh that applies a public health approach to uncovering a pandemic of child sexual exploitation and abuse (CSEA), revealing its prevalence and nature worldwide. James works on the Global Index and other research projects concerning technology-facilitated CSEA.