Hostname: page-component-cd9895bd7-8ctnn Total loading time: 0 Render date: 2024-12-26T07:15:05.710Z Has data issue: false hasContentIssue false

Honour Among (Cyber)thieves?

Published online by Cambridge University Press:  19 September 2018

Jonathan Lusthaus*
Affiliation:
University of Oxford [[email protected]]
Get access

Abstract

It is well known that criminals, who operate outside the law and the protection of the state, face difficulties in cooperating due both to the requirement of secrecy and a deficit of trust. For cybercriminals the anonymity of the Internet creates further challenges, making it even more difficult to assess trustworthiness and enforce agreements. Yet, contrary to expectations, collaboration among cybercriminals is prevalent, and a sophisticated industry has emerged. The purpose of this paper is to address this puzzle in relation to profit-driven cybercrime. It draws on a collection of interviews with former cybercriminals that provide a valuable form of data on micro-level and often secretive interactions. It examines four key mechanisms that lead to improved cooperation: reputation, appearance, performance and enforcement. It also addresses the rarely discussed, and somewhat counterintuitive, role that offline interactions may play in enhancing collective action among cybercriminals.

Résumé

Il est bien connu que les criminels, qui agissent en dehors de la loi et de la protection de l’État, font face à des difficultés particulières pour coopérer, notamment en raison de l’impératif de secret mais également du manque de confiance. Pour les cybercriminels, l’anonymat d’Internet crée des défis supplémentaires, en compliquant tant l’évaluation de la fiabilité que la mise en œuvre des accords. Pourtant, contrairement aux attentes, la collaboration entre les cybercriminels est répandue et une industrie sophistiquée a vu le jour. L’objectif de cet article est de résoudre cette énigme à partir du cas de la cybercriminalité à but lucratif. Il s’appuie sur une série d’entretiens avec d’anciens cybercriminels qui fournissent des données importantes sur leurs micro-interactions le plus souvent secrètes. Il examine quatre mécanismes clés qui permettent d’améliorer la coopération : la réputation, l’apparence, la performance et l’exécution. Il aborde également le rôle rarement discuté, et quelque peu contre-intuitif, que les interactions hors ligne peuvent jouer dans le renforcement de l’action collective parmi les cybercriminels.

Zusammenfassung

Aufgrund der Geheimnispflicht und eines Vertrauensdefizites, arbeiten Kriminelle, die außerhalb der staatlichen Gesetze und deren Schutz handeln, allgemein weniger gern zusammen. Für Cyberkriminelle stellt die online Anonymität eine weitere Herausforderung dar, da sie die Bewertung der Vertrauenswürdigkeit sowie die Vertragsdurchsetzung erschwert. Entgegen aller Erwartungen ist die Zusammenarbeit zwischen Cyberkriminellen weit verbreitet und zu einer hochentwickelten Industrie geworden. Dieses Rätsel soll im Rahmen dieses Beitrags am Beispiel der gewinnbringenden Cyberkriminalität gelöst werden. Gespräche mit ehemaligen Cyberkriminellen liefern hier wichtige Informationen über die meist verschwiegenen Mikrointeraktionen. Vier Schlüsselmechanismen, die die Zusammenarbeit verbessern, werden untersucht: der Ruf, das Erscheinungsbild, die Leistung und die Ausführung. Es wird auch die selten erwähnte Rolle der offline Interaktionen kritisch diskutiert, die nicht intuitiv ist, aber die Zusammenarbeit der Cyberkriminellen fördert.

Type
Research Article
Copyright
Copyright © A.E.S. 2018 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

