There is no ‘Tony Soprano mob boss type’ who is ordering cybercrime against financial institutions globally, say researchers, adding that there are no such thing as organised crime mafias to date. Cybercrime groups function and work together to cause an estimated $445-600 billion of harm globally per year.
“Certainly, there are different nation states and groups engaging in cybercrime, but the ones causing the most damage are loose groups of individuals who come together to do one thing, do it really well – for a period of time – then disappear,” explained Thomas Holt, professor of criminal justice at Michigan State University.
Holt said that organized cybercrime networks are made up of hackers coming together because of functional skills that allow them to collaborate to commit the specific crime.
“So, if someone has specific expertise in password encryption and another can code in a specific programming language, they work together because they can be more effective – and cause greater disruption – together than alone,” said Holt, the co-author of the study.
Holt and lead author ER Leukfeldt, researcher at the Netherlands Institute for the Study of Crime and Law Enforcement, reviewed 18 cases from which individuals were prosecuted for cases related to phishing.
“We found that these cybercriminals work in organisations, but those organisations differ depending on the offense,” Holt said.
“They may have relationships with each other, but they’re not multi-year, multi-generation, sophisticated groups that you associate with other organised crime networks,” he noted in the journal International Journal of Offender Therapy and Comparative Criminology.
As things move to the Dark Web and use cryptocurrencies and other avenues for payment, hacker behaviours change and become harder to fully identify, it’s going to become harder to understand some of these relational networks.
The research also debunked common misconceptions that sophisticated organized criminal networks – such as the Russian mafia – are the ones creating cybercrime.
“We hope to see better relationships between law enforcement and academia, better information sharing, and sourcing so we can better understand actor behaviour,” Holt observed.