SCARS™ Insight: Cybercrime Is Big Business! A Continuing Series – Part 2
How Does the Business of Cybercrime Work?
The organizational features commonly found in the online criminal underground look a lot like traditional business structures, with organizational heads, line managers, and front-line staff.
Provided courtesy of the Council on Foreign Relations »
By: Jonathan Lusthaus – Director of the Human Cybercriminal Project at the University of Oxford, and the author of Industry of Anonymity: Inside the Business of Cybercrime.
Cybercrime Is A Shadowy World!
One only needs to do an image search on Google to find the stereotype of the hooded, faceless attacker.
But as a sociologist, my primary interest is people. I began studying cybercrime because I was interested in this hidden world and the unseen faces within it. I wanted to peel back the hoodie. I spent seven years traveling around the globe, from Russia and Ukraine, to Romania, China, Nigeria, Brazil, and the United States. Over this time, I interviewed almost 250 law enforcement agents, security professionals and former cybercriminals about the business.
What this research taught me was that cybercriminals are not all that mysterious. While the tools have changed, the underlying crime types remain the same: theft, fraud, extortion and so on—what Peter Grabosky called “old wine in new bottles”.
The organizational features commonly found in the underground also look a lot like traditional business structures. One of the most striking aspects of modern day cybercrime is how specialized it has become. Few actors are skilled across every aspect of the business. It makes greater economic sense to invest in a particular “trade” and rely on others to provide specialist functions around other areas of the industry. Offenders have carved out a multitude of roles, from technical areas, such as malware production, to “cashing out,” which is decidedly less technical and involves converting virtual gains into monetary or physical ones.
Even within a specialization, sub-specialties will emerge. For instance, there might be a project lead to develop malware, supported by a couple of programmers, who might have distinct coding expertise. This manager then needs to find a salesman who can sell the malware, perhaps in an online marketplace. Whoever buys the malware might then need to hire a team to successfully deploy it, which requires a number of further sub-specialties.
In the parlance of recent law enforcement and industry reports, this breakdown of roles is often known as “crime-as-a-service.” This could suggest that cybercriminals have invented something new. In reality, it is a manifestation of basic economics—the division of labor—that has been present throughout human history.
For cybercrime to operate as an industry—for these disparate service providers to unite—there also has to be a way for criminal actors to successfully work together. This creates a puzzle: how do anonymous criminals trust each other?
On the face of it, criminals should not make trustworthy partners. This is particularly problematic when a criminal is known only by his or her online handle, and can’t be “paid a visit” if a deal goes awry.
In an online setting, perhaps the most important factor is reputation. Cybercriminals like to deal with partners they have worked with before. They have a sense of who they are collaborating with, which reduces the risk involved in transactions and operations. When they need to find a new partner, they ask for recommendations from people they know or seek out published information on a particular person’s character.
Many of the criminal virtual marketplaces operate in a similar way to legitimate platforms like eBay. There are numerical rating scales, along with qualitative reviews. If a vendor has provided poor quality products, that vendor often has poor reviews. By making this information publicly available, cooperation can be scaled up from a handful of criminals to potentially thousands of forum members. Each member can spend less time checking out potential partners, and more time carrying out crime.
There are other ways that cybercriminals enhance cooperation, primarily through mechanisms that help guarantee deals. Cybercriminals have adopted virtual regulatory systems that are reminiscent of legitimate legal and commercial systems.
When they are carrying out large transactions, online criminals may use escrow, where a trusted third party holds the payment (and sometimes the goods too), until everything has checked out. Arbitration is also available if a dispute develops. A senior member of the community will be appointed to listen to what each side has to say, assess the evidence and then make a ruling. In certain cases, the loser might be banned from the relevant marketplace.
This guarantor function is akin to the role that mafias play in a number of traditional criminal markets. Beyond that, it is similar to enforcement systems that can be found throughout the evolution of civilization.
Cybercrime is often regarded as a new frontier. People are always looking for signs of innovation in this underground, and in many aspects of the business, cybercriminals are innovative. But we shouldn’t forget that much of its core is actually old. Cybercriminals often behave like other people. Humans will be humans.
TAGS: SCARS, Important Article, Information About Scams, Anti-Scam, Cybercrime, Cybercriminality, Big Business, Online Crime
SCARS™ Editorial Team
Society of Citizens Against Relationship Scams Inc.
A Worldwide Crime Victims Assistance Nonprofit Organization
Visit: www.AgainstScams.org
Contact Us: Contact@AgainstScams.org
PLEASE SHARE OUR ARTICLES WITH YOUR FRIENDS & FAMILY
HELP OTHERS STAY SAFE ONLINE – YOUR KNOWLEDGE CAN MAKE THE DIFFERENCE!
The Latest SCARS Posts:
FIND MORE SCAM NEWS
«SCAMCRIME.COM»
JOIN US ON FACEBOOK
«CLICK HERE»
END
MORE INFORMATION
– – –
Tell us about your experiences with Romance Scammers in our
« Scams Discussion Forum on Facebook »
– – –
FAQ: How Do You Properly Report Scammers?
It is essential that law enforcement knows about scams & scammers, even though there is nothing (in most cases) that they can do.
Always report scams involving money lost or where you received money to:
- Local Police – ask them to take an “informational” police report – say you need it for your insurance
- U.S. State Police (if you live in the U.S.) – they will take the matter more seriously and provide you with more help than local police
- Your National Police or FBI « www.IC3.gov »
- The SCARS|CDN™ Cybercriminal Data Network – Worldwide Reporting Network on « www.Anyscam.com »
This helps your government understand the problem, and allows law enforcement to add scammers on watch lists worldwide.
– – –
To learn more about SCARS visit « www.AgainstScams.org »
Please be sure to report all scammers
on « www.Anyscam.com »
Disclaimer:
SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.
IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.
ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.
A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.
This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’s Content. The information contained are subject to change and are not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’s websites, apps, and Content unless explicitly identified as such.
The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’s websites Terms of Use.
Legal Notices:
All original content is Copyright © 1991 – 2020 Society of Citizens Against Relationship Scams Inc. (D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.
SCARS, SCARS|INTERNATIONAL, SCARS, SCARS|SUPPORT, SCARS, RSN, Romance Scams Now, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS|LATINOAMERICA, SCARS|MEMBER, SCARS|VOLUNTEER, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, are all trademarks of Society of Citizens Against Relationship Scams Inc.
Contact the law firm for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org
Please Leave A Comment - Tell Us What You Think About This!