This article was downloaded by: [Dalhousie University]On: 12 July 2014, At: 07:27Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954 Registeredoffice: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

Global CrimePublication details, including instructions for authors andsubscription information:http://www.tandfonline.com/loi/fglc20

How organised is organisedcybercrime?Jonathan Lusthaus aa Extra-Legal Governance Institute , University of Oxford ,Oxford , UKPublished online: 16 Jan 2013.

To cite this article: Jonathan Lusthaus (2013) How organised is organised cybercrime?, GlobalCrime, 14:1, 52-60, DOI: 10.1080/17440572.2012.759508

To link to this article: http://dx.doi.org/10.1080/17440572.2012.759508

PLEASE SCROLL DOWN FOR ARTICLE

Taylor & Francis makes every effort to ensure the accuracy of all the information (the“Content”) contained in the publications on our platform. However, Taylor & Francis,our agents, and our licensors make no representations or warranties whatsoever as tothe accuracy, completeness, or suitability for any purpose of the Content. Any opinionsand views expressed in this publication are the opinions and views of the authors,and are not the views of or endorsed by Taylor & Francis. The accuracy of the Contentshould not be relied upon and should be independently verified with primary sourcesof information. Taylor and Francis shall not be liable for any losses, actions, claims,proceedings, demands, costs, expenses, damages, and other liabilities whatsoever orhowsoever caused arising directly or indirectly in connection with, in relation to or arisingout of the use of the Content.

This article may be used for research, teaching, and private study purposes. Anysubstantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions

Global Crime, 2013Vol. 14, No. 1, 52–60, http://dx.doi.org/10.1080/17440572.2012.759508

How organised is organised cybercrime?

Jonathan Lusthaus*

Extra-Legal Governance Institute, University of Oxford, Oxford, UK

To some writers and commentators, fully fledged organised cybercrime is currentlyemerging. Law enforcement spokesmen and Internet security firms have even madecomparisons between the structure of cybercriminal enterprises and organisations likeLa Cosa Nostra. But, in reality, conventional criminal labels applied to cybercrimeare themselves often poorly understood by those who employ them. The purpose ofthis research note is to apply scholarly rigor to the question of whether profit-drivencybercrime can fit underneath formal definitions of organised crime and mafias. It pro-ceeds in three sections: the first section outlines academic definitions of organisedcrime, mafias and cybercrime; the second section assesses whether online cybercriminaltrading forums, perhaps the most visible and documented examples of cybercriminalorganisation, might constitute mafias as some contend; the third section briefly dis-cusses some other less documented examples of ‘organised’ cybercrime and assessesthe broader possibility of online groups being classified as organised crime groups.

Keywords: cybercrime; organised crime; mafias; anonymity

To some writers and commentators, fully fledged organised cybercrime is currently emerg-ing. There has been the rise of the professional cybercriminal and the developmentof numerous online groupings, where these cybercriminals join together in plots. Lawenforcement spokesmen and Internet security firms have even made comparisons betweenthe structure of cybercriminal enterprises and organisations like La Cosa Nostra.1 Thishas likely been encouraged by the eagerness with which certain cybercriminal groupshave adopted mafia terminology to describe themselves. For instance, the first majorRussian cybercriminal trading forum called Carder Planet had various ranks, such as Capo(‘Captain’), clearly appropriating mafia titles.2

But, in reality, conventional criminal labels applied to cybercrime are themselves oftenpoorly understood by those who employ them. For instance, those who suggest that certaincybercriminal groups are mafia-like organisations often point to a hierarchical pyramidalstructure that could be applied equally to a myriad of non-criminal institutions, such ascorporations or armed forces. Rather than acting as an accurate analogy, for cybercriminals,the mafia catchword serves to appropriate the mystique of such groups; for commentators,this mystique can be used to sensationalise various statements and articles.

*Email: jonathan.lusthaus@gmail.com1. See, for instance, McMillan, “FBI”; and Finjan Malicious Code Research Center, Web SecurityTrends Report.2. This was observed in an offline copy of elements of the Carder Planet site.

