Organised crime groups (OCGs) have evolved and adapted techniques designed to facilitate criminal activities, evade detection and enable criminal enterprise to endure. The National Crime Agency’s (NCA) national strategic assessment of serious and organised crime (SOC) 2020 reports that SOC continues to have more impact on UK citizens than any other national security threat, and estimates that the social and economic cost of SOC to the UK is in excess of £37 billion per year. This global threat has been further exacerbated by the Covid-19 pandemic and criminals have been quick to seize opportunities presented by the unprecedented crisis.
The convergence of the physical and digital world over the past 20 years has resulted in variations in criminal activity. Digital and mobile technology is rapidly evolving which has fundamentally changed the global business landscape. Increased global connectivity has presented new ways of doing business with the creation of 24-7 digital banking platforms, virtual stores and companies together with the evolution of the internet of things (IOT) and crypto-assets. This clearly presents opportunity for legitimate business and digital entrepreneurship to thrive. However, where there is opportunity there too comes threat. Advancements in the digital age have also created chances for criminal innovation to prosper further, with Europol’s IOCTA 2019 reporting that cybercrime continues to mature and become more audacious.
Owing to human and business dependence on the internet, in recent years there has been an exponential rise in cyber-enabled fraud, also referred to as cyber fraud. The Crown Prosecution Service (CPS) defines fraud as ‘the act of gaining a dishonest advantage, often financial, over another person’. They further define cyber-enabled crimes as ‘crimes which do not depend on computers or networks but have been transformed in scale or form by the use of the internet and communications technology'. Within England and Wales fraud is now the most commonly experienced crime. A report on the fraud crime trends published by the City of London Police shows that 822,276 reports were received for 2019-20, amounting to a £2.3bn loss with 85% of reported fraud being cyber-enabled. Due to the clandestine nature of crime, conflicting definitions and underreporting, the likelihood is that the number of incidents and associated losses is actually much greater than this figure, demonstrating the immense scale of the threat.
It is clear that the convergences between cyber, economic and organised crime has catalysed a crime evolution. Cybercrime is a profitable market with low barriers to entry. For example, investment fraud relies on social engineering techniques (the mechanisms by which online deception is used to extract information) and can be highly lucrative. One investigation revealed that a European OCG generated profits of up to EUR 3 billion from the activity. The CPS reports that cyber-enabled fraud is possibly the most common of all cybercrime offences, and given the recent statistics, fraud is more likely than not to be cyber-enabled.
Cyber fraud has negative societal and economic consequences and is a primary enabler for cyber-attacks against the public and private sector, often motivated by financial gain. Acquired profits need to be laundered and integrated into the legitimate economy. The World Economic Forum’s Regional Risks for Doing Business 2019 report highlights the scale of the digital threats to the global ecosystem, with the world’s enterprise leaders ranking cyberattacks as the second-most significant threat to their businesses, after the threat of a fiscal crisis but before governmental breakdown or violent conflicts.
For criminals, operating in cyberspace is advantageous for a number of reasons;
- The internet allows offenders to conceal their identities, hiding behind temporary and shared IP addresses, and exploiting proxy servers to obfuscate the origins of an attack.
- It facilitates constant global access to networks and data; yet law enforcement agencies and governments remain restricted by national boundaries and have challenging resource constraints.
- Perpetrators can operate transnationally, persistently targeting copious victims (individuals and organisations) to gain increased profits.
- When physical movements are restricted, as by Covid-19, diversified criminal business operations can be sustained to maintain a source of income.
Criminals can extend their activities to cyberspace easily and without great investment. OCGs whom may seek to become agile and diversify to cyber-related activity do not themselves require the technical knowledge or skills to execute the crime. Cybercriminals offer everything necessary to arrange a cyber fraud or to conduct a cyber-attack, with terms such as attacks-as-a-service, malware-as-a-service and fraud-as-a-service commonly used to describe the practice of facilitating illegal activities for cybercriminals through the provisioning of services. This makes cybercrime an attractive and viable option for sophisticated OCGs operating in more physical dependant crime-types. For example, it has been reported that Mexican drug trafficking organisations are increasingly demonstrating a desire to benefit financially from cyber-crime, tempted by the high profits and minimal risks.
Dark web marketplaces facilitate all forms of SOC by advertising the trade in drugs, violent crime, stolen data, fake documents and malicious software among others. For example, Wall Street was the world's second largest dark web market. The illegal platform was exclusively accessible via the dark web and aimed at international trade in criminal goods. More than 63,000 sales offers were placed on the online marketplace, and in excess of 1,150,000 customer accounts were registered. For payment, the users of the online marketplace used crypto currencies, and the alleged marketplace officials are said to have received commission payments of 2 to 6 percent of the sales value for the settlement of illegal sales. This marketplace was successfully taken down in a cooperative global law enforcement operation, yet its existence shows the extensive client base that criminal marketplaces attract. It also highlights the collaborative, transnational nature of OCGs as those responsible were arrested in Germany, and two of the highest-selling suppliers of narcotics were arrested in US.
Wildlife cybercrime has also grown exponentially in recent years, as criminals take advantage of the vast international marketplace and anonymity afforded to them by the internet. As one of the most prevalent transnational organised crimes, this has caused concern, and a coalition project has been established aimed at disrupting and deterring criminals and their networks trafficking wildlife in, or via, the EU using the internet and parcel delivery services.
This is just a snapshot of the complex and toxic environment that exists as a result of technological advancements. It is evident that cybercrime is displacing conventional crime and sophisticated OCGs are diversifying operations to capitalise on this development. Despite a number of successful global law enforcement operations to dismantle cyber-enabled organised crime, the initial void is quickly filled by a rival group in this lucrative criminal ecosystem.
A lack of international cooperation and standardisation means prosecutions are minimal. Efforts are uncoordinated and legislation is not harmonised. This can result in the ‘balloon effect’ whereby organised cybercrime groups migrate to jurisdictions with poor control measures, and thus low deterrence, to physically operate and launch their attacks without detection.
The sheer scale of cyber fraud outlined above evidences that the current approach is ineffective at a policy and strategic level. Consequently, research and development is ongoing in this area. However, there is one key area that can be rapidly improved to respond to the evolved threat. It is recognised that public-private partnerships (PPPs) are vital to mitigate SOC, cyber and financial crime, however there are many fragmented groups which addresses each segment individually. This is inefficient. PPPs need to adapt with SOC and silos need to be reduced. Reform is required, and it is essential that professionals involved in the investigation of SOC, cyber and financial crime frequently collaborate to tackle the colossal risk exacerbated by cyber enablement. This approach would result in a more hostile operating environment and provide a holistic view of the threat landscape through increased intelligence sharing. The diversity in skillsets and expertise would affect change and lead to enhanced thought leadership needed to help influence and shape a more effective global response to disrupt SOC and minimise the associated risks.
Kate Wilson has a keen interest in serious and organised, cyber and financial crime. She currently works in cybercrime prevention within the financial services. She is an ex Police Detective whom specialised in complex and financial crime cases, working on covert and overt criminal investigations targeting organised crime groups. She has gained a MA degree in Financial Crime & Financial Investigation, and has achieved the ICA specialist certificate in Financial Crime Risk in Global Banking and Markets.
The views expressed in this article are those of the author and do not necassarily reflect the views of RUSI or any other institution.