Mini-Grant Projects
Every year, the HC2P funds a number of our co-investigators through our Mini-Grants program, which aims to offer a streamlined funding mechanisim for research. The projects that were funded are presented on this page.
The Price of a Life Online: Valuing Personally Identifiable Information on the Dark Web
Prof. Andreanne Bergeron
Prof. Bergeron's PII findings show that personal health data is the most economically valuable type of personal information on the dark web, followed by PINs, while email addresses are worth very little on their own. However, when criminal sentencing data is considered, credit cards and social media profiles rank much higher in severity, showing the need for a more nuanced, risk-weighted approach to data protection and breach response.
Analyzing Windows Remote Desktop Hacking Through Honeypot Data
Prof. Andreanne Bergeron
Prof. Bergeron's RDP attack findings show that while the overall attacker network was loosely connected, specific clusters displayed strong coordination through shared passwords, tools, timing, subnet ranges, obfuscation techniques, and similar behaviours. Prof. Bergeron’s work suggests that behavioural fingerprints can reveal connections between attackers more effectively than geography or infrastructure alone, helping defenders and law enforcement understand and disrupt cybercrime networks more strategically.
Analyzing Disclosure-Based Online Abuse
Prof. Jeremy Clark, Prof. Sébastien Gambs, Prof. Kévin Huguenin and Eva Luvison
The research found that disclosure-based online abuse varies widely across cases, making a one-size-fits-all solution unlikely, but targets consistently report serious harms and a need to understand what happened, gather evidence, and recover. The findings point to the importance of preventive tools, such as anti-screenshot features and sharing controls, combined with reactive solutions such as watermarking or data tracking to support accountability when abuse occurs.
An Assessment of Geopolitical Discussions in Cybercrime Forums
Prof. Masarah Paquet-Clouston
The research examines how geopolitical topics are addressed within three large cybercrime forums in 2024. It finds that geopolitical discussions in cybercrime forums are split between calls for action with operational intent and social chats where participants discussed conflicts or attacks without necessarily urging action. Overall, it concludes that the prevalence of these discussions is low, suggesting that cybercrime forums are not major hubs for organizing geopolitical militant activities and that such coordination is likely happening elsewhere.
The economic impact of DeFi crime events on decentralized autonomous organizations (DAOs)
Prof. Masarah Paquet-Clouston
The research examines the economic impact of 22 DeFi crime events on 14 decentralized autonomous organizations (DAOs), focusing on changes in price, trading activity, and market capitalization. The findings show that crime events often lead to increased governance asset trading volume and price declines. Most importantly, it finds that indirect financial impacts, that is, losses in market capitalization, are much larger than direct victim losses. For these 22 crimes events, indirect financial losses account for about 74% of total losses and amount to about 1.3 billion US dollars.
Analyzing Process-Based Threats to Election Integrity
Dr. Holly-Ann Garnett
Dr. Garnett’s findings show that online voting and other election technologies should not be treated as simple solutions to turnout, accessibility, or trust. Her work highlights that different groups, including young people and persons with disabilities, may experience and trust voting methods differently, so electoral processes need to be designed with more nuanced attention to equity, access, and public confidence.
Analyzing Information-Based Threats to Election Integrity
Dr. Holly-Ann Garnett
Dr. Garnett’s findings show that electoral disinformation is not just a technological problem, but a political and institutional challenge, as some actors may benefit from using it to shape attitudes, mobilize supporters, or marginalize opponents. Her work emphasizes that legal and technical fixes alone are insufficient, and that stronger, more independent, and better-resourced democratic institutions are essential for building long-term resilience against information-based threats.
Addressing the Harms of Data Security Breaches
Dr. Teresa Scassa
Dr. Scassa finds that class action lawsuits have become an important tool for protecting privacy because they create real financial and reputational consequences for organizations after data breaches. Her work also concludes that privacy law reform should preserve access to legal remedies while keeping the private right of action carefully limited so that risks for organizations remain balanced and manageable.
Modeling False Claims Against Politicians Alleged on Social Media
Prof. Stéphane Gagnon
Prof. Gagnon’s findings show that political disinformation is growing in volume and complexity, while parliaments and political actors are often less prepared than administrative institutions to respond effectively. His work also finds that knowledge graphs, debate graphs, and carefully constrained AI systems can help analyze allegations, preserve democratic plurality, and support disinformation response without turning mitigation into censorship.
Formulating a Privacy Design Toolkit for Tailoring Remote Healthcare Technology to Older Adults
Dr. Sonia Chiasson
The research found that older adults are generally open to remote healthcare technologies when they provide a clear health benefit, but they want control over what data is collected, how it is used, and who can access it. Their privacy expectations are diverse and change with personal circumstances, health needs, caregiving relationships, and concerns about misuse of sensitive data or AI-driven healthcare decisions.
Reducing Bias and Racism in Secure Software Development with Human-Centric Goals for Security
Dr. Sanaa Alwidian
Dr. Alwidian’s findings show that cybersecurity should protect people as well as systems by embedding fairness, accessibility, inclusion, and equity into secure software design. Her work highlights that seemingly neutral security measures can affect groups differently, so organizations should identify potential biases early and build inclusive security requirements into the development process.
Shaping Cyberhate Against Women: Anti-Feminist Discourse and Content on TikTok
Prof. Samuel Tanner
Prof. Tanner finds that Sigma-related masculinist discourse often acts as an entry point into masculinism by using humour, pop culture, aesthetics, music, television, and gamified formats to normalize defamatory ideas and make them more socially acceptable. He also finds that this discourse is not used only by men, as girls and other groups are increasingly appropriating and circulating it.
