“Organised Cybercrime”

by Jonathan Lusthaus

There sometimes appears to be about as many definitions for the concept of “organised crime” as there are organised crime groups in the world. Almost every country has their own approach, often reflecting the specific challenges facing their law enforcement agencies. This means that those investigating whether there is such as thing as “organised cybercrime” face a very difficult task. Not only is there very limited hard information on the organisation of cybercriminal groups, but there is no singularly accepted definition of organised crime to apply to them.

At minimum, most definitions of an organised crime group include some basic features: 1) more than one person involved; 2) some semblance of structure; 3) a level of continuous operation beyond a one shot deal or job; 4) an element of profit motivation. When talking about online cybercriminal groups, it is possible that some would meet such broad definitions. In my research, one of the most regular types of cybercriminal “organisation” that pops up is something akin to a “crew”. Just like crews that physically knock over banks with shotguns, some cybercriminals appear to operate in similar small online groups. They have a loose hierarchy, sometimes with a leader of sorts, operate together for up years at a time with certain constant members, and have a clear financially motivated goal. These groups can be involved in anything from fraud, hacking, identity theft, malware, extortion of companies, spamming or a whole range of other activities.

But such definitions of organised crime are so broad that they lump together very diverse groups. A crew of three teenage thieves may be more “organised” than a lone wolf operator, but such a crew is also quite distinct from other “organised” groups like drug cartels and mafias. This is why some attempting to define organised crime also include a notion of violence and coercion as part of the business. Others go further, such as the economist Thomas Schelling who argues that organised crime is not simply “crime that is organized”. In explaining his approach, Schelling has provided the famous account of why organised burglars do not fall into the category of organised crime:

…burglars are never reported to be fighting each other in gangs for exclusive control over their hunting grounds. Burglars are busy about their burglary, not staking claims and fighting off other burglars. It is when a gang of burglars begins to police their territory against the invasion of other gangs of burglars, and makes interloping burglars join up and share their loot or get out of town, and collectively negotiates with the police not only for their own security but to enlist the police in the war against rival burglar gangs or nonjoining mavericks, that we should, I believe, begin to identify the burglary gang as organized crime.

What this approach appears to be getting at is that organised crime is a form of governance within the criminal world. In this conception, organised crime groups attempt to regulate and control some form of illegal industry. As I noted in my previous post on trading forums as mafias, even criminals need some form of rules and order, or else things fall apart…

So can online cybercrime groups be classified as fully fledged organised crime groups under this more rigid approach? Despite suggestions of such organised crime on the web, there are a number of obstacles to applying this classification. First, violence is at the heart of traditional organised crime groups’ regulation and control of various markets, but in the context of the Internet, there appears to be no directly analogous and effective tool for enforcing order. Second, issues of territory, and control over that territory, are also central to conceptions of traditional organised crime, but something akin to physical territory is difficult to find online and anything similar (hosting, domain names, private online spaces) practically operates in quite different ways. Third, online groupings larger than small crews tend to very fragile, being both difficult to form and to hold together in the dynamic environment of the Internet. Finally, perhaps for similar reasons, providing criminal governance for aspects of seemingly infinite cyberspace appears an extremely challenging task for such groups to undertake.

While some hints of “organised cybercrime” might present themselves online, we don’t know enough to paint a clear picture. There is still a lot of speculation on what cybercriminal groups actually look like and not that much real data on them.  Continuing definitional debates over what constitutes organised crime don’t help the task much either. While broad definitions of organised crime are probably met by known cybercrime groupings, the more rigid definitions applying to traditional organised crime groups appear a bridge too far. But in the end, given the novel landscape of cyberspace, we should not necessarily expect exact replicas of traditional criminal organisation online. Crime remains crime, but we have reached a new frontier.

Read more about “Organised Cybercrime” in “How Organised is Organised Cybercrime?”

Advertisements