© 2013 Taylor & Francis

Dow

nloa

ded

by [

Dal

hous

ie U

nive

rsity

] at

07:

27 1

2 Ju

ly 2

014

Global Crime 53

The purpose of this research note is to apply scholarly rigor to the question of whetherprofit-driven cybercrime can fit underneath formal definitions of organised crime andmafias. It is focussed solely on online interactions, rather than the offline structures ofcybercriminal enterprises, which is an interesting but independent concern. This note drawson a previously undertaken study, which encompassed interviews with Internet securityfirm officers, current and former law enforcement agents, former hackers, including onecybercriminal, as well as the analysis of legal documents.3 That research touched on ideascomparing cybercrime to organised crime, but as they were tangential to its focus, it didnot attempt to engage them directly. This note draws on this past research, supplementedby ongoing research, to address these issues head on. It proceeds in three sections: thefirst section outlines academic definitions of organised crime, mafias and cybercrime; thesecond section assesses whether online cybercriminal trading forums, perhaps the mostvisible and documented examples of cybercriminal organisation, might constitute mafiasas some contend; the third section briefly discusses some other less documented exam-ples of ‘organised’ cybercrime and assesses the broader possibility of online groups beingclassified as organised crime groups.

Defining organised crime

It is well beyond the scope of this note to engage in a detailed survey of the many dif-ferent definitions that have been applied to organised crime. Instead, I draw on the workof Federico Varese in the introduction to his four-volume collection Organised Crime,which provides a thorough examination of the history of attempts to define the termand settles on what is deemed to be the best approach going forward.4 One of the cen-tral figures in Varese’s survey, and his path through it, is Thomas Schelling. Schelling’sclassic article ‘What Is the Business of Organized Crime?’ argues that organised crimeis not simply ‘crime that is organized’.5 In explaining this approach, Schelling provideshis famous account of why organised burglars do not fall into the category of organisedcrime:

burglars are never reported to be fighting each other in gangs for exclusive control over theirhunting grounds. Burglars are busy about their burglary, not staking claims and fighting offother burglars. It is when a gang of burglars begins to police their territory against the invasionof other gangs of burglars, and makes interloping burglars join up and share their loot or getout of town, and collectively negotiates with the police not only for their own security but toenlist the police in the war against rival burglar gangs or nonjoining mavericks, that we should,I believe, begin to identify the burglary gang as organized crime.6

What this approach appears to be getting at is that organised crime is a form of gover-nance within the criminal world. This concept is at the heart of the definitions of organisedcrime and mafias that Varese settles on at the conclusion of his survey. He defines anorganised crime group as one that ‘attempts to regulate and control the production anddistribution of a given commodity or service unlawfully’.7 He defines a mafia as a type

3. Lusthaus, “Trust.”4. Varese, “What Is Organized Crime?”.5. Schelling, “Business of Organized Crime?” 72.6. Ibid., 74.7. Varese, “What Is Organized Crime?” 14.

Dow

nloa

ded

by [

Dal

hous

ie U

nive

rsity

] at

07:

27 1

2 Ju

ly 2

014

54 J. Lusthaus

of organised crime group that ‘attempts to control the supply of protection’,8 an ideaoriginally formulated in Diego Gambetta’s groundbreaking study The Sicilian Mafia.9

This governance-centric approach is in line with empirical evidence on the subject.Perhaps one of the best explanations of what a mafia is comes from Henry Hill, thegangster whose biography became the inspiration for Martin Scorcese’s film Goodfellas.In Nicholas Pileggi’s Wiseguy, Hill outlines the role performed by Paul Vario, the localarea Capo:

The guys who worked for Paulie had to make their own dollar. All they got from Paulie wasprotection from other guys looking to rip them off. That’s what it’s all about. That’s what theFBI can never understand – that what Paulie and the organization offer is protection for thekinds of guys who can’t go to the cops. They’re like the police department for wiseguys.10

Having addressed definitions of organised crime, it is also important to outline whatcybercrime is taken to mean in this research note. There are a number of alternativeapproaches available, but a simple and useful definition is cybercrime as the ‘use of com-puters or other electronic devices via information systems such as organisational networksor the Internet to facilitate illegal behaviours’.11 So as not to include virtually all modern-day criminals in this definition, it would also be sensible to specify that the use of networksor the Internet is not tangential or peripheral to the crime, such as mere electronic recordkeeping or communication. As this note addresses issues of organised crime, I am look-ing particularly at cybercriminal groups involved in profit-making activities, rather thancybercrime with more political (such as cyber activism, terrorism or war) or malicious(such as online pedophilia, harassment or stalking) motivations.

Online trading forums as mafias?

The most visible and documented form of cybercriminal organisation, which has drawncomparisons to mafias, is online trading forums. Cybercriminal forums are marketplacesfor illicit goods and services, which generally operate in website form (with some onInternet relay chat channels). Commonly advertised and traded products include per-sonal information, stolen credit card details and malware. Cybercriminal services are alsoadvertised for hire. For instance, in one online post from the well-known (now defunct)DarkMarket forum, one gun for hire offered to take down any website, by using distributeddenial of service (DDoS) attacks for $50 a day. He completed his post by stating that this‘is a great deal on DDoS attacks and cannot be beat by anyone!’.12

As noted in “Trust in the World of Cybercrime”,13 these forums often have a clearlydefined hierarchy and agenda. They generally have an administrator(s) who is in chargeof the site, moderators who are tasked with overseeing the forum and making sure itsrules are enforced and then members of various ranks whose status and privileges differ.Much like other criminal groups, one moves up the ranks by demonstrating trustworthiness,ability or by offering favours to high-ranking forum members. These forums are focused on

8. Ibid., 17.9. Gambetta, The Sicilian Mafia.10. Pileggi, Wiseguy, 48.11. McQuade, Understanding and Managing Cybercrime, 16.12. F-Secure, “Darkmarket.ws”13. Lusthaus, “Trust.”

Dow

nloa

ded

by [

Dal

hous

ie U

nive

rsity

] at

07:

27 1

2 Ju

ly 2

014

Global Crime 55

business and profit, rather than the traditional ideological concerns of hackers.14 A numberof members of these forums do not appear to be high-level hackers and some may notbe classified as hackers at all.15 The world of cybercrime has evolved to the point where,like physical crime, there is a division of labour and various cybercriminals have specialistskills sets, not all involving elite computing abilities. For instance, some can recruit othersto do the technical work for them. Others can buy and exploit code created by expertcoders. Some simply specialise in the risky business of ‘cashing out’ profits made onlineinto tangible physical assets.

What makes these forums noteworthy is that they appear to seek a level of governancewithin the cybercriminal world. The administrators and moderators of forums provide adegree of third-party enforcement over illicit transactions online. They primarily do thisby offering a secure place for cybercriminals to congregate online, often restricting accessto the forums to those who have been vetted in some way, usually by other existing mem-bers. The site officers also establish and award formal levels of trustworthiness amongmembers, which have to be earned over time. But the second function performed by theforum officers is to directly police against scamming or ‘ripping’. This policing role notonly excludes scammers from the site but also acts as a deterrent to would-be scammersand as a general guarantee that the site is a safe place to do business.16 Some forums,like DarkMarket, demonstrate even more sophisticated elements of criminal governance.First, the site was able to act as a guarantor for transactions when cybercriminal tradersemployed DarkMarket’s own escrow service, thereby reducing opportunities for fraud. Theforum’s other services also included arbitrating disputes between parties. Finally, under theDarkMarket system, various forum officers took a 5% or £250 cut from transactions as a‘fixer’s fee’, in similar way that mafia members receive protection money.17

If such trading forums are to be considered organised crime groups, various commen-tators and cybercriminals have at least (perhaps accidently) identified mafia as the relevantgenus. After all, it seems that these forums are actually concerned with the supply of protec-tion, rather than any other commodity or service. When site administrators and moderatorsenforce forum rules and monitor user behaviour, they are inserting a degree of trust into aworld where such trust is largely lacking. In cases such as DarkMarket, where the forumhierarchy guarantees transactions as a third party and offers dispute resolution mechanisms,these forums appear to play similar roles to that of traditional mafias in illegal markets. Theanalogy appears even more apt when forums like DarkMarket receive a ‘cut’ for the rolesthat they play.18 In fact, this is precisely the role played by the American mafia duringProhibition when it guaranteed the trade of bootlegged alcohol by establishing illegal ‘curbexchanges’.19

