Management models for international cybercrime

The purpose of this paper is to identify how the management structure of cybercriminals has changed and will continue to be revised in the future as their criminal business models are modified. In the early days of hacktivism, a distinction was made between a “hacker” and a “cracker”. The hacker was considered someone who was interested in the vulnerabilities in a computer system, but they were not out to exploit these vulnerabilities for illicit gains. Today, this is no longer true, as loosely coordinated gangs of computer hackers exploit vulnerabilities of financial institutions and the public to steal and transfer money across borders without difficulty.

The paper reviews legal cases dealing with the computer theft of assets from financial institutions and individuals. The focus is on external exploits of hackers not on employee’s theft of assets. It explores the management structure used by cybercriminals who have been caught and prosecuted by legal authorities in the USA and other countries. The paper discusses how this management structure has evolved from older traditional crime business models based on “family” relationships to morphing criminal gangs based in Russia, the Ukraine and other locations almost untouchable by the US legal authorities. These new criminal networks are based on knowledge relationships and quickly disappearing network connections. The paper concludes with a discussion regarding the management structure cybercriminals will follow in the future, as they continue their criminal activities.

The study provides indications of a trend toward more complex management and organizational structures among cybergangs.

Although there are many annual studies identifying the growth of cybercrime and the types of attacks being made, but there is not even a single study that shows how the cybercrime business model has changed over the past 20 years. From that perspective, the paper provides information of a changing and more effective business model for cyberattacks.