Trends in Organized Crime

, Volume 11, Issue 3, pp 270–295 | Cite as

Organised crime groups in cyberspace: a typology

  • Kim-Kwang Raymond ChooEmail author


Three categories of organised groups that exploit advances in information and communications technologies (ICT) to infringe legal and regulatory controls: (1) traditional organised criminal groups which make use of ICT to enhance their terrestrial criminal activities; (2) organised cybercriminal groups which operate exclusively online; and (3) organised groups of ideologically and politically motivated individuals who make use of ICT to facilitate their criminal conduct are described in this article. The need for law enforcement to have in-depth knowledge of computer forensic principles, guidelines, procedures, tools, and techniques, as well as anti-forensic tools and techniques will become more pronounced with the increased likelihood of digital content being a source of disputes or forming part of underlying evidence to support or refute a dispute in judicial proceedings. There is also a need for new strategies of response and further research on analysing organised criminal activities in cyberspace.


Organised crime groups Cybercrime Technology-enabled crime Digital evidence 



The author is most grateful to the two anonymous referees and the editor-in-chief for their constructive feedback. Despite their invaluable assistance, any errors remaining are solely attributed to the author.


  1. Abelson J (2007) Breach of data at TJX is called the biggest ever. The Boston Globe, 29 March. Avialable at:
  2. Adam A (2002) Cyberstalking and Internet pornography: gender and the gaze. Ethics Inf Technol 4(2):133–42CrossRefGoogle Scholar
  3. Ahmad R (2007) Slashing through the Web of terror. Todayonline, 3 MarchGoogle Scholar
  4. Ames B (2007) Online spending tops US$100 billion., 05 JanuaryGoogle Scholar
  5. APACS (2008). Quarterly statistical release (15.05.08). Available at:
  6. Armagh DS, Battaglia NL (2006) Use of computers in the sexual exploitation of children, 2nd edn. US Department of Justice, Office of Justice Programs, Office of Juvenile Justice and Delinquency Prevention, Washington, DCGoogle Scholar
  7. Asia-Pacific Group on Money Laundering (APG) (2006) The Asia/Pacific Group on Money Laundering (APG) yearly typologies report 2005–2006. Available at:
  8. AusCERT (2006) Computer crime and security survey. Available at:
  9. Australia Associated Press (AAP) (2007) Selim cleared over destruction of data. 19 April. Available at:
  10. Australia Associated Press (AAP) (2008) Police unveil $1 million internet scam. 23 February. Available at:
  11. Australian Crime Commission (ACC) (2007) Illicit drug data report 2005–06. Available at:
  12. Australian Crime Commission (ACC) (2008) Organised crime in Australia. Available at:
  13. Australian Federal Police (AFP) (2008) National child porn operation nets 90 people. Media release 5 June. Available at:
  14. Australian Institute of Criminology (AIC) (2006) Acquiring high tech crime tools. High tech crime brief no 13. Available at:
  15. Australian Institute of Criminology (AIC) (2007) Money mules. High tech crime brief no. 16. Available at:
  16. Australian Payments Clearing Association (APCA) (2005) Annual report 2005. Available at:
  17. Bakier AH (2008) Jihadi website advises recruits on how to join al-Qaeda. Terrorism Focus V(18):3–4Google Scholar
  18. BBC News (2001) Russia arrests ‘grandfather of cybercrime’. BBC News, 26 May. Available at:
  19. Bequai A (2001) Organized crime goes cyber. Comput Secur 20(6):475–478CrossRefGoogle Scholar
  20. Brenner SW (2002) Organized cybercrime? How cyberspace may affect the structure of criminal relationships. North Carolina Journal of Law & Technology 4(1):1–50Google Scholar
  21. Canadian Security Intelligence Service (2000) Transnational criminal activity: a global context. Available at:
  22. Casey E (2002) Error, uncertainty, and loss in digital evidence. Int J Digit Evidence 1(2)Google Scholar
  23. Charlton J (2005) Al Qaeda buys cyber criminal expertise. Comput Fraud Secur 2005(3):9CrossRefGoogle Scholar
  24. Choo KKR (2007) Zombies and botnets. Trends & Issue, 333. Australian Institute of Criminology. Available at:
  25. Choo KKR (2008) Money laundering and terrorism financing risks of prepaid cards instruments? Asian J Criminol (in press). doi: 10.1007/s11417-008-9051-6
  26. Choo KKR, Smith RG (2008) Criminal exploitation of online systems by organised crime groups. Asian J Criminol 3(1):37–59Google Scholar