The business of ransomware and its effects on business
Dr. Richard Frank
Dr. Frank’s findings show that ransomware can seriously disrupt businesses, and that paying a ransom is unreliable: only about half of those who paid had their systems restored, while others received nothing or were asked for more money. The research also found that many businesses did report incidents to police, despite the common assumption that ransomware is widely underreported, and it points to the need for reliable backups and clearer reporting pathways.
Study on the Effectiveness of Data Breach Notification Laws in Canada
Prof. Nicolas Vermeys
Prof. Vermeys finds that data breach notification laws are too narrowly tied to privacy legislation, leaving breaches involving non-personal but confidential data outside mandatory reporting rules. He also finds that organizations interpret reporting obligations inconsistently, creating a need for clearer guidelines, broader information security rules, and greater awareness of notification duties.
How Cybersecurity Standards Can Better Support the Development of Secure and Resilient Systems
Dr. Jason Jaskolka
Dr. Jaskolka’s findings show that working with cybersecurity standards is much more complex in practice than it appears on paper, especially because selecting, applying, and demonstrating compliance with security controls involves overlapping guidance, evolving threats, technical trade-offs, and human interpretation. His research emphasizes that systematic, model-based, and tool-supported approaches can help organizations move beyond checklist-style compliance toward more traceable, meaningful, and effective security decision-making.
Investigating System Administrators’ Perspective Regarding Software Vulnerabilities.
Dr. Hala Assal
Dr. Assal’s research found that system administrators’ remediation decisions are shaped by many competing factors, including the type of vulnerability, its severity, the administrator’s skill and experience, and the level of organizational guidance available. The work also found that administrators often feel strong psychological ownership over their systems, suggesting that clearer procedures, formalized review processes, and stronger support could help them keep systems secure.
Reacting to Cyber Breaches: How People Are Affected By the Leaking of Data
Prof. Frederic Schlackl
Prof. Schlackl finds that consumers often do not react strongly to a data breach at a company they already are a customer of unless they are told their own data was specifically compromised. Surprisingly, people may judge a company more critically when the breach occurs at a firm they do not do business with, suggesting that consumer reactions alone may not be enough to push companies to improve data security.
Analysis of Montreal Street Gang Profiles on Instagram: Detection and Networks
Carla Ciccazzo-Favasuli
Ciccazzo-Favasuli’s findings show that Montreal street gangs use social media less to foreground firearms than to construct and project collective identity through group affiliation, cultural expression, and symbols of status. Firearms, clothing, jewelry, gestures, and visual codes function as markers of belonging and visibility, suggesting that online monitoring and prevention efforts should interpret symbolic content as carefully as explicit signs of violence.
Digital Legacy Planning for Older Adults
Dr. Elizabeth Stobert
Dr. Stobert found that many people have not meaningfully considered what will happen to their digital artifacts after death, partly because the topic feels morbid, overwhelming, and easy to ignore when those artifacts are not physically visible. Her work highlights the need for tools and practices that help people identify, preserve, contextualize, and share meaningful digital materials, rather than focusing only on account access.
Pumps and Dumps in the Cryptocurrency Underground | Twitter as a School for Crime
Prof. David Décary-Hétu
Prof. Décary-Hétu’s findings show that cryptocurrency hype generated by online influencers can drive short-term price increases, creating conditions where a small group profits while many others lose money. His work also shows that online offender communities have life cycles: they form, evolve, disengage, and eventually break down in ways that mirror some dynamics seen in mainstream online platforms.
Cybercrime and Cyber Fraud in Canada | Canada's Place in Cyberspace
Dr. Christian Leuprecht
Dr. Leuprecht’s key finding is that the biggest challenges and opportunities in cybersecurity are not purely technical, but human, institutional, and governance-related. His work shows the need for better cyber-fraud data, stronger reporting cultures, improved coordination across jurisdictions, and greater cooperation among Canada and other middle powers in setting expectations, red lines, and responses in cyberspace.
Countering Cyberattacks Targeting Artificial Intelligence Systems in Healthcare: An Assessment of Quebec’s Legal Framework
Marianne Ozkan
Ozkan finds that Quebec’s cybersecurity legal framework has broad coverage across healthcare assets, software, medical devices, and health data, which helps reduce potential entry points for cyberattacks. However, she concludes that some laws still reflect traditional IT systems and should be adapted to address AI-specific design methods, vulnerabilities, and risks in healthcare.

Building Resilience in a Digital Age: The Spread and Impacts of Disinformation in Canada’s Ethnocultural Diasporas
Dr. Bessma Momani
Dr. Momani’s research found that ethnocultural communities in Canada process disinformation differently from the broader Canadian population and often face a “double burden” of disinformation from both their countries of origin and sources targeting Canadians generally. It also found that disinformation often spreads through family and social networks, making it harder to challenge and increasing the need to support community leaders and civil society organizations already working to push back.

China’s Weaponization of Disinformation to Undermine Democracy in Canada
Dr. Benjamin Fung
Dr. Benjamin Fung’s research found that Canada’s critical infrastructure and supply chains face growing cybersecurity risks, particularly as hostile actors increasingly use AI to scale cyberattacks and exploit system vulnerabilities. His work also highlights the significant impact of foreign disinformation campaigns on Canadian society and elections, underscoring the need for stronger policies, public awareness, and technical tools to build resilience.