• عربي
  • 中文
  • English
  • Français
  • Русский
  • Español
 
  This module is a resource for lecturers  

 

Cyber organized crime activities

 

Cyber organized criminals have engaged in a variety of cybercrimes, including fraud, hacking, malware creation and distribution, DDoS attacks, blackmail, and intellectual property crime (see Cybercrime Module 2 on General Types of Cybercrime and Cybercrime Module 11 on Cyber-Enabled Intellectual Property Crime), such as the sale of counterfeit or falsified trademarked products (e.g., apparel, accessories, shoes, electronics, medical products, automobile parts, etc.) and the labels, packages, and any other identifying designs of these products (Albanese, 2018; Europol, 2018; Broadhurst et al., 2018; Maras, 2016). These types of cybercrimes cause financial, psychological, economic, and even physical harm (especially counterfeit electronics and automobile parts, as well as falsified medical products, defined by the World Health Organization as "deliberately/fraudulently misrepresent their identity, composition or source," see WHO, 2017), and have been used to fund other forms of serious crime, such as terrorism (Binder, 2016). 

Criminal groups that engage in cyber organized crime also provide services that facilitate crimes and cybercrimes (crime as a service), such as data and identity documents (e.g., financial and health data, passports, voter registration identifications); malware (i.e., made to order or known malware - e.g., Zeus, a banking Trojan, designed to surreptitiously capture users' banking details and other information needed to log in to online accounts); distributed denial of service (DDoS) attacks and botnet services; keyloggers; phishing/spearphishing tools; hacking tutorials; and information about vulnerabilities and exploits and instructions on how to take advantage of these (Broadhurst et al., 2018; Maras, 2016). For instance, the Shadowcrew, "an international organization of approximately 4,000 members … promoted and facilitated a wide variety of criminal activities [online] including, among others, electronic theft of personal identifying information, credit card and debit card fraud, and the production and sale of false identification documents" ( United States v. Mantovani et al., criminal indictment, 2014).

Organized criminal groups have also profited and/or otherwise benefited from illicit products and services offered online. For example, the creator of the Butterfly Bot advertised this malware online as capable of taking control of Windows and Linux computers (BBC News, 2013). The creator of the Butterfly Bot also sold plug-ins that modified the functions of the malware, and also offered to create customized versions of the malware for paying customers (FBI, 2010). Various online criminal networks deployed the Butterfly Bot, the largest application of this malware resulted in the Mariposa botnet, which infected 12.7 million computers around the world (BBC News, 2013).

Did you know?

As of February 2019, the perpetrators of the Zeus malware are still wanted in the United States and are on the US Federal Bureau of Investigation's (FBI) Cyber's Most Wanted List.

Want to learn more?

For more information, see: FBI.

Cyber organized criminalsalso provide bulletproof hosting services, which enable criminals to utilize servers to commit cybercrime and does not remove criminal content from these servers (National Cyber Security Centre, 2017, p. 8). Because of low trust in criminal transactions online and the existence of scammers, escrow services provided by cyber organized criminal groups are high in demand. These escrow services enable the funds criminal customers pay for illicit goods and services to be sent only after they confirm that the goods or services they paid for were received in good order (National Cyber Security Centre, 2017, p. 8). 

Illicit goods and services are primarily purchased with cryptocurrency (i.e., "a digital currency that utilizes cryptography for security reasons;" Maras, 2016, p. 337). There are numerous cryptocurrencies on the market (e.g., Bitcoin, Litecoin, Dogecoin, Ethereum, and Monero, to name a few). While most darknet markets primarily use Bitcoin, other cryptocurrencies (e.g., Ethereum and Monero) are being utilized, and in some cases, preferred over Bitcoin (US Department of Justice, 2017; Broadhurst et al., 2018; Europol, 2018). Certain darknet sites use what is known as a 'tumbler,' which sends 'all payments through a complex, semi-random series of dummy transactions … making it nearly impossible to link … [a] payment with any … [cryptocurrency] leaving the site' ( United States v. Ross William Ulbricht, Criminal Complaint, 2013, p. 14).

Furthermore, cyber organized criminals also provide money-laundering (i.e., "the process whereby criminals conceal and legitimate illicit funds") as a service (Maras, 2016). The proceeds from the services provided by cyber organized criminals are also laundered. Money-laundering involves three stages: placement of illicit proceeds in financial system ( placement), concealment of the origin of illicit funds ( layering), and reintroduction of funds into the economy with concealed origin ( integration) (UNODC, n.d.; also see Module 4 on Infiltration of Organized Crime in Business and Government of the E4J University Module Series on Organized Crime). Money is laundered utilizing digital currency (i.e., unregulated currency only available virtually); prepaid credit and debit cards (even Bitcoin-based cards); gift cards; money mules' bank accounts; fake name/shell company bank accounts; PayPal accounts; online gaming sites (via virtual gaming currency); and illicit gambling sites (McMullan and Rege, 2010; Maras, 2016; Europol, 2018).

