Is the Mafia Taking Over Cybercrime? Jonathan Lusthaus Introduction – the Claims

Is the Mafia Taking Over Cybercrime? Jonathan Lusthaus Introduction – The Claims

• The “Mafia, which has been using the Internet as a communication vehicle for some time, is using it increasingly as a resource for carrying out mass identity theft and financial fraud”

• “The Russian Mafia are the most prolific cybercriminals in the world”

Focus & Approach

• Assess – with evidence – the claims of Mafia involvement in cybercrime

• 7 years of fieldwork across 20 countries (Russia, Ukraine, Romania, Nigeria, Brazil, USA, China…)

• 238 interview participants (law enforcement, private sector, former cybercriminals) What is the Mafia?

• There is an established discourse on this topic (Schelling, Gambetta, Varese)

• Organised Crime: groups attempting to govern a criminal market

• Mafia: organised crime groups that attempt to govern all criminal markets Goodfellas Guide

“The guys who worked for Paulie had to make their own dollar. All they got from Paulie was protection from other guys looking to rip them off. That’s what it’s all about. That’s what the FBI can never understand—that what Paulie and the organization offer is protection for the kinds of guys who can’t go to the cops. They’re like the police department for wiseguys” The Russian Mafia

• common perception: “people who do bad things in Eastern Europe…” • Reality: vory v zakone (thieves-in- law) • The “90s guys” and the post-Soviet Mafia today

*Source: ‘Maﬁa Life’ by Federico Varese A Famous Case - Citibank

• In 1994, Vladimir Levin infiltrates the Citibank’s networks, allowing for illicit money transfers worth millions of dollars • The Tambov gang in St. Petersburg coordinates the delivery of the proceeds to Russia • The gang uses coercion and threats of violence to enforce compliance in multiple jurisdictions • Gangsters at the top of the scheme avoid gaol time Key Findings 1

• Is the takeover now complete?

• There is OC involvement, but far from in every case…

• It also happens in ways that match the traditional skillsets of mafias and other groups… Key Findings 2

4 types of organised crime involvement in cybercrime: a) providing protection b) investing in certain cybercriminal schemes c) service providers to broader cybercrime operations (money arrangements) d) guiding cybercrime schemes

Key Findings 3

• Acting as guiding hands (category (d)) was most commonly observed

• But often simply using technology to enhance existing criminal operations, rather than cybercrime per se (drugs, jewels, prostitution) A New Breed of Criminal

• Rather than OC takeover, the data suggests cybercrime is driven by a new class of entrepreneurs • Protection often sourced from corrupt agents of the state, rather than gangsters • Bent politicians and law enforcement agents are better positioned to shield cybercriminals Big Picture Thinking

• Cybercrime as an OC problem = law enforcement challenge. • Cybercrime as underemployed entrepreneurs and programmers = other options to divert cybercriminal talent away from the dark side: a) initiatives providing startup capital b) companies hiring from affected regions c) supporting corruption reduction efforts Takeaways

1) much of the existing discourse around OC and cybercrime is based on rumor and innuendo

2) how OC is involved in cybercrime (and how it isn’t) is much more nuanced on the ground

3) to reduce cybercrime non LE approaches such as hiring cybersecurity talent from known cybercrime hubs, may help - this is something we can all potentially play a part in… The End Hmsqnctbshnm ok`bhmf sgd aq`mc Sgd Aq`mc • White paper available on Black Hat site Sxonfq`ogx From banners to brochures, it is essential that a consistent use of • My personal site: www.industryofanonymity.com Bnkntq positioning and colour of the brand application is maintained. 0.3x 0.3x › Ok`bhmf sgd Minimum spacing and aq`mc The brand should always be reproduced from printer-ready artwork and preferred minimum not from photocopied or pre-printed material or be redrawn in any way. distance from the Rs`shnmdqx Jonathan Lusthaus Manipulation of any part of the brand in a manner which would cause Directoredge ofof formats the Human for Cybercriminal Project Nsgdq hcdmshÜ dqr distortion is not allowed. Departmentx the quadrangle of Sociology Dwghahshnmr. University of Oxford Rhfm`fd The quadrangle and the rectangle versions should be placed on the (Example: x = 35mm, the minimum distance OnvdqOnhms left or right of any format. Centre placing should generally be avoided. 0.3x Top right placing of the quadrangle is preferred although there may be from the edge of Vda formats is 35 x 0.3 = times when placement of the left is the only sensible option available. 0.3x Sq`cdl`qj. 10.5mm) Bdqdlnmh`k The rectangle should be used where vertical space is restricted such Dw`lokdr as on a web page or a pen Ï two diverse examples. Although the Sdbgmhb`k applications of the brand marks require judgement by the designers, 0.3x 0.3x hmenql`shnm the quadrangle should always be the Ý rst option.

Dwbktrhnm ynmd9 The brand is protected by an invisible exclusion zone x within which no other graphic material than background should appear. This should be 0.3x (where ÓxÔ is the height of the brand mark) for both 0.3x 0.3x the quadrangle and the rectangle. Minimum spacing and preferred minimum distance from The exception to this rule is when partner branding is used Ï see the the edge of formats for the rectangle example on the right. (Example: x = 20mm, the minimum distance from the edge of formats is 20 x 0.3 = 6mm)

5 Tmhudqrhsx ne Nwenqc › Oqhms Aq`mchmf Fthcdkhmdr