Support 100 years of independent journalism.

  1. Spotlight
19 October 2018updated 09 Sep 2021 5:22pm

Cyber criminals are not who you think they are

Exploring a dangerous and evolving trade.

By Jonathan Lusthaus

At the turn of the millennium, a group of Russian-speaking cyber criminals founded a website called CarderPlanet. This forum became a key online marketplace in the global trade of stolen credit card data, along with other illicit goods and services. One could view it as a criminal eBay of sorts, which significantly predated the much-hyped “Darknet” forums that dominate today’s media coverage.

Led by a mercurial figure known by the handle “Script”, it succeeded in establishing a professional model for how cyber criminal trade could be professionalised. Users could publish product reviews. Arbitration was provided for the site’s vendors and customers who came into dispute. Meanwhile, other members could choose to more safely trade through an escrow service. An interesting feature of the site was that the forum officers adopted existing mafia ranks such as Capo (short for the Italian Caporegime which means Captain). The network appeared to be appropriating the mystique of both traditional organised crime groups and their popular depictions in films and TV.

This self-ascribed association perhaps contributed to a number of commentators and security professionals conflating cyber crime and organised crime. And, in some sense, it has now become a mainstream position. For instance, one expert quote in a CNN article stated: “The Russian mafia are the most prolific cyber criminals in the world.” But how much empirical evidence actually supports the view that organised crime is taking over cyber crime?

I carried out a seven-year study into the organisation of cyber crime. The findings suggest that cyber criminals aren’t necessarily who we think they are. And, with regard to the example above, they may not even be who they think they are. As part of this study, I conducted 238 interviews with law enforcement, the private sector and former cyber criminals – across some 20 countries, including fieldwork in purported cyber crime “hotspots” such as Russia, Ukraine, Romania, Nigeria, Brazil, China and the United States.

While I was open to the possibility of heavy mafia and organised crime involvement in cyber crime, I was surprised by how few cases of this I encountered. There are certainly instances where there is such a crossover. But there are many others where cyber criminals operate on their own.

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU

One Eastern European former cyber criminal I interviewed called Andrey (all names have been replaced with pseudonyms), suggested: “All the relations between traditional mafia and gangs are eventual and personal, so there are no more connections than in any other industry or enterprise. Some individuals do, and if they do, they use it. Others don’t.” He went onto explain that, “of course, regular criminals show interest in certain aspects of cyber crime, but they show interest in many other things. More advanced carders and hackers, however, usually show strong disgust to ‘traditional’ criminals and usually join whatever cause there might be on a temporary basis. In turn, ‘traditional’ criminals often regard cyber criminals as ‘milk cows’ and nerds.”

Content from our partners
Why public health policy needs to refocus
The five key tech areas for the public sector in 2023
You wouldn’t give your house keys to anyone, so why do that with your computers?

Another former cyber criminal in the region, Ivan, stated that he had never encountered a direct connection between cyber criminals and traditional organised crime groups. In South America, Thiago said that he and his collaborators never engaged with organised criminals, and actively avoided them.

Of the cases of organised crime involvement I did encounter, there appeared to be four key roles that serious criminals can play in cyber crime: protector; investor; service provider; guiding hand. These are largely tied to their existing skill sets and resources.

In terms of protection, one of the few cases can be found in Brian Krebs’ book Spam Nation. Krebs recounts an episode of violent behaviour between cyber crime competitors. In it, a Belarusian cyber criminal called Alexander Rubatsky, formed an alliance with a group of heavies, associated with the “The Village” organised crime group in Minsk. In one instance, these men posed as local police and then kidnapped Rubatsky’s main rival, holding him for ransom.

 Yet such examples proved rare in my research. One of the surprising findings from the data was that it is not common for mafias and organised crime groups to provide protection for cyber criminals. Instead, it seems that law enforcement agents and political figures are more frequently providing this service. After all, bent politicians and police are in a much better position to shield cyber criminals from arrest.

The evidence suggests that in lieu of trying to control, or govern, the entire world of cyber crime – as they have done with various illicit industries in the past – organised crime groups are more likely to play a smaller role within it. The more common ways they choose to involve themselves is either as a service provider or guiding hand in various enterprises.

For example, the money side of cyber crime is a plausible point of entry for organised crime involvement. One interesting example I encountered was a Los Angeles street gang converting prostitution operations into cyber fraud schemes. “Fraud pimps” send women out to make purchases with counterfeit credit cards, rather than to turn tricks.

While such evidence shows involvement in cyber crime, we should seriously call into question the popular perception of cyber crime as predominately run by violent, organised criminals. And that is not the only problematic stereotype we need to contend with. At the other end of the spectrum, is the ingrained view that cyber crime is driven by nerdy and socially awkward hackers – the archetypal hooded teen in his parents’ basement.

Returning to the example of CarderPlanet, these cyber criminals were clearly organised and sophisticated. While few of the leaders had past lives as mafia members or serious histories of violent crime, neither were they isolated geeks without social skills or any management ability.

They were the pioneers of the multi-million dollar “carding” industry and adopted commercial principles that we might expect to find in corporations across the world. They even organised a number of offline gatherings, including at least two business conventions held in Odessa, Ukraine, in 2001 and 2002. That was then. The cyber crime industry and its professionalisation have only grown since then. As US Law enforcement agent Terry summed up the threat: “They are businessmen.”

Jonathan Lusthaus is author of Industry of Anonymity: Inside the Business of Cybercrime, published next month by Harvard University Press

Topics in this article: