Sophisticated Cyber Criminal Organizations
Module 5 examines the evolution of technology and information systems that have provided the impetus for traditional criminal organizations to become cyber actors—actors who now have exposure to the global stage, with global reach and global consequences. Through the evolution of technology, including programming languages and the propagation of low-cost computers, cybercriminals have identified inherent technical and social vulnerabilities and developed methods for infecting, compromising, and taking over computer systems at the personal, corporate, and government level. Recent trends, as demonstrated in this chapter, reveal an increasing convergence of technical skill and motivation within large, well-organized, sophisticated criminal organizations. That convergence continues today, as criminals are becoming more apt to work together, partner, subcontract, and communicate anonymously through underground channels, e.g., Dark Web. As a result, new criminal enterprises are born, e.g., RaaS, and new threats are posed, no longer at a regional level, but at a global reach.
Learning Objectives
After completing this module, you should be able to:
- explain how cybercrime affects individuals, businesses, and governments alike, causing data breaches, financial loss, operational disruption, and national security threats.
- define and describe the various types of espionage.
- discuss and describe the various types of insider fraud.
- evaluate national intellectual property theft protection and prevention efforts.
- discuss the underground marketplace referred to as the “deep web” or Tor Net.
- identify traditional criminal organizations.
- explain the how cybercriminals use programming languages and techniques to create malicious software, such as viruses, worms, and Trojans, capable of infiltrating and compromising targeted systems.
Summary
Traditional criminal organizations have increasingly turned to technology and information systems to further their illicit activities, resulting in domestic and international repercussions. This shift is primarily driven by advancements in technology, including the widespread availability of low-cost computers and the evolution of programming languages.
With the proliferation of technology, cybercriminals have identified and exploited inherent technical and social vulnerabilities in computer systems. They have developed sophisticated methods to infect, compromise, and take over systems at personal, corporate, and government levels. This has led to a range of criminal activities, including data breaches, identity theft, financial fraud, and cyber espionage.
One notable aspect of this evolution is the utilization of programming languages and techniques to create malicious software, such as viruses, worms, and Trojans, capable of infiltrating and compromising targeted systems. These tools enable criminals to remotely control compromised devices, steal sensitive information, and perpetrate various forms of cybercrime with relative anonymity.
Moreover, traditional criminal organizations have adapted their operational strategies to exploit the interconnected nature of the digital world. They leverage the anonymity provided by the internet to conduct illegal transactions, launder money, and coordinate criminal activities across borders, posing significant challenges to law enforcement agencies worldwide.
The consequences of these technological advancements are profound, affecting individuals, businesses, and governments alike. Data breaches can result in the exposure of sensitive personal information, leading to identity theft and financial loss. Cyberattacks on corporations can disrupt operations, cause financial damage, and erode consumer trust. Additionally, attacks on government systems can compromise national security and undermine public confidence in governance institutions.
In response to these threats, governments and law enforcement agencies have ramped up efforts to combat cybercrime through enhanced cybersecurity measures, international cooperation, and legislative frameworks aimed at prosecuting cybercriminals. However, the dynamic nature of technology and the adaptability of criminal organizations present ongoing challenges in the fight against cybercrime.
The current inherent vulnerability with technology is that people are still required to develop, deploy, operate, and monitor it, and people will always be the greatest risk to security in a world that continues to place increasing reliance on computers to secure their data, services, facilities, intellectual property, and people.
Key Takeaways
Traditional criminal organizations have increasingly turned to technology and information systems to further their illicit activities, resulting in domestic and international repercussions.
Cybercriminals use programming languages and techniques to create malicious software, such as viruses, worms, and Trojans, capable of infiltrating and compromising targeted systems.
Criminal organizations leverage the anonymity provided by the internet to conduct illegal transactions, launder money, and coordinate criminal activities across borders, posing significant challenges to law enforcement agencies worldwide.
Cybercrime affects individuals, businesses, and governments alike, causing data breaches, financial loss, operational disruption, and national security threats. Governments and law enforcement agencies have ramped up efforts to combat cybercrime through enhanced cybersecurity measures, international cooperation, and legislative frameworks.
Key Terms/Concepts
American Society of Industrial Security (ASIS)
Bulletproof Hosting
Counter Antivirus (CAV)
Cybercrime
Cybersecurity
Cyber Attack
Cybercrime Business
Data Breach
Deep Web
Economic Espionage
Industrial Espionage
Insider Threats
Malicious Software
National Insider Threat Task Force (NITTF)
Transnational Organized Crime
Modern Example
Social Gangs, Party Gangs, Serious Delinquent Gangs, Organized Gangs, and Now Ransomware Gangs
The emergence of the cyber-criminal enterprise, particularly Ransomware-as-a-Service (RaaS), has significantly changed the landscape of cybercrime. This evolution can be attributed to the convergence of technical skill and motivation within large, well-organized, and sophisticated criminal organizations.
Ransomware-as-a-Service (RaaS): RaaS is a model where ransomware creators sell or lease their ransomware to other criminals, who then carry out the attacks. This model has lowered the entry barrier for cybercrime, as it allows individuals without technical skills to launch sophisticated ransomware attacks. The creators earn money from each successful attack carried out using their ransomware, making it a lucrative business.
Cybercriminal organizations have become more structured and business-like, often mimicking legitimate enterprises. They have departments dedicated to different tasks such as developing ransomware, carrying out attacks, negotiating with victims, and laundering the ransom money. This level of organization and sophistication has made these criminal enterprises highly effective and resilient.
These organizations have also shown a remarkable ability to collaborate and communicate through underground channels, such as the Dark Web. They share tools, tactics, and intelligence, and even form alliances or cartels to coordinate attacks and share profits. This collaboration has increased their reach and impact, making it more challenging for law enforcement agencies to track and disrupt their activities.
ABC News In-Depth (April 17, 2023)
Read, Review, Watch and Listen
- Read and explore an example of how the deep web is used to engage in illicit activity. Read Operation Disarray: Shining a Light on the Dark Web Nationwide Law Enforcement Action Targets Online Drug Trafficking
- Read the Department of Homeland Security’s overview of Insider Threats. Pay particular attention to those sections on: (1) Motivation, (2) Approach, (3) Performer, and (4) Resources.
- Read Cybercrime Magazine’s The History Of Cybercrime And Cybersecurity, 1940-2020
- Consider how traditionally and up through the 1990s, cybercriminals would conduct direct attacks at consumer computers or corporate networks and engage in nearly unnoticeable forms of financial fraud, e.g., Salami Slicing; that is, shaving pennies from little used accounts, at various banks.
- Read ASIS’s Security Management publication An Unfair Advantage: Confronting Organized Intellectual Property Theft
- Review EMBROKER’s risk management overview of employee theft titled 60+ Employee Theft Statistics for 2023
- Note that there is a comprehensive list of related resources, organized by category, e.g., intellectual property theft, which serves as an excellent starting point for anyone interested in drafting a topical paper on the subject.
- Review Trend Micro Systems’ research paper titled, Inside the halls of a cybercrime business (David Sancho and Mayra Rosario Fuentes, April 2023)
- Watch Can overview of CERT’s ® Insider Threat Center Certificate Programs [also embedded below].
- Watch What is The Dark Web and How to Access it Safely? What is The Dark Web and How to Access it Safely? [also embedded below].
Activity
STOP!!! Students should review the course syllabus to determine the assignment of this activity.
This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.
Students should refer to the course learning management system; that is, Blackboard for assigned activity information. In addition, refer to the course syllabus for a detailed week-to-week activity schedule.
Faculty who want to assign course-related activities, should contact Dr. Ramirez-Thompson (thompsne@cod.edu) for a shared folder containing course activities.
Purpose
The purpose of this activity is to introduce and familiarize students with modern espionage and the theft of intellectual property cases and explore how the evolution of technology has contribute to the growth of large-scale, sophisticated criminal enterprise.
Instructions
- Watch the Federal Bureau of Investigation’s (FBI), The Company Man: Protecting America’s Secrets: https://www.fbi.gov/news/stories/economic-espionage
- Listen to the FBI’s Economic espionage—the stealing of trade secrets for the benefit of a foreign government—is on the rise audio file (https://www.fbi.gov/audio-repository/news-podcasts-inside-economic-espionage.mp3/view) [InsidePodcastEconomicEspionage.mp3]
- Watch DW-News’ broadcast on Industrial Espionage (https://youtu.be/qKGtFxhh-AY) [also embedded below]
- Using a search engine of your choice, find a recent article that describes an espionage case that occurred within the past 12 months and include the respective link within your response.
Answer the following questions:
- Was the selected espionage case industrial or economic? Cite specifics from the case to describe what and/or how much was lost.
- Thinking about your selected article, describe the type of espionage is involved and explain how that might related to organized crime.
- Explain how technology has expanded the capabilities of criminals and organized groups to perpetrate different forms of espionage.
- Why criminals are increasingly willing to work together, partner, subcontract, and communicate anonymously through underground channels, to plan and perpetrate new criminal enterprise? Explain and be specific.
Key Terms/Concepts
Industrial espionage refers to the illegal and unethical theft of business trade secrets for use by a competitor to achieve a competitive advantage. This activity is a covert practice often done by an insider or an employee who gains employment for the express purpose of spying and stealing information for a competitor. Industrial espionage is conducted by companies for commercial purposes rather than by governments for national security purposes.
Economic espionage is defined by the Economic Espionage Act (Title 18 U.S.C. §1831), economic espionage is (1) whoever knowingly performs targeting or acquisition of trade secrets to (2) knowingly benefit any foreign government, foreign instrumentality, or foreign agent. In contrast, the theft of trade secrets (Title 18 U.S.C. Section 1832) is (1) whoever knowingly misappropriates trade secrets to (2) benefit anyone other than the owner.
Historically, economic espionage has targeted defense-related and high-tech industries. But recent FBI cases have shown that no industry, large or small, is immune to the threat. Any company with a proprietary product, process, or idea can be a target; any unprotected trade secret is vulnerable to theft by those who wish to illegally obtain innovations to increase their market share at a victim company’s expense.
