Industry of Anonymity

Inside the world of profit-driven cybercrime

Month: March, 2013

March 12, 2013

Are Cybercriminal Trading Forums Mafias?

There is a lot of discussion online comparing cybercriminal trading forums (where stolen credit/debit card details can be traded among other illicit goods and services) to mafias. This is not just the cause of lone bloggers, but has also been taken up by various law enforcement spokesmen and major technology company analysts. This is not to mention certain forums themselves helping to promote this view, like the early site Carder Planet which used mafia titles (like Capo) to describe the various ranks on their boards.

But most of these comparisons seem to involve loose, almost pop-culture, understandings of what a mafia actually is. There is a whole body of academic theory investigating precisely what mafias are and how they function. Yes, that’s mafias not just the mafia. The idea of the mafia might have grown out of the Sicilian mafia and then the Italian-American mafia, but in reality a mafia is any organised crime group that attempts to control the supply of protection. That’s why you can have the Russian mafia made up of Russians not Italians, or that the Yakuza in Japan or the Triads in Hong Kong can be classified as mafias.

Maybe the best definition of a mafia is provided by Henry Hill, the lead (real-life) mobster in Scorcese’s Goodfellas, when he described the role of his local Lucchese family captain Paulie:

The guys who worked for Paulie had to make their own dollar. All they got from Paulie was protection from other guys looking to rip them off. That’s what it’s all about. That’s what the FBI can never understand – that what Paulie and the organization offer is protection for the kinds of guys who can’t go to the cops. They’re like the police department for wiseguys.

Essentially, mafias provide a form of governance for the criminal world that is beyond the control of the state. Even criminals need order and rules…

So with this understanding of what a mafia is, can cybercriminal forums really be classified as mafias? Well, there is some evidence to make a case. For one, forums do have a hierarchical pyramidal structure (from administrators to moderators and then various ranks of members), just like mafias do. But then so do various other organizations, like armies and corporations. So simplistic analogies on this point should be considered far from enough to make the case.

What should be more interesting to us is that forum administrators and moderators seem to seek a level of governance over aspects of the cybercriminal world. The purpose of trading forums is not simply to provide a place for cybercriminals to meet and trade, but one where they can do so relatively safely. This is why administrators restrict access to forums to those who have been vetted by other members or passed certain tests. They also maintain ranks based on proving trustworthiness over time.

But even more importantly, site officers directly police scamming or “ripping”. They often maintain “name and shame” boards for offenders and exclude them from the forum if they have wronged other users. They have been known to arbitrate disputes and some sites even provide an escrow service, with site officers reducing opportunities for fraud by guaranteeing transactions and taking a cut in the process.

When site administrators and moderators enforce forum rules and monitor user behaviour like this, they begin to look like a mafia providing online protection. Some forum administrators even exude the desire to monopolise the protection business, which is also required for classification as a mafia.  The best example of this is the story of the hacker Iceman (aka Max Butler aka Max Ray Vision), who was the administrator of CardersMarket. As described in Kevin Poulsen’s excellent account Kingpin, though ultimately unsuccessful, Iceman launched a hacking campaign to unify the major cybercriminal forums under his control.

Ultimately, cybercriminal forums are like mafias but they are not mafias. Forums struggle to act as mafias because the task of governing the cybercrime trade is inherently difficult. Monitoring and enforcement on the Internet are virtual rather than physical, as one cannot simply “pay a visit” to a malefactor like a Mafioso would. The most serious and effective form of punishment on a forum is exclusion from the site, which pales in comparison to possible death.

Maybe the fundamental challenge to online trading forums being classified as mafias is that it is difficult to classify these markets as criminal organisations at all. As many of their names indicate (DarkMarket, Ghostmarket and CardersMarket), they should be viewed as marketplaces rather than anything else. A mafia is not a marketplace. A mafia may attempt to govern various marketplaces, but its existence is distinct from the individual enterprises it is involved with. The Sicilian mafia has controlled the Palermo fish market for some time, but the fish market is not itself a mafia. The Sicilian mafia is the mafia.

The real problem facing the conception of online forums as mafias is that their structure and organisation are tied to the architecture of each site rather than to any autonomous group behind them. The major markets generally operate for only a few years. They usually crumble when law enforcement scrutiny of the sites increases and their key leaders are arrested. This is in contrast to mafia groups, which might be damaged by such scrutiny or arrests, but can often limp on or rebuild. A mafia is an institution that is sustainable and independent from its individual enterprises and key leadership.

So should we support the view that cybercriminal trading forums are mafias? Probably not.

Read more about trading forums as mafias in “How Organised is Organised Cybercrime?”

March 3, 2013

Welcome to Industry of Anonymity!

When it comes to cybercrime, most of us are aware of some vague anonymous threat. Will my email account be hacked or my credit card compromised? Has my company become the target of a major criminal scam? Is someone tracking my online activity?

While the answer to some of these questions might be yes, these questions hide many more behind them. Questions that are less often asked because the anonymous nature of the Internet makes them difficult to answer. Who are the sorts of people behind various cybercriminal schemes? What are their motivations? Where do they come from? Are they individuals or groups? How do they behave and how are they organised?

If these are the sorts of mysteries that you might like to delve into, then this site is for you…