To Tackle Cybercrime We First Need to Understand It

A picture emerged of an industry that was strangely distant from traditional organized crime. Many cybercrime ventures seemed to function much like other online businesses, only they happened to be illegal. Out of several surprises that Dr. Lusthaus uncovered, he recounts one of the most eye-opening as: “What surprised me most about the cybercrime world was how many of the offenders know each other in person. When I began this research almost a decade ago, I assumed this would be almost a purely virtual phenomenon. But the more I dug into it, the more I found cybercriminals who met online and then met up in person, or groups of people who knew each other in person already and then started to work together on an online scam. Sometimes this can be very much embedded in local communities and environments. This offline and local dimension is particularly fascinating and something that Federico Varese and I are continuing to investigate.”

Maybe it’s that knowing each other in person builds trust? Or perhaps it just makes it easier to organize if you’re not doing it all online? Indeed, in some cases, Dr. Lusthaus found that some cybercriminals went so far as to invest in office space. They would even organize themselves along corporate hierarchies, with managers, specialist roles, and marketing teams. It turns out that in the cybercrime marketplace you still need someone to advertise your services.

If the way cybercrime can flourish seems oddly entrepreneurial to you, then you’re starting to identify one of what Dr. Lusthaus sees as the key factors behind it. Some of the areas that tend to become cybercrime hubs are places with very strong technical education, but not enough jobs to support all the resulting talent. Lacking employment opportunities or legal avenues for start-up investment, some people turn to cybercrime as a quick way to use their skills to make ends meet.

But not all cybercrime hotspots are the same. There’s a lot of variation tied to the resources and skills available in each area, which then feed into local criminal specialties: ‘The former Soviet Union is one well-known hub for cybercrime. It is known for the most technical types of cybercrime, like malware production. Other key hubs include Romania, Nigeria and Brazil. These often become associated with different kinds of cybercrime. For example, some would say Romanian offenders are famous for “online auction fraud”, which involves selling fictitious products online.

“Nigerian fraudsters have entered so many people’s lives through those (sometimes far-fetched) emails offering strangers part of some fortune if only they can provide a small amount of money to unlock it. This is known as ‘advance fee fraud.’ More recently, these offenders have evolved and now engage in other scams like impersonating CEOs and other company officers to authorize fraudulent transactions. Of course, we also can’t forget about the West, which has a lot of cybercrime offenders engaged in the money side of cybercrime, “cashing out” virtual gains into physical or monetary ones.”

So, what can we do to combat cybercrime in these areas? Various experts, including Dr. Lusthaus, have suggested it’s not a problem we can arrest away. Instead, it may be an issue we can invest away:

“While we lack data and rigorous study on this, I suspect a number of future cybercrime offenders could be diverted into legitimate work. The U.K.’s National Crime Agency is leading the way globally with cybercrime prevention programs. But the real need is to internationalize diversion programs beyond the West and target them to the hubs that produce the most effective cybercriminals, like Eastern Europe. This means creating more opportunities in places where very capable individuals are being pulled into cybercrime because there aren’t enough good jobs to support them. The private sector can potentially play a huge role here.”

Oxford says that if you want to learn more about cybercrime, you can find the details of Dr. Lusthaus’s book and various articles on the Harvard University Press site. But if there’s one key thing you should know about cybercrime, he thinks it should be this one: “Cybercrime is not as shadowy as people think. It’s important not to view cybercriminals as exotic. Mystifying them makes it harder to develop solutions. I think approaching cybercrime in ‘human’ terms is really important to addressing the problem in a more holistic way. It is not just a technical challenge.”