Cyber Crime and Organized Crime

The current era of cybercrime is no longer dominated by hackers accessing computer systems just for fun or notoriety. The development and growth of the digital economy has changed the criminal landscape dramatically.


High rewards combined with low risks have made digital networks an attractive environment for various types of criminal groups. In the non-digital era, organised crime sought after the safe havens offered by countries with weak governments and unstable political regimes. Today’s organised criminal groups can benefit from national jurisdictions that do not have proper legal frameworks and technical capabilities to fight cybercrime. The easiness of communication, anonymity, and the accessibility of tools for illegal operations have transformed cybercrime into a global, fast-expanding and profit-driven industry with organised criminal groups thriving behind it.


Organised crime in cyberspace: changing structure

Organised criminal groups are gradually moving from traditional criminal activities to more rewarding and less risky operations in cyberspace. While some traditional criminal organisations are seeking the cooperation of e-criminals with the necessary technical skills, newer types of criminal networks operating only in the area of e-crime have already emerged.

The structure of these criminal organizations is different from traditional organised crime organisations. Criminal activities are usually conducted within multi-skilled, multifaceted virtual criminal networks centred on online meetings. These networks are structured on “stand alone” basis, as members rarely meet each other in person and sometimes do not even have a virtual contact with other colleagues. This sophisticated structure, together with access to the core operations granted only to trusted associates, prevents organised cybercrime groups from being detected and infiltrated by law enforcement.

The networks themselves could involve from ten to several thousand members and could include affiliated networks in their structure. Regardless of the number of members and affiliates, virtual criminal networks are usually run by a small number of experienced online criminals who do not commit crimes themselves, but act rather as entrepreneurs. The leading members of the networks divide the different segments of responsibility (spamming, controlling compromised machines, trading data) among themselves. Some “elite” criminal groups act as closed organisations and do not participate in online forums because they have enough resources to create and maintain the value chains for the whole cycle of cyber-offences, and therefore have no need to outsource or to be engaged as outsiders into other groups.

Tools and models for criminal activity

Organised crime borrows and copies business models from the legitimate economy sector. Cybercriminals employ models similar to the B2B (business-to-business) for their operations, such as the highly sophisticated C2C (criminal-to-criminal) models, which use very effective crime tools available through digital networks. The computer systems’ vulnerabilities and software are exploited to create crimeware such as viruses, Trojans, keyloggers. These crimeware tools offer criminal groups the flexibility of controlling, stealing and trading data.

The development of botnets, networks of compromised computers running programs under external control, transformed some types of cybercrimes such as phishing into the worldwide underground ecosystem run by organised crime. The estimated financial gain of these criminal groups ranges from tens of thousands to tens of millions of dollars. The trade of botnets has also become a high-revenue activity that could be also linked to organised crime. The botnets’ costs are relatively low compared to the criminals’ financial gain and to the damage to individual consumers and businesses, as well as to the financial health, reputation and trust in online transactions as a whole.

Crimeware is also used to deploy Crime-as-a-Service business models that represent the system of trading and delivering crimeware tools. Data supplying models are also used to share the tools to commit cybercrimes. For instance, by creating “customer” systems where instruments are available on demand, “users” just log into the server and choose from the range of tools suitable for fraud, phishing, and data stealing and then download them. When user data is stolen, criminals can use crimeware servers to commit organised attacks. Crimeware servers allow to control compromised computers and manage the stolen data.

Addressing the problem

Fighting cybercrime has always been a complex problem due to the number of ICT network users, the transnational nature of the Internet and its decentralised architecture. Cybercriminals, and especially organised criminal groups, have been and probably would always remain several steps ahead of legislators and law enforcement agencies. C2C networks benefit from anonymous communications, automation of attacks and the difficulties that law enforcement agencies experience in determining the location: servers with crimeware could be in one country, while members of the network could be in another one, targeting victims across the world.

In addition to strengthening the current legal frameworks, updating old legislation, harmonising laws on an international level, what is needed is also the cross-sector cooperation on national level as well as international cooperation in detecting, investigating and preventing e-crimes committed by organised criminal groups. The development of a comprehensive understanding and a forward-looking approach are required since fighting organised cybercrime seems to have a moving target.

Countries face the problem of addressing this international problem collectively. Some States just do not have the necessary tools to respond to the activities of the organised cybercriminals, they may lack the technical skills or have legal drawbacks. The development of a common understanding that no country could be safe alone in the global ICT network is very important.

Future trends and responses

With the absence of a global strategy to counter organised cybercrime, the problem is very likely to deepen in the foreseeable future. With the development of ICT networks and of the opportunities they offer, criminal groups will benefit from the entire range of the tools and models available to the legitimate economy sectors. The information’s availability would make it not only more accessible to organised groups, but also more easy for them to foster and automate their fraud-committing activity. It would also probably link more opportunistic criminals to existing criminal networks.

Cybercrime is transforming itself into an illegal industry, where syndicates are highly sophisticated and are very hard to identify. Some cybercrime industries would be run solely by organised criminal groups, constantly seeking the newest technical solutions and for the creations of new markets. As a result, it would be likely for the cybercrime ecosystem to be soon dominated by criminal organisations, as cybercrime networks that have already become international would multiply opportunities and reach the global scale by exploiting the legal frameworks’ weakness and searching for safe havens in countries with less capability to detect and fight them. This will make fighting cybercrime a more difficult task for law enforcement agencies.

As markets and trading itself have always attracted organised criminal groups seeking benefits from illegal activities, the growth of digital operations and services in legitimate markets are a key enabler for organised cybercriminals, both for committing traditional crimes and for developing new types of illegal activities. Using business models that have proved their effectiveness for the legal business sector, organised cybercrime groups deploy highly sophisticated tools of online criminal activities. The risk for individuals, businesses, and governments grows with the further digitalisation of their economy. E-activity is conducted as long-term sustainable criminal operations. Due to the borderless nature of the Internet, the problem of organised cybercrime has truly global consequences when no country can ensure safety only within its borders. The sole way to address the problem is to develop long-term responses that would include coordination and harmonisation of efforts on both national and international levels.

* Dr. Tatiana Tropina is Senior Researcher at the Cybercrime Institute in Cologne, Germany.