But, to be classified as a mafia, the major question is not simply whether these forumssupply protection, but whether they attempt to control the supply of protection. Lowbarriers to entry in establishing such a forum, requiring relatively basic programming skills,and the vastness of the Internet, would suggest that an Internet monopoly in this area wouldbe a difficult proposition. Nonetheless, there are suggestions that some do try. The best

14. Lusthaus, “Trust,” 80.15. Author, interview with former cybercriminal, August 5 2011.16. Lusthaus, “Trust,” 89–90.17. Davies, “Welcome to Darkmarket.”18. Lusthaus, “Trust,” 90.19. Varese, Mafias on the Move, 114–20.

Dow

nloa

ded

by [

Dal

hous

ie U

nive

rsity

] at

07:

27 1

2 Ju

ly 2

014

56 J. Lusthaus

example of this is the story of the hacker Iceman (aka Max Butler aka Max Ray Vision),who was the administrator of a major cybercriminal forum called CardersMarket. As men-tioned in Kevin Poulsen’s excellent account Kingpin,20 Iceman launched a campaign tounify the major cybercriminal forums under his control. Using his high-level hacking skills,Iceman snuck into each site, stealing its membership information and other data. He thenmerged the cybercriminal membership into his own forum and took down the pre-existingsites. With the exception of DarkMarket, which would soon be at war with CardersMarket,all the other sites were either destroyed or had their credibility irreparably damaged. In apost to CardersMarket’s newly expanded membership, Iceman described his motivation toorganise the ‘carding’ underworld and become the sole supplier of protection: ‘What is thepoint? Security. Convenience. Increase quality and decrease the noise. Bringing order to amess . . . ’.21

An example like this shows how close cybercriminal forums come to fulfilling therole of a mafia. But in the end, they fall just short. Cybercriminal forums are like mafiasbut they are not mafias. Ultimately, they face too many challenges to take on that man-tle. First, forums struggle to act as mafias because the task of effectively governing thecybercrime trade is inherently difficult. Cybercriminal forums provide a weak form of gov-ernance because monitoring and enforcement are virtual rather than physical. Anonymityand geographical dispersion mean that one cannot simply ‘pay a visit’ to a malefactorlike a Mafioso would. The most serious and effective form of punishment in a forum isexclusion.22 Exclusion prevents someone from operating in a key marketplace and meansthat their reputation may be tarnished in other online locations. But it does not preventscammers logging onto other forums, or returning to the same forum under a differentname, albeit with the burden of establishing a new reputation. In fact, some cybercrim-inals operate under different names or alter their user name over time. Ultimately, theseonline punishments pale into insignificance when compared with the punishments of offlinemafias, the most serious of which is death.

The second and perhaps fundamental challenge to online trading forums being clas-sified as mafias is that it is difficult to classify these markets as criminal organisations atall. As many of their names indicate (DarkMarket, Ghostmarket and CardersMarket), theyshould be viewed as marketplaces rather than anything else. A mafia is not a marketplace.A mafia may attempt to govern various marketplaces, but its existence is distinct from theindividual enterprises it is involved with. For instance, while the mafia oversaw the curbexchanges during Prohibition, this was not its sole occupation as it was involved in a num-ber of other activities. Likewise, while the Sicilian mafia has controlled the Palermo fishmarket for some time,23 the fish market is not itself a mafia. The Sicilian mafia is the mafia.

