"

Sophisticated Cyber Criminal Organizations

Module 5 explores how advances in technology and information systems have enabled traditional criminal organizations to evolve into cyber actors, groups that now operate globally with widespread impact. With the proliferation of affordable computers, advanced programming languages, and interconnected networks, cybercriminals have exploited both technical and human vulnerabilities to infect, compromise, and control digital systems.

This convergence of technical skill and criminal motivation has led to the rise of highly organized and cooperative enterprises that operate across borders, often anonymously, through platforms such as the Dark Web. New criminal business models have emerged, such as Ransomware-as-a-Service (RaaS), which expand the scope and scale of threats.

Learning Objectives

After completing this module, you should be able to:

  • explain how cybercrime affects individuals, businesses, and governments, covering data breaches, financial damage, operational disruptions, and national security threats.
  • define and distinguish the main types of cyber and state-sponsored espionage.
  • identify and explain common types of insider fraud and their consequences.
  • assess global and country-level initiatives to prevent and defend against intellectual property theft.
  • examine the structure and purpose of underground marketplaces, such as the Deep Web and Tor networks.
  • recognize how traditional criminal organizations adapt to digital environments.
  • explain how programming languages and coding techniques are used to create malicious software (e.g., viruses, worms, Trojans) and evaluate their impact.

Summary

The rapid advancement of technology has allowed traditional criminal groups to expand into cyberspace, turning them into global players with broad influence. Affordable computing power, sophisticated programming languages, and the interconnectedness of modern information systems have created chances to exploit both technical flaws and human weaknesses. These opportunities have driven the rise of cyber-dependent crimes, such as data breaches, financial scams, identity theft, and cyber espionage, that threaten individuals, companies, and governments alike.

The adaptation of traditional organized crime groups into the digital realm has also transformed the core structure of illicit enterprises. Cybercriminals now operate as sophisticated networks that resemble legitimate businesses: they subcontract tasks, sell tools and services on underground markets, and coordinate operations anonymously through the Dark Web. Ransomware-as-a-Service (RaaS) exemplifies this model by enabling even minimally skilled actors to launch highly disruptive attacks.

The societal consequences of these developments are broad. People experience identity theft and privacy loss, businesses face shutdowns and damage to their reputation, and governments deal with cyberattacks that threaten national security and public trust. Law enforcement efforts, such as stronger cybersecurity measures, international cooperation, and legislative changes, are ongoing but face constant challenges from the creativity and adaptability of criminal actors.

Ultimately, while technological safeguards continue to develop, the human element remains the most persistent vulnerability. Designers, operators, and end-users alike introduce risks through error, negligence, or malicious insider activity. For criminologists and practitioners, understanding the intersection of technology, human behavior, and criminal enterprise is crucial for developing effective strategies for prevention, enforcement, and policy responses in a world where cybercrime is not just a technological issue but a global social problem.

Key Takeaways

Traditional criminal organizations have increasingly turned to technology and information systems to further their illicit activities, resulting in domestic and international repercussions.

Cybercriminals use programming languages and techniques to create malicious software, such as viruses, worms, and Trojans, capable of infiltrating and compromising targeted systems.

Criminal organizations leverage the anonymity provided by the internet to conduct illegal transactions, launder money, and coordinate criminal activities across borders, posing significant challenges to law enforcement agencies worldwide.

Cybercrime affects individuals, businesses, and governments alike, causing data breaches, financial loss, operational disruption, and national security threats. Governments and law enforcement agencies have ramped up efforts to combat cybercrime through enhanced cybersecurity measures, international cooperation, and legislative frameworks.

Key Terms/Concepts

American Society of Industrial Security (ASIS)
Attribution Problem
Bulletproof Hosting
Counter Antivirus (CAV)
Cybercrime
Cybersecurity
Cyber Attack
Cybercrime Business
Data Breach
Deep Web
Economic Espionage
Industrial Espionage
Insider Threats
Intellectual Property Theft
Malicious Software
National Insider Threat Task Force (NITTF)
Ransomware as a Service (RaaS)
Transnational Organized Crime
Trojan Horse

Modern Example

Social Gangs, Party Gangs, Serious Delinquent Gangs, Organized Gangs, and Now Ransomware Gangs

The rise of the cybercriminal enterprise, especially Ransomware-as-a-Service (RaaS), has significantly transformed the cybercrime landscape. This shift results from the merging of technical expertise and motivation within large, well-organized, and sophisticated criminal groups.