According to Europol (2018), cyber organized criminals are also utilizing semi-automated cryptocurrency exchanges (known as swappers) and decentralized (peer-to-peer) exchanges, which do not require the identification and verification of users (pursuant to Know Your Customer requirements for regulated financial institutions) to launder criminal proceeds (Europol, 2018). Moreover, cyber organized criminals have found new and creative ways to launder money, such as Uber "ghost journeys" (i.e., drivers receive funds from money launderers to accept ride requests from Uber accounts at a prearranged price without the launderers actually using the service), and fake Airbnb rentals (i.e., money launderers pay Airbnb owners without staying at their property) (Busby, 2018). Furthermore, cyber organized criminals engage in microlaundering "a process whereby criminals launder large amounts of money by engaging in numerous small transactions". Online, these types of transactions can occur on commercial sites, auctions sites, and even employment sites (Maras, 2016).

Did you know?

Digital payment systems are being targeted by cyber organized criminals. In 2014, a criminal network utilized malware targeting the Boleto Bancário (or Boletos), a legitimate, widely used payment method in Brazil. The malware (known as bolware) redirected Boleto payments to the accounts of criminals within the networks and money mules (Perlroth, 2014).

Want to learn more?

Krebs, Brian. (2014). Brazilian 'Boleto' Bandits Bilk Billions.

Furthermore, cyber organized criminals have utilized information and communication technology (ICT) to facilitate various forms of traditionally offline organized crime activities, such as the smuggling of migrants and trafficking in persons, wildlife, drugs, firearms, and cigarettes trafficking (see the E4J University Module Series on Trafficking in Persons and Smuggling of Migrants, the E4J University Module Series on Wildlife, Forest and Fisheries Crime, the E4J University Module Series on Firearms and Module 3 of the E4J University Module Series on Organized Crime) For instance, the smuggling of migrants, which is defined under Article 3(a) of the United Nations Protocol against the Smuggling of Migrants by Land, Sea and Air of 2000, supplementing the Organized Crime Convention as "the procurement, in order to obtain, directly or indirectly, a financial or other material benefit, of the illegal entry of a person into a State Party of which the person is not a national or a permanent resident", has been facilitated by smugglers' use of ICT to advertise, recruit, communicate with, and ultimately sell their services to migrants (European Commission, 2016; Maras, 2016; see Module 14 of the E4J University Module Series on Trafficking in Persons and Smuggling of Migrants for further information).

Likewise, ICT facilitates trafficking in persons (see Module 3 of the E4J University Module Series on Organized Crime, and the E4J University Module Series onTrafficking in Persons and Smuggling of Migrants for further information on trafficking in persons), which is defined, under Article 3(a) of the United Nations Protocol to Prevent, Suppress and Punish Trafficking in Persons, Especially Women and Children, Supplementing the United Nations Convention against Transnational Organized Crime of 2000, as the

"recruitment, transportation, transfer, harbouring or receipt of persons, by means of the threat or use of force or other forms of coercion, of abduction, of fraud, of deception, of the abuse of power or of a position of vulnerability or of the giving or receiving of payments or benefits to achieve the consent of a person having control over another person, for the purpose of exploitation. Exploitation shall include, at a minimum, the exploitation of the prostitution of others or other forms of sexual exploitation, forced labour or services, slavery or practices similar to slavery, servitude or the removal of organs."

ICT has been used by traffickers to identify and recruit victims using false promises of work, fame, and love, advertise victims, communicate with clients and other traffickers, plan, organize and arrange meetings with clients and victims, and monitor victims' whereabouts and control their activities (Latonero 2011; Latonero 2012; Latonero, Wex, and Dank, 2015; Maras, 2016; Europol, 2017; Maras, 2017; see Module 14 of the E4J University Module Series on Trafficking in Persons and Smuggling of Migrants).