The problem facing the conception of online forums as mafias is that their struc-ture and organisation appear to be tied to the site itself rather than to an autonomousgroup. Ultimately, while strong bonds can be developed between individual cybercrimi-nals on these forums, as a larger group there is very little holding them together, other thanthe technical architecture of the website. There is little evidence suggesting that the keyforum officers belong to a defined and organised group outside of the forum setting. It isnot surprising, therefore, that online forums are rarely enduring. The major markets like

20. Poulsen, Kingpin, 159–69.21. Ibid., 164.22. Lusthaus, “Trust,” 90.23. Gambetta, The Sicilian Mafia, 202–6.

Dow

nloa

ded

by [

Dal

hous

ie U

nive

rsity

] at

07:

27 1

2 Ju

ly 2

014

Global Crime 57

ShadowCrew and DarkMarket generally operate for only a few years. They usually disinte-grate when law enforcement scrutiny of the sites increases and its key leaders are arrested.While previous members might build a new forum from scratch, the previous ‘organisa-tion’ has ended with the fall of its leaders and the death of the site. This is in contrast toa number of mafia groups, which might be damaged by such scrutiny or arrests, but canoften limp on or rebuild, demonstrating an institution that is sustainable and independentfrom its individual enterprises and key leadership.

Cybercrime as organised crime?

Leaving aside the issue of trading forums, this section addresses whether other less doc-umented examples of cybercrime might fall under the definition of organised crime. In anumber of cases, the answer is clearly no. First, many cybercriminal groups are small,loosely structured and without a clear agenda. One former cybercriminal I have spokenwith belonged to a hacking group that was more akin to a collective in its approach.There was no formal hierarchy, only an informal pecking order, and orders could not begiven. Its purpose was primarily for sharing and collaboration.24 Such groups have limitedorganisation in a broad sense, let alone meeting the strict requirements of academic defi-nitions. Second, other groups that are more tightly structured often fall into the categoryof Schelling’s burglars. They might have a certain level of organisation but they do notconstitute organised crime. These groups can be involved in fraud, hacking, identity theft,extortion of companies, spamming or a whole range of other activities. But in most cases,they have very little hope of governing an aspect of the underworld. In fact, much likeSchelling’s burglars, these cybercriminals are mostly concerned with simply carrying outtheir scams.

Nonetheless, although data on this is very limited at best, some groups have beenemerging that might suggest an online appropriation of the role played by traditional organ-ised crime groups in regulating/controlling the production/distribution of a product orservice. A good example of this was the operations of a Turkish cybercriminal known asCha0, who marketed and sold skimmers and PIN pads online, which could be attached toATMs to record the card data and matching pins.25 First, using his position as an admin-istrator on DarkMarket, it appears that Cha0 manufactured perceived grievances againstanother skimmer salesman called Dron and had him excluded from the forum so as tomake Cha0 the primary provider of skimmers. Second, once Cha0 had reduced his com-petition, he altered his business model from selling skimmers to renting them out. Therenters would now only manage to download encrypted data from the machines, for whichCha0 had the key, and would be forced to send this information back to Cha0 who wouldarrange for the card details to be ‘cashed out’, then provide a cut back to them.26 The geniusof Cha0’s operation was that he effectively deputised all those who hired his skimmers intode facto members of his organisation. He was moving further in his attempts to control theskimming industry, in a similar way that an organised crime group might act in anothercontext.

Another area of the dark web that shows similarities to organised crime, and specificallymafias, is ‘bulletproof hosting’. This type of hosting differs from conventional Internet

24. Author, interview with former cybercriminal.25. Singel, “Turkish Police.”26. Glenny, DarkMarket, 284–6.

Dow

nloa

ded

by [

Dal

hous

ie U

nive

rsity

] at

07:

27 1

2 Ju

ly 2

014

58 J. Lusthaus

hosting, in that the provider will not shut down clients whose activities are unethical orillegal. As a result, such bulletproof hosting is very attractive to cybercriminals and is wellknown for providing services to pornography sites and spammers among others. The mostfamous bulletproof host has been the Russian Business Network (RBN), widely discussedbut still extremely shadowy and poorly understood.27 There is precious little informationdescribing the current operations of RBN, its location or other important details, but itsostensible operations serve as a useful discussion point.