Ransomware-as-a-Service (RaaS): RaaS is a model where ransomware developers sell or lease their ransomware to other criminals, who then execute the attacks. This approach has lowered the barriers to entry for cybercriminals, allowing individuals without technical skills to launch sophisticated ransomware attacks. The creators profit from each successful attack using their ransomware, making it a profitable enterprise.

Cybercriminal organizations have become more structured and business-like, often mimicking legitimate enterprises. They have departments dedicated to various tasks such as developing ransomware, executing attacks, negotiating with victims, and laundering ransom money. This level of organization and sophistication has made these criminal enterprises highly effective and resilient.

These organizations have also demonstrated a remarkable ability to collaborate and communicate via underground channels, such as the Dark Web. They share tools, tactics, and intelligence, and even form alliances or cartels to coordinate attacks and share profits. This collaboration has expanded their reach and influence, making it more difficult for law enforcement agencies to track and disrupt their activities.

ABC News In-Depth (April 17, 2023)

 

Read, Review, Watch and Listen

  1. Read and explore an example of how the deep web is used to engage in illicit activity. Read Operation Disarray: Shining a Light on the Dark Web Nationwide Law Enforcement Action Targets Online Drug Trafficking
  2. Read the Department of Homeland Security’s overview of Insider Threats. Pay particular attention to those sections on: (1) Motivation, (2) Approach, (3) Performer, and (4) Resources.
  3. Read Cybercrime Magazine’s The History Of Cybercrime And Cybersecurity, 1940-2020
    1. Consider how traditionally and up through the 1990s, cybercriminals would conduct direct attacks at consumer computers or corporate networks and engage in nearly unnoticeable forms of financial fraud, e.g., Salami Slicing; that is, shaving pennies from little used accounts, at various banks.
  4. Read ASIS’s Security Management publication An Unfair Advantage: Confronting Organized Intellectual Property Theft
  5. Review EMBROKER’s risk management overview of employee theft titled 60+ Employee Theft Statistics for 2023
    1. Note that there is a comprehensive list of related resources, organized by category, e.g., intellectual property theft, which serves as an excellent starting point for anyone interested in drafting a topical paper on the subject.
  6. Review Trend Micro Systems’ research paper titled, Inside the halls of a cybercrime business (David Sancho and Mayra Rosario Fuentes, April 2023)
  7. Review Europol’s Internet Organized Crime Threat Assessment (IOCTA). Annual report that examines emerging trends in organized cybercrime, including ransomware, phishing, and the role of the Dark Web in facilitating illicit services.
  8. Review the United Nations Office on Drugs and Crime (UNODC) – Global Programme on Cybercrime. Offers international perspectives on how organized crime groups exploit technology and how nations are responding. Useful for linking domestic and global policy issues.
  9. Review Intellectual Property Theft: A Threat to Working People and the Economy (Department of Professional Employees, 2021). Expands the intellectual property theft discussion into economics and geopolitics, connecting directly with national security.
  10. Watch Can overview of CERT’s ® Insider Threat Center Certificate Programs [also embedded below].
  11. Watch What is The Dark Web and How to Access it Safely? What is The Dark Web and How to Access it Safely? [also embedded below].
  12. Listen to the Darknet Diaries, The Carder (February, 2019). Engaging storytelling format that makes real cases of cybercrime and underground economies accessible to students.

 

Activity

STOP!!! Students should review the course syllabus to determine the assignment of this activity.

This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.

Students should refer to the course learning management system; that is, Blackboard for assigned activity information. In addition, refer to the course syllabus for a detailed week-to-week activity schedule.

Faculty who want to assign course-related activities, should contact Dr. Ramirez-Thompson (thompsne@cod.edu) for a shared folder containing course activities.

Purpose

The purpose of this activity is to introduce and familiarize students with modern espionage and the theft of intellectual property cases and explore how the evolution of technology has contribute to the growth of large-scale, sophisticated criminal enterprise.