In addition to the smuggling of migrants and trafficking in persons, traffickers have used ICT to engage in wildlife trafficking ("illegal capture, trade, and possession of endangered species, protected wildlife, and parts and products thereof"; Maras, 2016, p. 357) in contravention of the Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES) of 1973 (see Organized Crime Module 3 for further information on wildlife trafficking). Besides some studies that have shown the sale of wildlife on social media platforms, auction websites, and commercial websites (e.g., IFAW, 2005; IFAW, 2008; IFAW, 2014; Lavorgna, 2014; Maras, 2016), a few studies have identified the use of the darknet by wildlife traffickers (e.g., Roberts and Hernandez-Castro, 2017; IFAW, 2017). For example, a report by the International Fund for Animal Welfare, the US Department of State, and the African Wildlife Foundation, revealed that rhinoceros, elephant and tiger parts were advertised and sold for bitcoins on the darknet (IFAW, 2017). Nevertheless, "very little…[illegal wildlife trade (IWT)] has ended up on the dark web;" in fact, the "listings of rhino horn or ivory are mostly found to be the by-catch of traders who specialize in other illicit trades…This would suggest that there is so little fear of legal enforcement against IWT on the surface web that traders do not think it is worth hiding their activities on the dark web, as child pornographers, drug dealers and arms traffickers know they must" (Haysom, 2018, p. 6).

Moreover, ICT has been used to facilitate drug trafficking, "the unlawful distribution and sale of drugs in violation of existing national and international laws" (Maras, 2016, p. 365), such as the United Nations Single Convention on Narcotic Drugs of 1961 (as amended in 1972), the Convention on Psychotropic Substances of 1971, and the Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances of 1988 (see Organized Crime Module 3 for further information on drug trafficking). Research has shown that cryptomarkets, "a type of website that employs advanced encryption to protect users' anonymity" (Broseus et al., 2016, p. 7), like the now defunct Silk Road (a darknet site), are increasingly being used by drug traffickers to expand their operations by reaching customers all over the world (Barratt, 2012; Christin, 2012; Martin, 2014; Maras, 2014). These cryptomarkets minimize the risks of violence and exposure to law enforcement (with the exception of the risks associated with the interception of package deliveries; Décary-Hétu et al., 2016; Aldridge and Askew, 2017) that are present in offline drug trafficking (Norbutas, 2018). These cryptomarkets also reduce the uncertainties associated with drug markets, increase buyers' access to sellers' information and feedback from buyers on the quality of the sellers' products and trustworthiness (via ratings), and increase sellers' access to drugs and buyers' access to clients (Cambini et al., 2011; Van Buskirk, Naicker, Roxburgh, Bruno, & Burns, 2016; Hardy & Norgaard, 2016; Przepiorka et al., 2017).

Furthermore, ICT facilitates firearms trafficking (see Organized Crime Module 3 as well as the E4J University Module Series on Firearms for further information on firearms trafficking), which is defined under Article 3(e) of the United Nations Protocol against the Illicit Manufacturing of and Trafficking in Firearms, Their Parts and Components and Ammunition, supplementing the United Nations Convention against Transnational Organized Crime of 2000, as "the import, export, acquisition, sale, delivery, movement or transfer of firearms, their parts and components and ammunition from or across the territory of one State Party to that of another State Party if any one of the States Parties concerned does not authorize it in accordance with the terms of this Protocol or if the firearms are not marked in accordance with article 8 of this Protocol [for the purpose of identification and tracking of firearms]." Advertisements for the illegal sale of firearms have been placed on social media, auction, and commercial websites, as well as darknet sites (Maras, 2016; GAO, 2017). For example, legally acquired firearms in the United States have then been sold illegally by traffickers on darknet sites (e.g., Agora Market, BMR and Utopia) and shipped to numerous countries in Europe in contravention of States' laws (US Department of Justice, 2017).

Lastly, ICT has been used to facilitate the trafficking of cigarettes (see Organized Crime Module 3 for further information on counterfeit products trafficking, including cigarettes), which "occurs when individuals, groups, or businesses seek to sell cigarettes in a manner that evades existing laws and taxation rates or sell counterfeit cigarettes and cigarettes with counterfeit tax stamps" (Maras, 2016, p. 364). Research has shown that cigarette trafficking has occurred on commercial and auction websites, as well the darknet (Décary-Hétu, Mousseau, Rguioui, 2018; Maras, 2016).

Ultimately, the Internet has made the distribution of goods and services much simpler; in the cases of counterfeiting and cigarettes (and depending on the part of the world, firearms), the existing legitimate supply chain is abused by traffickers (Wilson and Kinghorm, 2015; Reichel and Albanese, 2013); in other forms of trafficking, such as drugs, humans, wildlife, firearms, as well as in counterfeiting and cigarette trafficking, the Internet removes barrier to entry into these forms of organized crime by providing perpetrators with the knowledge and tools they need, and access to customers to sell their illicit goods and services (Maras, 2016). While it is known that ICT facilitates the smuggling of migrants and different forms of trafficking, the nature and extent of this smuggling and these forms of trafficking online is currently unknown (Maras, 2016); the same holds true for other forms of trafficking, such as falsified medical products, wildlife, cultural property as well as minerals and metals.

 
Next: Preventing and countering cyber organized crime
Back to top