By providing a secure place for cybercriminals to operate, safe from being shut downby authorities, bulletproof hosts are essentially selling a form of protection.28 This mightbe the sole modus operandi of certain bulletproof hosts, but RBN has appeared to take astep further in possibly seeking expansion and further control over the protection market.It was reported in 2008 that RBN was running a protection racket of sorts. The claim wasthat RBN’s tactics were to monitor online discussion of web protective services by thoserunning possibly nefarious websites. RBN would launch a DDoS attack on the sites, with athird party then making an approach offering the ‘protection’ of RBN services against suchattacks for $2000 a month.29 While other providers of web protection services exist, manyof which are legitimate businesses, or an approach could be made to law enforcement, theshadowy operations of these sites makes these avenues less appealing. This scenario is verysimilar to how some traditional mafias operate in the physical world. What this exampleshows is the possibility that bulletproof hosts could move from simply selling protection totrying to extend their control over the supply of protection.

Conclusion

Despite suggestions of organised crime on the web, there are a number of challenges toclassifying the examples discussed in this research note as fully fledged organised crimegroups. First, violence is at the heart of traditional organised crime groups’ regulation andcontrol of various markets, but in the context of the Internet, there appears to be no directlyanalogous tool. Exclusion from online groupings and attacks such as DDoS can be used asa means of coercion and control, sometimes with extremely damaging results, but it seemsunlikely any resulting harm/damage could be as threatening or effective in maintainingorder as death or serious physical harm.

Second, issues of territory, and control over that territory, are also central to concep-tions of traditional organised crime, but appear much more complex in the context ofcybercrime. Bulletproof hosting, among other phenomenon, seems to provide some type ofcyber analogy to territory and control over that territory. But with limited data on such oper-ations, as yet it is unclear how exact the comparisons to conventional territory are. In thecase of other cybercriminal groups, a lack of defined territory is clearly a major obstaclefor attempted control over a criminal market. For instance, in the example of Cha0’s skim-ming operation, the Internet is so vast and largely unconstricted by geographical barriers,that the difficulties of trying to control the distribution of skimmers are immense, when

27. See, for instance, Krebs, “Shadowy Russian Firm Seen as Conduit for Cybercrime.”28. It should be noted that bulletproof hosts are never, in fact, completely bulletproof. The Internet isfundamentally interconnected and so, when enough pressure is mounted, bulletproof hosts have beenand continue to be cut off by “upstream” providers, thereby also cutting off their clients.29. Keizer, “Russian Hosting Network.”

Dow

nloa

ded

by [

Dal

hous

ie U

nive

rsity

] at

07:

27 1

2 Ju

ly 2

014

Global Crime 59

suppliers can emerge from across the world and countless forums, channels, websites, per-sonal communications and other places online can be used to sell them. As cybercriminalsare not constrained to a specific forum or online space, there is no territory to defend in thesame way that, for instance, drug-dealing operations do in the physical world.

Third, tied to the points concerning enforcement and territoriality, as well as the generaldynamism of the Internet, there is a difficulty in forming tight groupings online that havetheir own integrity and are not fragile under pressure. As in the case of trading forums, itis difficult to classify enterprises as organised crime groups, if they can hardly be consid-ered autonomous groups at all. Instead, it is possible that groups that might have a morestable and cohesive presence in cyberspace may in fact be the online manifestation of astrong offline organisation. This links to suggestions, beyond the scope of this article, thatbona fide traditional organised crime groups may be involving themselves in cybercrime.30

Finally, as noted above, at the heart of definitions of organised crime is the idea of gover-nance. Trading forums clearly attempt to provide this to their members. But in the casesof examples like Cha0’s operation or RBN, their primary concern appears to be the saleof their products/services. While interested in expanding their market share, the issue ofgovernance is less clear in their modus operandi.

With a great dearth of reliable data on cybercriminal groups, it is very dangerous tomake sweeping classifications about how various online groups might constitute organisedcrime. While the suggestions of organised criminal behaviours observed in this note mightleave open the possibility of organised crime groups forming on the web, at present, thereare simply too many challenges, and not enough solid evidence, to allow for this categori-sation. Examples discussed in this note appear to come close to appropriating some of theroles played by organised crime, but none demonstrate evidence of playing all of themat the same time. All the groups face questions over enforcement, territoriality, fragilityand/or attempts to provide genuine governance. In the end, given the novel landscape ofcyberspace, we should not necessarily expect exact replicas of traditional criminal organi-sation online. Nonetheless, as this note demonstrates, conventional theoretical approachesand comparisons with traditional organised crime groups still remain useful tools in under-standing some of the issues facing cybercriminal groups and potentially explaining theapproaches they take to address them.