BIBLIOGRAPHY

Ablon, Lillian, Libicki, Martin C. and Golay, Andrea A., 2014. Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar (Santa Monica, Rand).Google Scholar
Abreu, Dilip, 1988. “On the Theory of Infinitely Repeated Games with Discounting”, Econometrica, 56 (2): 383-396.CrossRefGoogle Scholar
Axelrod, Robert, 2006. The Evolution of Cooperation (New York, Basic Books).Google ScholarPubMed
Bhattacharjee, Yudhijit, 2011. “Welcome to Hackerville: The Romanian Cybercriminal Hotspot”, Wired, Last Modified Febr. 7 2011, accessed January 12 2016. http://www.wired.co.uk/magazine/archive/2011/03/features/welcome-to-hackerville.Google Scholar
Bowcott, Owen, 2009. “International bank raiders foiled by form-filling”, The Guardian, Last Modified March 4, accessed April 3. http://www.theguardian.com/uk/2009/mar/04/sumitomo-fraud-attempt.Google Scholar
Campana, Paolo and Varese, Federico, 2013. “Cooperation in Criminal Organizations: Kinship and Violence as Credible Commitments”, Rationality and Society, 25 (3): 263-289.CrossRefGoogle Scholar
Coleman, James, 1990. Foundations of Social Theory (Cambridge, Mass and London, Belknap Press of Harvard University Press).Google Scholar
Cook, Karen, Snijders, Chris, Buskens, Vincent and Cheshire, Coye, eds. 2009. eTrust: Forming Relationships in the Online World (New York, Russell Sage Foundation).Google Scholar
Dasgupta, Partha, 1988. “Trust as a Commodity”, in Gambetta, D., ed., Trust: Making and Breaking Cooperative Relations (Oxford, Basil Blackwell: 49-72).Google Scholar
Davies, Caroline, 2010. “Welcome to DarkMarket––Global One-Stop Shop for Cybercrime and Banking Fraud”, The Guardian, Last Modified January 14 2010, accessed August 1 2011. http://www.guardian.co.uk/technology/2010/jan/14/darkmarket-online-fraud-trial-wembley.Google Scholar
Décary-Hétu, David and Dupont, Benoit, 2012. “The Social Network of Hackers”, Global Crime, 13 (3): 160-175.CrossRefGoogle Scholar
Décary-Hétu, David and Dupont, Benoit, 2013. “Reputation in a Dark Network of Online Criminals”, Global Crime, 14 (2-3): 175-196.CrossRefGoogle Scholar
Dellarocas, Chrysanthos, 2003. “The Digitization of Word-of-Mouth: Promise and Challenges of Online Feedback Mechanisms”, Management Science, 49 (10): 1407-1424.CrossRefGoogle Scholar
Diekmann, Andreas, Jann, Ben and Wyder, David, 2009. “Trust and Reputation in Internet Auctions”, in Cook, K., Snijders, C., Buskens, V. and Cheshire, C., eTrust: Forming Relationships in the Online World (New York, Russell Sage Foundation: 139-165).Google Scholar
Dixit, Avinash, 2004. Lawlessness and Economics: Alternative Modes of Governance (Princeton and Oxford, Princeton University Press).Google Scholar
Drömer, Jan and Kollberg, Dirk, 2012. The Koobface Malware Gang Exposed (Abingdon, Sophos).Google Scholar
Dupont, Benoit, 2014. “Skills and Trust: A Tour Inside the Hard Drives of Computer Hackers”, in Morselli, C., ed., Crime and Networks (New York, Routledge: 195-217).Google Scholar
Dupont, Benoît, Côté, Anne-Marie, Savine, Claire and Décary-Hétu, David, 2016. “The Ecology of Trust among Hackers”, Global Crime, 17: 129-151.CrossRefGoogle Scholar
EC3, 2014. The Internet Organised Crime Threat Assessment (The Hague, Europol).Google Scholar
Gambetta, Diego, 1993. The Sicilian Mafia: The Business of Private Protection (Cambridge and London, Harvard University Press).Google Scholar
Gambetta, Diego, 2009. Codes of the Underworld: How Criminals Communicate (Princeton and Oxford, Princeton University Press).Google Scholar
Gibbons, Robert, 2001. “Trust in Social Structures: Hobbes and Coase Meet Repeated Games”, in Cook, K., Trust in Society (New York, Russell Sage Foundation).Google Scholar
Glenny, Misha, 2011. DarkMarket: CyberThieves, CyberCops and You (London, Bodley Head).Google Scholar
