If your mental image of a cybercriminal is Don Corleone keyboard-mashing code in his mother’s basement, you may be in need of an update.
Research published in the International Journal of Offender Therapy and Comparative Criminology has found that hackers, who are globally responsible for between $445bn and $600bn of economic damage every year, instead correspond to a rather different stereotype.
“It’s not the ‘Tony Soprano mob boss type’ who’s ordering crime against financial institutions,” according to co-author Thomas Holt, a professor at Michigan State University, but rather “loose groups of individuals who come together to do one thing, do it really well… then disappear”.
The researchers reviewed 18 Dutch prosecutions in phishing cases, with evidence coming from wire taps, house searches, stakeouts and undercover policing. They found that hackers generally connected online in order to create teams with the necessary functional skills for their proposed crime, often around a core group.
“If someone has specific expertise in password encryption and another can code in a specific programming language, they work together because they can be more effective - and cause greater disruption - together than alone,” says Holt.
In essence, sophisticated cybercriminal gangs show features of decentralised, networked organisations - where high-powered teams collaborate on a project-by-project basis with, dare we say, the agility one would expect more from Silicon Valley than from the mafia.
While businesses may be reluctant to take tips on organisational structure or lean project management from a bunch of internet crooks, the research may still come as a wake-up call for those who have underestimated the sophistication of cybercriminals or the financial and reputational threat they pose.
Recognising that breaches don’t just happen to other people making stupid mistakes is, after all, the first step toward creating solid cybersecurity defences.
Image credit: Mondadori via Getty Images