AcknowledgementI thank Valeria Pizzini-Gambetta for providing comments on an earlier iteration of this research note.

Notes on contributorJonathan Lusthaus is a freelance writer and an Associate Member of the Extra-Legal GovernanceInstitute at the University of Oxford. His current research focusses on the organisation of profit-drivencybercrime. He has written widely for academic, policy and media publications and has worked ata number of think tanks and universities, including most recently as a research analyst at the Centrefor International Security Studies, the University of Sydney.

30. There are suggestions that both the RBN’s and Cha0’s operation had links to offline networkswith possible connections to organised crime and/or political elites. See, for instance, Glenny,DarkMarket; Book Two and Goldman, “The Cyber Mafia Has Already Hacked You.”

Dow

nloa

ded

by [

Dal

hous

ie U

nive

rsity

] at

07:

27 1

2 Ju

ly 2

014

60 J. Lusthaus

ReferencesDavies, Caroline. “Welcome to Darkmarket – Global One-Stop Shop for Cybercrime and Banking

Fraud.” The Guardian. Accessed August 1, 2011. http://www.guardian.co.uk/technology/2010/jan/14/darkmarket-onlinefraud-trial-wembley

F-Secure. “What Did Darkmarket.ws Look Like?” F-Secure. Accessed October 19, 2012. http://www.fsecure.com/weblog/archives/00001679.html

Finjan Malicious Code Research Center. Web Security Trends Report – Q2 2008. San Jose, CA:Finjan, 2008.

Gambetta, Diego. The Sicilian Mafia: The Business of Private Protection. Cambridge, MA: HarvardUniversity Press, 1993.

Glenny, Misha. DarkMarket: How Hackers Became the New Mafia. London: Vintage Books, 2012.Goldman, David. “The Cyber Mafia Has Already Hacked You.” CNNMoney. Accessed October 19,

2012. http://money.cnn.com/2011/07/27/technology/organized_cybercrime/index.htmKeizer, Gregg. “Russian Hosting Network Running a Protection Racket, Researcher Says.”

Computerworld. Accessed October 19, 2010. http://www.computerworld.com/s/article/9063418/Russian_hosting_network_running_a_protection_racket_researcher_says

Krebs, Brian. “Shadowy Russian Firm Seen as Conduit for Cybercrime.” The WashingtonPost. Accessed October 19, 2012. http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101202461_pf.html

Lusthaus, Jonathan. “Trust in the World of Cybercrime.” Global Crime 13, no. 2 (2012): 71–94.McMillan, Robert. “FBI: Cybercriminals Taking Cues from Mafia.” PCWorld. Accessed January 2,

2013. http://www.pcworld.com/article/126664/article.htmlMcQuade, Samuel. Understanding and Managing Cybercrime. Boston, MA: Allyn and Bacon, 2006.Pileggi, Nicholas. Wiseguy: Life in a Mafia Family. New York: Pocket Books, Simon & Schuster,

1986.Poulsen, Kevin. Kingpin. New York: Crown Publishers, 2011.Schelling, Thomas. “What Is the Business of Organized Crime?” Journal of Public Law 20, no. 1

(1971): 71–84.Singel, Ryan. “Turkish Police Arrest Alleged ATM Hacker-Kidnapper.” Wired. Accessed October

19, 2012. http://www.wired.com/threatlevel/2008/09/turkish-police/Varese, Federico. Mafias on the Move. Princeton, NJ: Princeton University Press, 2011.Varese, Federico. “What Is Organized Crime?” In Organized Crime: Critical Concepts in

Criminology, edited by Federico Varese, 1–33. New York: Routledge, 2010.

Dow

nloa

ded

by [

Dal

hous

ie U

nive

rsity

] at

07:

27 1

2 Ju

ly 2

014