[BreachExchange] No, The Mafia Doesn't Own Cybercrime: Study

[Destry Winant]

https://www.darkreading.com/threat-intelligence/no-the-mafia-doesnt-own-cybercrime-study/d/d-id/1332488?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Organized crime does, however, sometimes provide money-laundering and
other expertise to cybercriminals.

BLACK HAT USA 2018 - Las Vegas - Organized crime organizations play
less of a role in cybercrime than you'd think. Instead, a new
generation of criminal entrepreneurs runs much of the cyberattack
operations worldwide, according to new research presented here today.

Over a seven-year period, Jonathan Lusthaus, director of the human
cybercriminal project at Oxford University's sociology department,
studied the role of mafia/organizations in cybercrime in 20 different
countries, including Russia, Ukraine, Romania, Nigeria, Brazil, China,
and the US. He found that while organized crime provides help or
guidance to cybercrime gangs or campaigns in some cases, the bulk of
these hacking enterprises are conducted by a new breed of criminal.

"I was a little surprised by the limited role that organized crime
appears to play in cybercrime," Lusthaus said. "I was particularly
surprised that I didn't find more cases where these groups were
protecting cybercriminals."

But that actually makes sense, he said. "Cybercriminals often aren't
competing with each other in a traditional territorial way, so they
don't always need gangsters and strongmen to keep them safe or resolve
disputes between them," he explained. "There are some examples of this
but many others where mafias just aren't present."

The premise that organized crime and cybercrime are one and the same
has been based mainly on "innuendo" and assumptions, according to
Lusthaus, who presented his findings here in his talk "Is the Mafia
Taking Over Cybercrime?"

Organized crime organizations' cybercrime activity is "more nuanced,"
according to Lusthaus, happening in a more "organic" fashion. "They
tended to get involved in ways that matched their traditional skill
sets and where there was a genuine need for what they could provide,
such as in running money-mule or money-laundering operations," he
said. "It's also clear that they are using technology to enhance their
other criminal operations, though this isn't cybercrime per se."

Where organized crime organizations intersect with cybercrime falls
into four activities, according to Lusthaus' research: providing
protection for cybercriminals, investing in cybercrime ops, acting as
"service providers" for a cybercrime scheme, and helping guide
cybercriminals in their activities.

Lusthaus interviewed hundreds of law enforcement officials, former
cybercriminals, and other experts and individuals in the private
sector for his research, which is based on his newly published book,
"Industry of Anonymity: Inside the Business of Cybercrime."

Lusthaus found an interesting paradox: While many of the people he
interviewed believed organized crime plays a major role in cybercrime,
few were able to provide examples. "Many participants in this study
believed that organized crime involvement in cybercrime was
substantial. But when pressed, this appeared to be a theoretical
rather than an empirical view," he wrote in a white paper he released
in conjunction with his Black Hat presentation.

'Service Provider'
That said, Lusthaus found several examples where organized crime and
cybercrime work together.

In some cases, organized crime groups are investing financially in
cybercrime, mainly as a way to leverage outside hacking expertise to
make money. In one case shared by a UK law enforcement official, a
cybercriminal got funding from a "well-established" organized crime
syndicate to fund the work of a programmer to write software that
would allow the group to obtain payment card information from banks.
That deal backfired after a dispute between the cybercriminal and the
group, and the cybercriminal had to go on the run after his life was
threatened.

Lusthaus also said there are cases of organized crime groups offering
their own services to cybercrime operations, including the "offline"
money-laundering of stolen money. One high-profile case was the 1994
breach of Citibank by Vladimir Levin, who had millions of dollars from
the hack laundered in illegal money transfers. A US law enforcement
official said a Russian mafia group in St. Petersburg called the
Tambov Gang financed and handled the flow of those stolen funds to
Russia.

Lusthaus found other examples, as well – most recently mafia groups
that smuggle between Eastern and Western Europe card skimmers and
blank cards used for counterfeit credit and debit cards using stolen
account information.

Organized crime also can serve as a coordinator for specific
cybercrime operations. "This usually involves recruiting those with
technical skills, among others, to carry out the jobs," Lusthaus wrote
in his paper.

Interestingly, mafia groups rarely provide protection for
cybercriminals, his research showed. That role typically gets filled
by law enforcement or political figures for a monetary price.

Meanwhile, Lusthaus pointed out a way to deter cybercrime: by
recruiting and hiring cybersecurity professionals in regions where
cybercrime ops are rampant and often the only option for these
individuals, such as in some Eastern European countries.