Crime, Law and Social Change

, Volume 67, Issue 1, pp 39–53 | Cite as

Origin, growth and criminal capabilities of cybercriminal networks. An international empirical analysis

  • E. Rutger Leukfeldt
  • Edward R. Kleemans
  • Wouter P. Stol


Two recent studies which are part of the Dutch Research Program on the Safety and Security of Online Banking, present empirical material regarding the origin, growth and criminal capabilities of cybercriminal networks carrying out attacks on customers of financial institutions. This article extrapolates upon the analysis of Dutch cases and complements the existing picture by providing insight into 22 cybercriminal networks active in Germany, the United Kingdom and the United States. The analysis regarding origin and growth shows that social ties play an important role in the majority of networks. These networks usually originate and grow either by means of social contacts alone or by the combined use of social contacts and forums (to recruit specialists). Equally, however, forums play a vital role within the majority of the networks by offering a place where co-offenders can meet, recruit and trade criminal ‘services’. Moreover, those networks where origin and growth is primarily based on forums appear capable of creating more flexible forms of cooperation between key members and enablers, thereby facilitating a limited number of core members to become international players. Analysis of the capabilities of criminal networks shows that all networks are primarily targeted towards customers of financial institutions, but most networks are not restricted to one type of crime. Core members are often involved in other forms of offline and online crime. The majority of networks fall into the high-tech category of networks, mostly international, high-tech networks. These are networks with core members, enablers, and victims originating from different countries.


Cybercrime Criminal networks Social opportunity structures Offender convergence settings Phishing Malware 


  1. 1.
    Décary-Hétu, D., & Dupont, B. (2012). The social network of hackers. Global Crime, 13(3), 160–175.CrossRefGoogle Scholar
  2. 2.
    Dupont, B., Côté, A., Savine, C., & Décary-Hétu, D. (2016). The ecology of trust among hackers. Global Crime, 17(2), 129–151.CrossRefGoogle Scholar
  3. 3.
    Holt, J. T., & Lampke, E. (2009). Exploring stolen data markets online: Products and market forces. Criminal Justice Studies, 23(1), 33–50.CrossRefGoogle Scholar
  4. 4.
    Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2016a). Cybercriminal networks, social ties and online forums. Social ties versus digital ties within phishing and malware networks. British Journal of Criminology. doi: 10.1093/bjc/azw009.Google Scholar
  5. 5.
    Leukfeldt, E.R., Kleemans, E.R., & Stol, W.P. (2016b). A typology of cybercriminal networks: From low tech locals to high tech specialists. Crime, Law and Social Change. doi: 10.1007/s10611-016-9646-2.
  6. 6.
    Lu, Y., Luo, X., Polgar, M., & Cao, Y. (2010). Social network analysis of a criminal hacker community. Journal of Computer Information Systems, 51(2), 31–41.Google Scholar
  7. 7.
    Peretti, K. K. (2008). Data breaches: what the underground world of “carding” reveals. Santa Clara Computer and High Technology Law Journal, 25(2), 345–414.Google Scholar
  8. 8.
    Soudijn, M. R. J., & Zegers, B. C. H. T. (2012). Cybercrime and virtual offender convergence settings. Trends in Organized Crime, 15(2), 111–129.CrossRefGoogle Scholar
  9. 9.
    Yip, M., Shadbolt, N., & Webber, C. (2012). Structural Analysis of Online Criminal Social Networks. Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI) 2012, 60–65. June 11–14, 2012, Washington.Google Scholar
  10. 10.
    Kleemans, E. R., van de Bunt, H. G., & van den Berg, E. A. I. M. (1998). Georganiseerde criminaliteit in Nederland. Rapportage op basis van de WODC Monitor [Organized Crime in the Netherlands]. The Hague: Ministry of Justice / WODC.Google Scholar
  11. 11.
    Kruisbergen, E. W., van de Bunt, H. G., & Kleemans, E. R. (2012). Georganiseerde criminaliteit in Nederland. Vierde rapportage op basis van de Monitor Georganiseerde Criminaliteit [Organized Crime in the Netherlands]. The Hague: WODC.Google Scholar
  12. 12.
    Lastdrager, E. E. H. (2014). Achieving a consensual definition of phishing based on a systematic review of the literature. Crime Science, 3(9), 1–6.Google Scholar
  13. 13.
    Leukfeldt, E. R. (2014). Cybercrime and social ties. Phishing in Amsterdam. Trends in Organized Crime, 17(4), 231–249.Google Scholar
  14. 14.
    Kleemans, E. R. (2014). Organized crime research: Challenging assumptions and informing policy. In J. Knutsson & E. Cockbain (Eds.), Applied police research: challenges and opportunities. Crime science series. Cullompton: Willan.Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2016

Authors and Affiliations

  • E. Rutger Leukfeldt
    • 1
    • 2
  • Edward R. Kleemans
    • 1
    • 3
  • Wouter P. Stol
    • 2
  1. 1.Netherlands Institute for the Study of Crime and Law Enforcement (NSCR)AmsterdamThe Netherlands
  2. 2.Open University of the NetherlandsHeerlenThe Netherlands
  3. 3.VU University AmsterdamAmsterdamThe Netherlands

Personalised recommendations