  27. Choo KKR, Smith RG, McCusker R (2007) Future directions in technology-enabled crime. Research and public policy series no 78. Australian Institute of Criminology. Available at:
  28. CipherTrust (2005) Phishing: organized crime for the 21st century. Available at:
  29. Cohen CL (2007) Growing challenge of computer forensics. Police Chief 74(3). Available at:
  30. Cooke E, Jahanian F, McPherson D (2005) The zombie roundup: understanding, detecting, and disrupting botnets. In: SRUTI’05 Workshop Proceedings. USENIX Association, Berkeley CA, pp 35–44Google Scholar
  31. Curry A, McGrane S (2006) China’s cyberwarriors. Foreign Policy, September/October issue no. 93Google Scholar
  32. Enforcement Bulletin (2007) Raid of a major pirate packaging facility in Guangzhou. Enforcement Bulletin Issue 33, p 5Google Scholar
  33. Evron G (2008) Battling botnets and online mobs. Georget J Int Affairs Winter/Spring 2008:121–126Google Scholar
  34. FBI (2008a) Major child porn ring busted and 20 children rescued worldwide. Press release, 6 March. Available at:
  35. FBI (2008b) Department of Justice launches new law enforcement strategy to combat increasing threat of international organized crime. Press release, 23 April. Available at:
  36. Franklin J, Paxson V, Perrig A, Savage S (2007) An inquiry into the nature and causes of the wealth of internet miscreants. In: Ning P, di Vimercati SDC, Syverson PF (eds) Proceedings of the 14th ACM conference on Computer and communications security, ACM CCS 2007, Alexandria, Virginia, USA, October 28–31, 2007. ACM, New York, pp 375–388Google Scholar
  37. Galeotti M (2008) Criminal histories: an introduction. Global Crime 9(1–2):1–7CrossRefGoogle Scholar
  38. Garretson C (2007) Whaling: Latest e-mail scam targets executives. Computerworld, 16 November. Available at:
  39. Gerstenfeld PB, Grant DR, Chiang C (2003) Hate online: a content analysis of extremist internet sites. Analyses of Social Issues and Public Policy 3(1):29–44CrossRefGoogle Scholar
  40. Goodin D (2007) TJX agrees to pay banks $41m to cover Visa losses. Channel register, 3 December. Available at:
  41. Goodin D (2008) Rent-a-bot gang rises from the DDoS ashes. Channel register, 13 March. Available at:
  42. Grabosky P (2007) Requirements of prosecution services to deal with cyber crime. Crime Law Soc Chang 47(4–5):201–223CrossRefGoogle Scholar
  43. Great Britain Crown Prosecution Service (GB CPS) (2006). Convictions for internet rape plan. Media release, 1 DecemberGoogle Scholar
  44. Harding T (2007) Terrorists ‘use Google maps to hit UK troops’., 13 JanuaryGoogle Scholar
  45. Harrison C (2006) Cyberspace and child abuse images: a feminist perspective. Affilia 21(4):365–379CrossRefGoogle Scholar
  46. Ianelli N, Hackworth A (2005) Botnets as a vehicle for online crime. CERT Coordination Center, Pittsburgh PAGoogle Scholar
  47. Infosecurity (2007) Interview: Eugene Kaspersky 2007. Infosecurity, May/June issueGoogle Scholar
  48. Institute of Defence and Strategic Studies (IDSS) (2006) Proceedings of the International conference on Terrorism in Southeast Asia: the threat and response. Available at:
  49. Jaques R (2006) European police nab zombie hackers., 27 JunGoogle Scholar
  50. Jen WY, Chang W, Chou S (2006) Cybercrime in Taiwan: an analysis of suspect records. Paper to Workshop on Intelligence and SecurityGoogle Scholar
  51. Keizer G (2007) Porn sites serve up Mpack attacks. Computerworld, 25 June. Available at:
  52. Keizer G (2008) Researcher: Russian hosting network runs a protection racket. Computerworld, 20 February. Available at:
  53. Kirk J (2007a) Hackers build private IM to keep out the law., 28 MarchGoogle Scholar
  54. Kirk J (2007b) Symantec: Chinese hackers grow in number, skills., 18 MayGoogle Scholar
  55. Kirk J (2007c) Estonia recovers from massive denial-of-service attack. InfoWorld, 17 MayGoogle Scholar
  56. Kshetri N (2005) Pattern of global cyber war and crime: a conceptual framework. J Internat Manag 11(4):541–562CrossRefGoogle Scholar
  57. Kshetri N (2006) The simple economics of cybercrimes. IEEE Security Privacy 4(1):33–39CrossRefGoogle Scholar
  58. Lal R (2005) South Asian organized crime and terrorist networks. Orbis 49(2):293–304CrossRefGoogle Scholar
  59. Lesk M (2007) The new front line: Estonia under cyberassault. IEEE Security Privacy 5(4):76–79CrossRefGoogle Scholar
  60. Leyden J (2007) MI5 warns over China hacking menace. The register, 3 December. Available at:
