Management models for international cybercrime

Author:G. Stevenson Smith
Position:School of Business, Southeastern Oklahoma State University, Durant, OK, USA

Purpose - The purpose of this paper is to identify how the management structure of cybercriminals has changed and will continue to be revised in the future as their criminal business models are modified. In the early days of hacktivism, a distinction was made between a “hacker” and a “cracker”. The hacker was considered someone who was interested in the vulnerabilities in a computer system, but they were not out to... (see full summary)

Management models for
international cybercrime
G. Stevenson Smith
School of Business, Southeastern Oklahoma State University,
Durant, Oklahoma, USA
Purpose – The purpose of this paper is to identify how the management structure of cybercriminals
has changed and will continue to be revised in the future as their criminal business models are modied.
In the early days of hacktivism, a distinction was made between a “hacker” and a “cracker”. The hacker
was considered someone who was interested in the vulnerabilities in a computer system, but they were
not out to exploit these vulnerabilities for illicit gains. Today, this is no longer true, as loosely
coordinated gangs of computer hackers exploit vulnerabilities of nancial institutions and the public to
steal and transfer money across borders without difculty.
Design/methodology/approach – The paper reviews legal cases dealing with the computer theft of
assets from nancial institutions and individuals. The focus is on external exploits of hackers not on
employee’s theft of assets. It explores the management structure used by cybercriminals who have been
caught and prosecuted by legal authorities in the USA and other countries. The paper discusses how
this management structure has evolved from older traditional crime business models based on “family”
relationships to morphing criminal gangs based in Russia, the Ukraine and other locations almost
untouchable by the US legal authorities. These new criminal networks are based on knowledge
relationships and quickly disappearing network connections. The paper concludes with a discussion
regarding the management structure cybercriminals will follow in the future, as they continue their
criminal activities.
Findings The study provides indications of a trend toward more complex management and
organizational structures among cybergangs.
Originality/value – Although there are many annual studies identifying the growth of cybercrime
and the types of attacks being made, but there is not even a single study that shows how the cybercrime
business model has changed over the past 20 years. From that perspective, the paper provides
information of a changing and more effective business model for cyberattacks.
Keywords Forensic accounting, Management models, Cybergangs
Paper type Conceptual paper
Today, reported cybercrimes are a daily occurrence with millions of dollars transferred
from legal business and consumers into the hands of cybercriminals. Wired Magazine
(2006) quotes a Department of Justice ofcial as stating: “There has been a change in the
people who attack computer networks, away from the “bragging hacker” toward those
driven by monetary motives”. For that reason, it is worthwhile to see if the business
model for these crimes has changed, as cybercriminals have become an international
Fifty years ago, there were no electronically based cybercrimes. In 1962, the closest
example of a “cybercrime” (an uncoined word at the time) would be the purposeful
misidentication of a bar code. Such a nancial crime could begin when a bank
customer, also a fraudster, placed the bar-coded deposit slips from the back of their
The current issue and full text archive of this journal is available on Emerald Insight at:
Journalof Financial Crime
Vol.22 No. 1, 2015
©Emerald Group Publishing Limited
DOI 10.1108/JFC-09-2013-0051
checkbook into the bank’s convenience deposit slips, without bar codes, stored in a
checking writing table in the bank’s central lobby. The subsequent bank customer who
picked up one of bar-coded deposit slips without checking it would make a cash deposit
into the fraudster’s account rather than their own.
During this period, there were no true cybercrimes nor were there any cybergangs, as
there was no Internet. The notorious gangs of this period in the USA were the Maa and
La Cosa Nostra. Organized crime was based on a top-heavy hierarchical management
style tightly controlled by the criminal bosses, underbosses, capos, soldiers and the
consigliore. The mission for these organizations was to obtain a prot from any illegal
means possible. To help control Maa gangs and prevent unnecessary bloodshed, the
different families were overseen by the National Commission (Brenner, 2002). Within
these organizations, each individual has an accepted level of authority over others in the
organization. The division of labor was carried throughout the organization from the top
to the bottom. Barnard (1938, p. 173) would have recognized the “authority of position”
used in these organizations. The loss of a criminal member in such an organization
resulted in their quick replacement and the uninterrupted continuation of the
organization’s activities. Communication in these organizations tends to be on a more
word-of-mouth basis to prevent information from falling into the hands of law
enforcement. These older criminal organizations tended to center their activities on local
operations such as loan-sharking, extortion and prostitution. Public contact with these
criminals is usually direct and face-to-face and unlike today’s virtual cybercriminals
who are found committing a nancial crime on a victim’s bedroom computer. Both of
these criminal organizations preyed on victims to transfer resources and wealth to the
organization. Each of these traditional crime organizations was physically located in a
specic geographical location called their “territory”. Therefore, it was relatively easy
for law enforcement to locate members of these organizations. With cybercriminals, it is
more difcult, as these widely dispersed cybercriminals can be located anywhere in the
As organized crime expanded into “new” entrepreneurial operations such as illegal
bookmaking, money laundering, drug dealing and gambling, it became necessary for
them to become more managerially complex. The running of a successful drug operation
could involve growing plants, processing the product, transporting the product to
markets, dealing with competitors, maintaining a sales network and collecting and
transferring monies back to the dealers. Maintaining a successful drug network is a
more managerially complex operation than one used by a criminal who decides walk
into a bank and rob it, for example.
Although these traditional gangs still exist and commit nancial crimes along with
their other activities, a new breed of criminal has developed to commit cybercrimes.
Cybercrimes are Internet-based crimes conducted remotely to illegally take wealth or
resources from others. Stolen resources can include Internet access, computer hard drive
space, nancial resources, intellectual capital and other data or bandwidth. Illegality is
dened by the governmental jurisdiction in which the crime is conducted, not from
where the attack was launched[1]. Although cybercrimes have been occurring since the
late 1980’s, few papers have dealt with the management model of cybergangs. Cohen
(2001) identied cybergangs as groups of individuals who penetrate a company’s
network security as fake employees who want to be hired for the express purpose of
stealing company resources and then moving on to another company to perpetrate the

To continue reading