Grabosky, Peter, 2001. “Virtual Criminality: Old Wine in New Bottles?”, Social & Legal Studies, 10 (2): 243-249.CrossRefGoogle Scholar
Graham, James, ed. 2009. Cyber Fraud: Tactics, Techniques, and Procedures (Boca Raton, CRC Press).Google Scholar
Granovetter, Mark, 1985. “Economic Action and Social Structure: The Problem of Embeddedness”, American Journal of Sociology, 91 (3): 481-510.CrossRefGoogle Scholar
Greif, Avner, 1989. “Reputation and Coalitions in Medieval Trade: Evidence on the Maghribi Traders”, Journal of Economic History, 49 (4): 857-882.CrossRefGoogle Scholar
Halpern, Jake, 2015. “Bank of the Underworld”, The Atlantic, accessed May 15 2017. http://www.theatlantic.com/magazine/archive/2015/05/bank-of-the-underworld/389555/. Date?Google Scholar
Hardin, Russell, 2001. “Conceptions and Explanations of Trust”, in Cook, K., Trust in Society (New York, Russell Sage Foundation: 3-39).Google Scholar
Hardy, Robert and Norgaard, Julia, 2016. “Reputation in the Internet Black Market: An Empirical and Theoretical Analysis of the Deep Web”, Journal of Institutional Economics, 12 (3): 515-539.CrossRefGoogle Scholar
Holt, Thomas, 2013a. “Examining the Forces Shaping Cybercrime Markets Online”, Social Science Computer Review, 31 (2): 165-177.CrossRefGoogle Scholar
Holt, Thomas, 2013b. “Exploring the Social Organisation and Structure of Stolen Data Markets”, Global Crime, 14 (2-3): 155-174.CrossRefGoogle Scholar
Holt, Thomas and Lampke, Eric, 2010. “Exploring Stolen Data Markets Online: Products and Market Forces”, Criminal Justice Studies, 23 (1): 33-50.CrossRefGoogle Scholar
Hutchings, Alice, 2014. “Crime from the Keyboard: Organised Cybercrime, Co-offending, Initiation and Knowledge Transmission”, Crime, Law and Social Change, 62 (1): 1-20.CrossRefGoogle Scholar
Jordan, Tim and Taylor, Paul, 1998. “A Sociology of Hackers”, The Sociological Review, 46 (4): 757-780.CrossRefGoogle Scholar
King, Gary, Keohane, Robert and Verba, Sidney, 1994. Designing Social Inquiry: Scientific Inference in Qualitative Research (Princeton, Princeton University Press).Google Scholar
Klein, Benjamin and Leffler, Keith, 1981. “The Role of Market Forces in Assuring Contractual Performance”, Journal of Political Economy, 89 (4): 615-641.CrossRefGoogle Scholar
Krebs, Brian, 2013. “The World Has No Room For Cowards”, KrebsonSecurity, Last Modified March 15 2013, accessed September 22 2015. http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/.Google Scholar
Krebs, Brian, 2014. Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door (Naperville, Sourcebooks).Google Scholar
Krebs, Brian, 2015. “Arrests Tied to Citadel, Dridex Malware”, KrebsonSecurity, Last Modified September 7 2015, accessed November 8 2015. http://krebsonsecurity.com/2015/09/arrests-tied-to-citadel-dridex-malware/.Google Scholar
Kshetri, Nir, 2010. The Global Cybercrime Industry: Economic, Institutional and Strategic Perspectives (Berlin, Springer).CrossRefGoogle Scholar
Lavorgna, Anita, 2015. “Organised crime goes online: realities and challenges”, Journal of Money Laundering Control, 18 (2): 153-168.CrossRefGoogle Scholar
Leukfeldt, Rutger, Kleemans, Edward and Stol, Wouter, 2017. “Cybercriminal Networks, Social Ties and Online Forums: Social Ties Versus Digital Ties Within Phishing and Malware Networks”, British Journal of Criminology, 57 (3): 704-722.Google Scholar
Leukfeldt, Rutger, Lavorgna, Anita and Kleemans, Edward, 2016. “Organised Cybercrime or Cybercrime that is Organised? An Assessment of the Conceptualisation of Financial Cybercrime as Organised Crime”, European Journal on Criminal Policy and Research, 23 (3): 287-300.CrossRefGoogle Scholar
Levi, Michael, 2008. The Phantom Capitalists: The Organisation and Control of Long-Firm Fraud (Aldershot, Ashgate).Google Scholar