  61. Libbenga J (2007) Another 419 scam ring nicked. The register, 25 April. Available at:
  62. Libbenga J, Leyden J (2007) Dutch botnet duo sentenced. The register, 1 February. Available at:
  63. Marks P (2007) How to leak a secret and not get caught. New Sci 2586:13Google Scholar
  64. McAfee (2006) Virtual criminology report: organised crime and the internet. McAfee, Santa Clara, CAGoogle Scholar
  65. McCombie S (2007) Organised cybercrime & phishing: the godfathers of the internet. Presentation at the Technology Trends 2007 seminars, CSIRO ICT centre, Australia, 12 February. Available at:
  66. McCusker R (2006) Transnational organised cyber crime—distinguishing threat from reality. Crime Law Soc Chang 46:257–273CrossRefGoogle Scholar
  67. McGraw G (2006) Interview: silver bullet speaks to Avi Rubin. IEEE Security Privacy 4(3):11–13CrossRefGoogle Scholar
  68. McMillan R (2008) Criminals hack ceos with fake subpoenas. PC world, 14 April. Available at:
  69. Miller N (2007) From Russia with malice: criminals trawl the world. The age, 24 JulyGoogle Scholar
  70. MSN—Mainichi Daily News (2006) Inside the Yamaguchi-gumi: Ex-gangster’s life a history of Japan’s postwar underworld. MSN—Mainichi Daily News, 24 MayGoogle Scholar
  71. NACHA (2008) NACHA reports more than 18 billion ach payments in 2007. Media release, 19 May. Available at:
  72. National Institute of Standards and Technology (NIST) (2006) Guide to integrating forensic techniques into incident response. NIST computer security special publications SP800-86. NIST, Rockville, MD Available at: Google Scholar
  73. National Science and Technology Council (NSTC) (2006) Federal plan for cyber security and information assurance research and development. NIST, Arlington, VAGoogle Scholar
  74. National White Collar Crime Center and Federal Bureau of Investigation (NW3C/FBI) (2007) 2006 IC3 annual internet fraud report. Available at:
  75. Office of the United States Trade Representative (2007) 2007 Special 301 report. Available at:
  76. Organized Crime and Triad Bureau (2007) Triad activities in Hong Kong. Hong Kong Police, 30 MayGoogle Scholar
  77. Parliamentary Joint Committee on the Australian Crime Commission (2007) Inquiry into the future impact of serious and organised crime on Australian society. Parliament House, Canberra SeptemberGoogle Scholar
  78. Pereira J (2007) How credit-card data went out wireless door. The Wall Street Journal, 4 MayGoogle Scholar
  79. PricewaterhouseCoopers (PwC) (2006) DTI information security breaches survey 2006. Available at:
  80. Rodriguez A (2007) Attacks on Estonia move to new front. Chicago Tribune, 29 MayGoogle Scholar
  81. Rogers M, Scarborough K, Frakes K, San Martin C (2007) Survey of law enforcement perceptions regarding digital evidence. IFIP Int Fed Inform Process 242:41–52CrossRefGoogle Scholar
  82. Schrank P (2007) Newly nasty. The Economist, 24 MayGoogle Scholar
  83. Sein AJ (2008) The prosecution of Chinese organized crime groups: the Sister Ping case and its lessons. Trends Organ Crim 11(2):157–182Google Scholar
  84. Serious Organised Crime Agency (SOCA) (2006) The United Kingdom threat assessment of serious organised crime. Available at:
  85. Serious Organised Crime Agency (SOCA) (2008) The United Kingdom threat assessment of serious organised crime. Available at:
  86. Simon Wiesenthal Center (2008) iReport: online terror + hate the first decade. Available at:
  87. Singapore Commercial Affairs Department (CAD) (2006) Money mules. Available at:
  88. Singapore Commercial Affairs Department (CAD) (2007) Case of 6-members credit card skimming syndicate. Media release, 21 MayGoogle Scholar
  89. Singapore Ministry of Home Affairs (MHA) (2004) Second reading speech for the Criminal Law (Temporary Provisions) (Amendment) Bill, Ministry Of Home Affairs—Speech by Associate Professor Ho Peng Kee, Senior Minister of State for Law and Home Affairs on 1 September 2004. Available at:
  90. Singapore Police Force (SPF) (2007) Unlicensed moneylending syndicate busted—$130,000 seized. Media release, 13 AprilGoogle Scholar
  91. Singh S (2007) The risks to business presented by organised and economically motivated criminal enterprises. J Financ Crime 14(1):79–83CrossRefGoogle Scholar
  92. Sophos (2007) Businesses warned by MI5 of Chinese espionage threat, Sophos offers advice. News release, 1 December. Available at:
  93. Swenson P, Shenoi S (2007) File system journal forensics. IFIP Int Fed Inform Process 242:231–244CrossRefGoogle Scholar