Deep/Dark web is an umbrella term for parts of the internet not fully accessible using standard search engines such as Google, Bing and Yahoo. The contents of the deep web range from pages that were not indexed by search engines, paywalled sites, private databases, and the dark web.
Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading.
Discussion Questions
- How has the evolution of technology and programming languages enabled traditional criminal organizations to conduct cybercrime more effectively and anonymously?
- What are some of the challenges that law enforcement agencies face in combating cybercrime, especially across borders and jurisdictions?
- What are some of the potential consequences of cybercrime for individuals, businesses, and governments, and how can they enhance their cybersecurity measures to prevent or mitigate them?
- How do cybercriminal groups differ in their organizational structure, revenue, and operational challenges depending on their size?
- What are the advantages and disadvantages of cybercriminal groups behaving like corporations as they grow bigger?
- What are some of the data sources and techniques that investigators can use to infiltrate and disrupt cybercriminal groups of different sizes?
Supplemental Resources
- How the Equifax hack happened, and what still needs to be done (CNET, Alfred Ng, Sep. 7 2018)
- National-Cybersecurity-Strategy-2023 (The White House, March 2023)
- INTERPOL-led operation targets growing cyber threats
- List of Data Breaches and Cyber Attacks in 2023 – 8,214,886,660 records breached (IT Governance, Jan. 2024)
- Former U.S. Service Member Charged with Espionage (FBI News, Feb. 2019)
Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.
Click HERE to report any needed updates, e.g., broken links.
Founded in 1955, ASIS International is a global community of security practitioners, each of whom has a role in the protection of assets - people, property, and/or information.
A network of 34,000 members that extends to more than 250 chapters and members in 158 countries. ASIS continues to expand its global reach and has added 3 new chapters so far in 2021: Bajio (Mexico), Kolkata (India) and Chandigarh (India). Our transition into communities continues to progress and bring new members into the conversation—with now almost 7,000 members participating in at least one of the 35 Subject-Area Communities.
A type of web hosting that allows cybercriminals to host illicit content or infrastructure, such as malware, botnets, phishing sites, or child abuse material, without being taken down by law enforcement or service providers.
A tool or service that helps cybercriminals evade antimalware detection by disguising or encrypting their malicious programs.
Is any criminal offense (e.g., fraud, theft, or distribution of child sexual abuse material [CSAM]) committed using a computer specially to access without authorization, transmit, or manipulate data via the Internet or otherwise aided by various forms of computer technology, such as the use of online social networks to bully others or sending sexually explicit digital photos with a smart phone.
The protection of computer systems and networks from cyber threats, such as malicious software, data breaches, and cyberattacks, using technical, organizational, and legal measures.
The deliberate exploitation of computer systems or networks to cause disruption, damage, or harm, such as denial-of-service, ransomware, or cyber espionage.
A criminal organization that uses the internet and technology to carry out illegal activities for profit.
The unauthorized access, disclosure, or theft of sensitive or confidential information, such as personal, financial, or health data.
An umbrella term for parts of the internet not fully accessible using standard search engines such as Google, Bing and Yahoo. The contents of the deep web range from pages that were not indexed by search engines, paywalled sites, private databases and the dark web.
Defined by the Economic Espionage Act (Title 18 U.S.C. §1831), as economic espionage is (1) whoever knowingly performs targeting or acquisition of trade secrets to (2) knowingly benefit any foreign government, foreign instrumentality, or foreign agent. In contrast, the theft of trade secrets (Title 18 U.S.C. Section 1832) is (1) whoever knowingly misappropriates trade secrets to (2) benefit anyone other than the owner.
The term industrial espionage refers to the illegal and unethical theft of business trade secrets for use by a competitor to achieve a competitive advantage. This activity is a covert practice often done by an insider or an employee who gains employment for the express purpose of spying and stealing information for a competitor. Industrial espionage is conducted by companies for commercial purposes rather than by governments for national security purposes.
The source of many losses in critical infrastructure industries. Additionally, well-publicized insiders have caused irreparable harm to national security interests. An insider threat is defined as the threat that an employee or a contractor will use his or her authorized access, wittingly or unwittingly, to do harm to the security of the United States. Although policy violations can be the result of carelessness or accident, the primary focus of this project is preventing deliberate and intended actions such as malicious exploitation, theft or destruction of data or the compromise of networks, communications or other information technology resources. The Department of Homeland Security (DHS) Science and Technology Directorate’s (S&T) Insider Threat project is developing a research agenda to aggressively curtail elements of this problem.
Software that is designed to infiltrate, compromise, or damage computer systems or networks, such as viruses, worms, and Trojans.
The NITTF's primary mission is to develop a Government-wide insider threat program for deterring, detecting, and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure, taking into account risk levels, as well as the distinct needs, missions, and systems of individual agencies.
Self-perpetuating associations of individuals who operate, wholly or in part, by illegal means and irrespective of geography. They constantly seek to obtain power, influence, and monetary gains. There is no single structure under which TOC groups function—they vary from hierarchies to clans, networks, and cells, and may evolve into other structures. These groups are typically insular and protect their activities through corruption, violence, international commerce, complex communication mechanisms, and an organizational structure exploiting national boundaries.