Lusthaus, Jonathan, 2012. “Trust in the World of Cybercrime”, Global Crime, 13 (2): 71-94.CrossRefGoogle Scholar
Lusthaus, Jonathan, 2013. “How Organised is Organised Cybercrime?”, Global Crime, 14 (1): 52-60.CrossRefGoogle Scholar
Lusthaus, Jonathan, 2014. “Electronic Ghosts”, Democracy, Winter, no. 31.Google Scholar
Lusthaus, Jonathan and Varese, Federico, 2017. “Offline and Local: The Hidden Face of Cybercrime”, Policing: A Journal of Policy and Practice, published online July 28, 2017.CrossRefGoogle Scholar
Mccusker, Rob, 2006. “Transnational Organised Cyber Crime: Distinguishing Threat from Reality” , Crime, Law and Social Change, 46 (4-5): 257-273.CrossRefGoogle Scholar
Mell, Andrew, 2015. “Promoting Market Failure: Fighting Crime with Asymmetric Information”, Department of Economics Discussion Paper Series (Oxford, University of Oxford).Google Scholar
Milgrom, Paul, North, Douglass and Weingast, Barry, 1990. “The Role of Institutions in the Revival of Trade: The Law Merchant, Private Judges, and the Champagne Fairs”, Economics and Politics, 2 (1): 1-23.CrossRefGoogle Scholar
Moore, Tyler, Clayton, Richard and Anderson, Ross, 2009. “The Economics of Online Crime”, The Journal of Economic Perspectives, 23 (3): 3-20.CrossRefGoogle Scholar
Motoyama, Marti, Mccoy, Damon, Levchenko, Kirill, Savage, Stefan and Voelker, Geoffrey, 2011. “An Analysis of Underground Forums”, Internet Measurement Conference 2011, Berlin, November 2.Google Scholar
Pistone, Joseph, 1987. Donnie Brasco: My Undercover Life in the Mafia (London, Hodder).Google Scholar
Poulsen, Kevin, 2011. Kingpin (New York, Crown Publishers).Google Scholar
Ragan, Steve, 2012. “Eight Arrested in Moscow After Allegedly Stealing Millions Using Carberp Trojan”, Security Week, Last Modified March 21 2012, accessed September 25 2015. http://www.securityweek.com/eight-arrested-moscow-after-allegedly-stealing-millions-using-carberp-trojan.Google Scholar
Resnick, Paul and Zeckhauser, Rihard, 2002. “Trust among Strangers in Internet Transactions: Empirical Analysis of eBay’s Reputation System”, in Baye, M., ed., The Economics of the Internet and E-Commerce (Amsterdam, Elsevier Science: 127-157).CrossRefGoogle Scholar
Reuter, Peter, 1983. Disorganized Crime: The Economics of the Visible Hand (Cambridge, Mass; London, MIT Press).Google Scholar
Schelling, Thomas, 1980. The Strategy of Conflict (Cambridge, Harvard University Press).Google Scholar
Skarbek, David, 2011. “Governance and Prison Gangs”, American Political Science Review, 105 (4): 702-716.CrossRefGoogle Scholar
Sztompka, Piotr, 1999. Trust: A Sociological Theory (Cambridge, Cambridge University Press).Google Scholar
Varese, Federico, 2001. The Russian Mafia: Private Protection in a New Market Economy (Oxford, Oxford University Press).CrossRefGoogle Scholar
Varese, Federico, 2011. Mafias on the Move (Princeton and Oxford, Princeton University Press).Google Scholar
Verini, James, 2010. “The Great Cyberheist”, The New York Times, Last Modified November 10 2010, accessed September 3 2015. http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html?_r=1.Google Scholar
Wall, David, 2007. Cybercrime: The Transformation of Crime in the Information Age (Cambridge, Polity).Google Scholar
Wall, David, 2014. “Internet Mafias? The Dis-Organisation of Crime on the Internet”, in Caneppele, S. and Calderoni, F., ed., Organized Crime, Corruption and Crime Prevention (Cham, Springer: 227-238).CrossRefGoogle Scholar
Wang, Peng, 2011. “The Chinese Mafia: Private Protection in a Socialist Market Economy”, Global Crime, 12 (4): 290-311.CrossRefGoogle Scholar
Yip, Michael, Webber, Craig and Shadbolt, Nigel, 2013. “Trust Among Cybercriminals? Carding Forums, Uncertainty and Implications for Policing”, Policing and Society, 23 (4): 516-539.CrossRefGoogle Scholar