BLACK HAT USA 2018-Las Vegas- Turns out the Mafia isn’t running the bulk of cybercrime operations after all, an Oxford University researcher said at this year’s Black Hat. Global cybercrime appear to be dominated by scrappy entrepreneurs looking to make money online.
While organized crime can provide support or expert guidance to specific operations, most sophisticated cybercriminals are typically not associated with any kind of organization, Jonathan Lusthaus, director of the human cybercriminal project at Oxford University's sociology department, said during his Black Hat presentation. He studied the role organized crime played in cybercrime over a seven-year period in 20 different countries, including Russia, Ukraine, Romania, Nigeria, Brazil, China, and the United States. After 238 interviews with law enforcement officials, former cybercriminals, and other experts and individuals in the private sector, Lusthaus was “a little surprised” with organized crime’s limited involvement.
"I was particularly surprised that I didn't find more cases where these groups were protecting cybercriminals," Lusthaus said.
The idea that organized crime dominates the cybercrime economy is so widespread because in the mainstream consciousness, some kind of central authority in criminal operations translates to the Mafia. While it’s true cybercriminal gangs operate in a hierarchy, with different roles for providing support, acquiring services, executing the attacks, moving the money, and connecting interested parties, there is no evidence to suggest the Mafia is controlling these activities on a grand scale globally.
Many of the people Lusthaus interviewed as part of his research asserted that organized crime had “substantial involvement” in cybercrime but could not provide concrete examples. "But when pressed, this appeared to be a theoretical rather than an empirical view," Lusthaus wrote in the white paper accompanying his presentation.
In the white paper, Lusthaus cited Thomas Schelling, the Nobel Prize winning economist, noting that organised crime is not simply “crime that is organized.” Organized crime is “tied to the concept of governance,” where they are trying to control both the production and distribution of illegal activity as well as supplying the protection to make that activity possible. Under that “particularly tight set of definitions,” cybercrime doesn’t qualify.
“Cybercriminals often aren’t competing with each other in a traditional territorial way, so they don’t always need gangsters and strongmen to keep them safe or resolve disputes between them,” Lusthaus said.
The actual involvement is “more nuanced” and “organic” as the syndicates get involved in ways that match their traditional areas of expertise, such as money laundering, act as “service providers” for a part of a cybercrime operations, or just provide funding.
In one case of organized crime acting as investors for cybercriminals, a “well-established” organized crime syndicate put up the money for a programmer to write software for a cybercrime group that would obtain payment card information from banks, a law enforcement official from the United Kingdom told Lusthaus. The deal fell apart after a dispute and the cybercriminal had to go on the run because his life was threatened.
The 1994 breach of Citibank by Valdimir Levin illustrated how organized crime can offer their traditional skills to offset cybercrime. In that high-profile case, a syndicate based out of St. Petersburg called the Tambov Gang financed and handled the task of moving the millions of dollars Levin had stolen via illegal money transfers. Some mafia groups have been linked to criminals smuggling card skimmers and blank cards used to create counterfeit credit and debit cards.
While Brian Krebs outlined organized crime involvement in Spam Nation, this level of involvement is still rare. There are examples, but there are also many cases where “mafias just aren’t present,” Lusthaus said.
The Mafia protects it members. Lusthaus found that mafia groups rarely provide protection for cybercriminals. Instead, cybercriminals bribe or blackmail law enforcement and political figures to get the protection needed to stay out of jail.
Lusthaus found that while there is organized crime involvement in cybercrime, it is far lower than believed. Most cybercriminals don’t want to be associated with organized crime, he said, assering the “nerds” would be horrified to be associating with the “street guys.”
On one hand, it’s a bit of a relief to know that organized crime hasn’t attempted to take over cybercrime. On the other, it is not pleasant to think there is a whole new breed of criminals cutting their teeth on cybercrime and not operating under a specific code of ethics. There is a silver lining in the research by Lusthaus, though. He suggested that it may be possible to deter cybercriminals by recruiting skilled individuals in regions where cybercrime is rampant and people don’t have a lot of options beyond illegal activity to use their skills.
Much like pretty much everyone else, organized crime takes advantage to make it easier to run their existing operations.
They tended to get involved in ways that matched their traditional skill sets and where there was a genuine need for what they could provide, such as in running money-mule or money-laundering operations," he said. "It's also clear that they are using technology to enhance their other criminal operations, though this isn't cybercrime per se.