Instructions

  1. Watch the Federal Bureau of Investigation’s (FBI), The Company Man: Protecting America’s Secrets
  2. Watch RSA 2020 Cyber Tips – Combating Economic Espionage (FBI, 2020)
  3. Watch DW-News’ broadcast on Industrial Espionage (also embedded below) [last accessed, September 2025].
  4. Listen to the FBI’s Inside the FBI Podcast: Technology and Espionage  – On this episode of Inside the FBI, we discuss some of the ways the government of China and the Chinese Communist Party threaten the economic well-being, national security, and democratic values of the United States. For a full transcript and additional resources, visit fbi.gov/news/podcasts/ (also located below) [last accessed, September 2025].
  5. Using a search engine of your choice, find a recent article that describes an espionage case that occurred within the past 12 months and include the respective link within your response.

In your response, summarize the key points from the assigned FBI and DW resources, then describe how your chosen article relates to themes of modern espionage and tech-driven intellectual property theft.

 

Answer the following questions:

  • Was the chosen espionage case industrial or economic? Provide specifics from the case to describe what and/or how much was lost.
  • Thinking about your selected article, describe the type of espionage involved and explain how that might relate to organized crime.
  • Explain how technology has enhanced the ability of criminals and organized groups to carry out various forms of espionage.
  • Why are criminals increasingly willing to collaborate, partner, subcontract, and communicate anonymously through underground channels to plan and carry out new criminal enterprises? Explain and be specific.

Key Terms/Concepts

Industrial espionage refers to the illegal and unethical theft of business trade secrets for use by a competitor to achieve a competitive advantage. This activity is a covert practice often done by an insider or an employee who gains employment for the express purpose of spying and stealing information for a competitor. Industrial espionage is conducted by companies for commercial purposes rather than by governments for national security purposes.

Economic espionage is defined by the Economic Espionage Act (Title 18 U.S.C. §1831), economic espionage is (1) whoever knowingly performs targeting or acquisition of trade secrets to (2) knowingly benefit any foreign government, foreign instrumentality, or foreign agent. In contrast, the theft of trade secrets (Title 18 U.S.C. Section 1832) is (1) whoever knowingly misappropriates trade secrets to (2) benefit anyone other than the owner.

Historically, economic espionage has targeted defense-related and high-tech industries. But recent FBI cases have shown that no industry, large or small, is immune to the threat. Any company with a proprietary product, process, or idea can be a target; any unprotected trade secret is vulnerable to theft by those who wish to illegally obtain innovations to increase their market share at a victim company’s expense.

Deep/Dark web is an umbrella term for parts of the internet not fully accessible using standard search engines such as Google, Bing and Yahoo. The contents of the deep web range from pages that were not indexed by search engines, paywalled sites, private databases, and the dark web.

Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading.

Discussion Questions

  • How has the evolution of technology and programming languages enabled traditional criminal organizations to conduct cybercrime more effectively and anonymously?
  • What are some of the challenges that law enforcement agencies face in combating cybercrime, especially across borders and jurisdictions?
  • What are some of the potential consequences of cybercrime for individuals, businesses, and governments, and how can they enhance their cybersecurity measures to prevent or mitigate them?
  • How do cybercriminal groups differ in their organizational structure, revenue, and operational challenges depending on their size?
  • What are the advantages and disadvantages of cybercriminal groups behaving like corporations as they grow bigger?
  • What are some of the data sources and techniques that investigators can use to infiltrate and disrupt cybercriminal groups of different sizes?

Supplemental Resources

  1. How the Equifax hack happened, and what still needs to be done (CNET, Alfred Ng, Sep. 7 2018)
  2. National-Cybersecurity-Strategy-2023 (The White House, March 2023)
  3. INTERPOL-led operation targets growing cyber threats
  4. List of Data Breaches and Cyber Attacks in 2023 – 8,214,886,660 records breached (IT Governance, Jan. 2024)
  5. Former U.S. Service Member Charged with Espionage (FBI News, Feb. 2019)
  6. Theft of Intellectual Property Neutralization Techniques Within an Era of Computerization (Eric Ramirez-Thompson, 2019)

Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.

Click HERE to report any needed updates, e.g., broken links.

 

definition

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Computers and Criminal Justice Copyright © 2021 by Eric R. Ramirez-Thompson, PhD is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book