Cybercriminal Networks: Origin, Growth and Criminal Capabilities

Author: Rutger Leukfeldt
Publisher: The Hague, Eleven International Publishing, 2016. 230p.
Reviewer: Peter Grabosky | May 2017

Crime follows opportunity, and the application of digital technology to banking has provided criminal opportunities of which old-time bank robber Willie Sutton never dreamed. These opportunities may be seized by individual criminals; on a larger scale, they are vulnerable to exploitation by what Rutger Leukfeldt refers to as “cybercriminal networks.”

The book, based on Leukfeldt’s PhD thesis, is the very model of a modern multi-method research study. It combines the analysis of eighteen cases from Dutch police files; interviews with Dutch police and prosecutors; in-depth interviews with specialised investigators involved in twenty-two cases in Germany, the United Kingdom, and the United States; secondary analysis of 600 representative cases from the fraud registration database of a major Dutch bank; secondary analysis of a Dutch cybercrime victimization survey (N=10,316); and semi-structured interviews with thirty individual victims of online banking fraud. To his credit, the author painstakingly sets out his data collection and sampling strategies, and alerts the reader to the limitations on generalizability that these may entail.

As suggested by his title, Leukfeldt explains the origins, growth structures, and criminal capabilities of cybercriminal groups. He is particularly concerned with testing the applicability to cybercrime of two theoretical frameworks, each developed based on insights from terrestrial criminal activity in the pre-digital age. These include Kleemans’ work on social opportunity structures, and routine activity theory as advanced by Felson, Clarke, and others.

The author identifies two general types of online banking fraud. “Low-tech” crimes tend to focus on local (Dutch) bank accounts. Perpetrators tend to have been recruited by members of the local criminal milieus a result of social contact in the physical world, and many have prior conventional criminal experience. The offences themselves are more labor intensive, based on phishing and “social engineering” by offenders in direct contact with victims, and a larger number of “money mules” to move criminal proceeds to a safe location.

By contrast, “high-tech” offences tend to involve an international dimension. Offenders are recruited through on-line forums, and the offenses tend to be based on malware rather than offender-victim contact. They tend to involve higher volume, lower value transactions, and are less reliant on “mules.”

Leukfeldt found that routine activity theory explains some forms of online banking crime better than other types. Low-tech victimization was difficult to predict, and appeared to vary only with the victim’s frequency of targeted browsing. By contrast, vulnerability to high-tech crime varied directly with frequency of downloading, online shopping, online gaming, the use of Windows operating systems, and the amount of time spent online. Exposure to risk certainly matters, especially in relation to the probability of compromise resulting from malware infection.

Kleemans’ social opportunity structures differ depending on the nature of the gang. Low-tech offenders meet each other, and recruit new members, through social contact “on the street.” For recruitment of specialised expertise, such as that of malware developers or identity document fabricators, they may reach out through an on-line forum. By contrast, convergence settings for high-tech networks tend to be in cyberspace; forums predominate. As Leukfeldt observes, “In the digital era, forums are replacing prisons as the ‘universities for cybercriminals.’”

The book presents some additional findings of interest. In general, groups comprise four different types of participant: core members, professional facilitators, recruited facilitators, and “money mules.” Only fifteen of the forty networks studied were found to have specialized in attacks on online banking. The Dutch offenders were rather versatile, and a number of groups were concurrently or previously involved in various terrestrial criminal activities. Core members of the Dutch networks had prior experience in drugs dealing, fake marriages, robbery, and forgery. Some had ties with traditional organized crime groups. Not all of Leukfeldt’s offenders (particularly in the low-tech cases) were IT wizards. Indeed, he maintains that only one “tech-savy” core member is required to support a viable group. Some participants were co-opted postal workers and employees of call centres of banks. The chapter containing a case study of phishing in Amsterdam is particularly interesting, and provides a very good comparison of local physical contacts and international digital convergence settings

The volume is generally well-written, but initially, slightly deceptive. The authorship credit and descriptive summary on its cover imply that the work is a monograph. In fact, it is a collection of ten journal articles, plus introductory and concluding chapters. The articles appear to have been reprinted in their entirety, some with their own abstract. One also encounters occasional mention in the text to “this paper” and “this journal.” As some chapters explore different facets of the same data, the book at times is rather repetitive. This may be a blessing to the inattentive reader, who, having missed a point made in an earlier chapter, is almost certain to encounter it on at least one occasion later on in the book. The more focused reader may find the repetition somewhat frustrating. One wonders if the materials could have been edited down to read more like a monograph. The constituent chapters could perhaps have been homogenized to eliminate repetition, and to make for a shorter, more readable volume. The book would also have benefited from an index.

Leukfeldt’s findings suggest that there is no simple solution to the problem of online banking crime. He suggests that service providers and “place managers” such as website administrators might exercise better guardianship. Law enforcement agencies might devote more attention to the surveillance of chatrooms and other convergence settings. Financial institutions should continue to alert their customers to means of minimizing the risks of banking in the digital age.

Leukfeldt rightly observes that a great deal of organized cybercrime focuses on objectives other than theft from banks and their customers. Recent years have seen sabotage of Iranian nuclear enrichment facilities; compromise of servers supporting communications of the Democratic National Committee during the 2016 US Presidential election campaign; attacks on Sony Pictures (among numerous other major corporations); denial of service incidents by the hactivist group Anonymous against websites featuring illicit images of children (here, a case of one cybercriminal network preying upon another). Leukfeldt rightly observes that “Future research should therefore also focus on criminal networks that commit other types of cybercrime.”

Overall, the book deserves to be read by those interested in internet banking crime and by those who are interested in the application of general criminological theories to cybercrime. It makes a significant contribution to the fast-growing field of research on how financial cybercrime is organized.

Peter Grabosky, Australian National University

Start typing and press Enter to search