This article examines the network structure, criminal cooperation, and external interactions of cybercriminal networks. Its contribution is empirical and inductive. The core of this study involved carrying out 10 case analyses on closed cybercrime investigations – all with financial motivations on the part of the offenders - in the UK and beyond. Each analysis involved investigator interview and access to unpublished law enforcement files. The comparison of these cases resulted in a wide range of findings on these cybercriminal networks, including: a common division between the scam/attack components and the money components; the presence of offline/local elements; a broad, and sometimes blurred, spectrum of cybercriminal behaviour and organisation. An overarching theme across the cases that we observe is that cybercriminal business models are relatively stable.
Presentation by Rutger Leukfeldt on Financially motivated cybercriminal networks, during workshop on Cybercrime Offenders. Cybercrime perpetrators are as diverse and complex as the cybercrime that they commit. For example, they come from different backgrounds and have different (egotistical, technical, monetary, ideological, political, professional, vengeful, sexual or other) motivations. They may or may not be professional criminals, and individuals or part of organised groups or networks (example of Advanced Persistent Threats). Some may commit crime on their own account or make their services available to others, and some may be supported by or be state actors. A better understanding of the types of perpetrators and their motivations and techniques can be instrumental for the prevention of cybercrime and for a more effective criminal justice response. The aim of this workshop is to contribute to such a better understanding and to initiate steps towards a typology of offenders.
Criminologists have frequently debated whether offenders are specialists, in that they consistently perform either one offense or similar offenses, or versatile by performing any crime based on opportunities and situational provocations. Such foundational research has yet to be developed regarding cybercrimes, or offenses enabled by computer technology and the Internet. This study address this issue using a sample of 37 offender networks. The results show variations in the offending behaviors of those involved in cybercrime. Almost half of the offender networks in this sample appeared to be cybercrime specialists, in that they only performed certain forms of cybercrime. The other half performed various types of crimes on and offline. The relative equity in specialization relative to versatility, particularly in both on and offline activities, suggests that there may be limited value in treating cybercriminals as a distinct offender group. Furthermore, this study calls to question what factors influence an offender's pathway into cybercrime, whether as a specialized or versatile offender. The actors involved in cybercrime networks, whether as specialists or generalists, were enmeshed into broader online offender networks who may have helped recognize and act on opportunities to engage in phishing, malware, and other economic offenses.
