Cybercriminals Rarely Work Alone. Why the Idea of the Lone Hacker Is Wrong
In the popular imagination, hackers are hoodie-wearing loners that spend most of their time bent over a laptop with a screen full of green and black scrolling code. New research, published in the International Journal of Offender Therapy and Comparative Criminology, shows that this image, or at least the idea behind it, is wrong. In reality, hackers rarely, if ever, work alone.
Researchers from The Hague University of Applied Sciences in the Netherlands and Michigan State University in the USA studied 18 criminal cases in which individuals were successfully prosecuted for phishing attacks. The information the researchers looked at was taken from original police files, which in turn was gathered from IP and wiretapping as well as through undercover policing and house searches.
The researchers found that in the majority of cases, there was some level of co-operation between the hackers involved. Almost all cybercriminal groups had some degree of hierarchy and division of labor.
For example, when it came to phishing people’s card details, hackers formed networks that had a chain command, defined job roles, and pay structures. These networks resembled limited companies, not groups of college kids. Only one of the groups studied had members who the researchers described as “peers.”
The study found that cybercriminals formed these networks because their members needed people with a specific skill set to complete certain jobs. A group with expertise in password encryption, for example, might look for someone with experience in building and running malware. Recruitment took place mostly on dark web-based forums but also happened offline.
While all the groups studied had some degree of formality, some cybercriminal networks had particularly businesslike structures.
In one example, a network consisted of eight core members, nine facilitators, and at least 50 to 60 “money mules” (whose job it was to allow the group to use their bank accounts to send and receive laundered cash).
The core members acted as the management team and controlled the network while also having set jobs within it. One member’s role was specifically to transfer money from victim accounts to money mule accounts. Other members were tasked with cashing the money or recruiting new money mules.
Facilitators, on the other hand, built phishing websites and made fake identification documents. The faked documents were then used to open more bank accounts that were accessed by money mules at a later date.
The group also employed a female “caller” whose job was to telephone victims that entered their credentials on the phishing website. The caller pretended to be from the victim’s bank and tried to obtain a one-time security code needed to transfer money.
However, while well organized, the research shows that cybercriminal groups are not exactly virtual mafias.
Speaking to the website phys.org, the studies co-author Thomas Holt says, “We found that these cybercriminals work in organizations, but those organizations differ depending on the offense. They may have relationships with each other, but they’re not multi-year, multi-generation, sophisticated groups that you associate with other organized crime networks.”
The study also showed that there’s no obvious link between existing organized crime gangs and cybercrime. This finding backs up previous research that showed that traditional organized crime gangs don’t seem to have much to do with cybercrime.
Regardless of its level of organization, cybercrime is a massive problem. Cybercrime costs companies and individuals hundreds of billions of dollars annually. As a threat, cybercrime grows every year. While this research does not end cybercrime, understanding how its perpetrators’ work might help protect against it.
Imagine a world where soldiers will have cyborg exoskeleton armor that will give them increased physical and mental performance. The Warrior Web program, funded by the