  94. Symantec (2007) Symantec internet security threat report vol. XI. Available at:
  95. Todayonline (2007) Tigers have joined jihadi drug trade, says official. Todayonline, 11 JuneGoogle Scholar
  96. United Kingdom Child Exploitation and Online Protection (UK CEOP) (2007) Global online child abuse network smashed—CEOP lead international operation into UK based paedophile ring. Media release, 18 JuneGoogle Scholar
  97. United Kingdom Organised Crime Task Force (UK OCTF) (2007) Annual report and threat assessment 2007: organised crime in Northern Ireland. Available at:
  98. United States Department of Justice (US DoJ) (2006) ‘Botherder’ dealt record prison sentence for selling and spreading malicious computer code. Media release, 8 MayGoogle Scholar
  99. United States Department of Justice (US DoJ) (2007a) Owners/operators of Asian massage parlors charged with transporting persons for prostitution. Media release, 11 MayGoogle Scholar
  100. United States Department of Justice (US DoJ) (2007b) Extradited software piracy ringleader sentenced to 51 months in prison. Media release, 22 June. Available at:
  101. United States Department of Justice (US DoJ) (2007c) Former member of the US navy indicted on terrorism and espionage charges. Media release, 31 March. Available at:
  102. United States Department of Justice (US DoJ) (2007d) Heroin kingpin—first defendant ever extradited from Afghanistan—sentenced in Manhattan federal court to over 15 years in prison. Media release, 08 OctoberGoogle Scholar
  103. United States Department of Justice (US DoJ) (2007e) Extradited software piracy ringleader pleads guilty. Media release, 20 April. Available at:
  104. United States Department of Justice (US DoJ) (2007f) Fairfield man pleads guilty to attempted receipt and possession of child pornography. Media release 20 February. Available at:
  105. United States Department of Justice (US DoJ) (2007g) Tucson man sentenced to seven years for identity theft and fraudulent use of thousands of credit and debit card numbers. Media release, 10 August.
  106. United States Department of Justice (US DoJ) (2007h) Six defendants indicted for stealing money from bank customers accounts through the internet. Media release, 7 May. Available at:
  107. United States Department of Justice (US DoJ) (2008a) Third defendant pleads guilty in pensacola in global child exploitation enterprise case. Media release, 6 May. Available at:
  108. United States Department of Justice (US DoJ) (2008b) Second defendant pleads guilty in Pensacola in international child exploitation enterprise case. Media release, 28 April. Available at:
  109. United States Department of Justice (US DoJ) (2008c) Idaho man pleads guilty in international child exploitation enterprise case. Media release, 17 April. Available at:
  110. United States Department of Justice (US DoJ) (2008d) 33 individuals in U.S. and Romania indicted in federal RICO case that alleges widespread computer fraud. Media release, 19 May. Available at:
  111. United States Federal Trade Commission (US FTC) (2008) Agency announces settlement of separate actions against retailer TJX, and data brokers Reed Elsevier and Seisint for failing to provide adequate security for consumers’ data. Media release, 27 March. Available at:
  112. United States Secret Service (USSS) (2004) U.S. secret service’s operation firewall nets 28 arrests. Press release, 28 OctoberGoogle Scholar
  113. van Rassel J (2007) ATM skimmers seized in raid. Calgary Herald, 31 MayGoogle Scholar
  114. Vidino L (2007) The hofstad group: the new face of terrorist networks in Europe. Stud Confl Terror 30:579–592CrossRefGoogle Scholar
  115. Vijayan J (2007) Mass. credit union bills TJX $590k for breach-related costs. Computerworld, 6 June. Available at:
  116. Ward M (2006) Anti-cartoon protests go online., 8 February. Available at:
  117. Warner B (2006) Muslim hackers blast Denmark in net assault. PC Pro, 7 February. Available at:
  118. Weimann G (2006) Virtual disputes: the use of the internet for terrorist debates. Stud Confl Terror 29(7):623–639CrossRefGoogle Scholar
  119. Zhuge J, Holz T, Song C, Guo J, Han X, Zou W (2008) Studying malicious websites and the underground economy on the Chinese web. In: Proceedings of the 7th Workshop on the Economics of Information Security, WEIS 2008, Hanover, New Hampshire, June 25–28, 2008Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  1. 1.Australian Institute of CriminologyCanberraAustralia

Personalised recommendations