Abstract
Cybercrime business models are rapidly evolving. It is argued that cyber-criminals closely imitate business models of legitimate corporations. Cybercrime firms and legitimate businesses, however, differ in terms of the important sources of core competence. Legitimate businesses’ core processes are centered around creating the most value for customers. Most cyber-criminals’ core processes, however, involve extorting and defrauding prospective victims and minimizing the odds of getting caught. Cyber-criminals and legitimate businesses also differ in terms of the legitimacy related to regulative institutions and inter-organizational arrangements. This chapter disentangles the mechanisms behind the cybercrime business models and examines the contexts and processes associated with such models.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Acohido, B., & Swartz, J. (2006, October 11). Cybercrime flourishes in online hacker forums. USA Today. http://www.usatoday.com/tech/news/computersecurity/infotheft/2006-10-11-cybercrime-hacker-forums_x.htm. Accessed 27 October 2008.
Aguilar-Millan, S., Foltz, J. E., Jackson, J., & Oberg, A. (2008). The globalization of crime. Futurist, 42(6), 41–50.
Andersen Consulting. (1999). e-Europe Takes off. http://www.ac.com. Accessed 29 November 1999.
Arlen, J. H., & Carney, W. J. (1992). Vicarious liability for fraud on securities markets: Theory and evidence. The University of Illinois Law Review, 691, 724–727.
Australia. Treasury. (2001) Dispute resolution in economic commerce. Canberra: Consumer Affairs Division, Department of the Treasury.
Barkhi, R., Belanger, F., & Hicks, J. (2008). A model of the determinants of purchasing from virtual stores. Journal of Organizational Computing & Electronic Commerce, 18(3), 177–196.
Baumol, W. J. (1990). Entrepreneurship: Productive, unproductive, and destructive. Journal of Political Economy, 98(5), 893–921.
Becker, G. S. (1968). Crime and punishment: An economic approach. Journal of Political Economy, 76, 169–217.
Berger, P. L., & Luckmann, T. (1967). The social construction of reality: A treatise in the sociology of knowledge. New York: Doubleday.
Berinato, S. (2008). Service Economy the cybercrime, breakthrough ideas for 2008. Harvard Business Review, 86(2), 17–45.
Blakely, R., Richards, J., & Halpin, T. (2007, November 10). Cybergang raises fear of new crime wave. The Times (London), 13.
Businessweek.com. (2006, April 24). Your ad here. And here. And here. http://www.businessweek.com/magazine/content/06_17/b3981046.htm. Accessed 27 October 2008.
Cao, L. (2004). The transnational and sub-national in global crimes. Berkeley Journal of International Law, 22(1), 59–97.
Carvajal, D. (2008, April 7). Cybercrime evolves as it grows. The International Herald Tribune, 10.
Cavaglieri, C. (2009, September 27). Four pence – That’s the price of your credit card number, independent.co.uk. http://www.independent.co.uk/money/spend-save/four-pence-ndash-thats-the-price-of-your-credit-card-number-1793741.html. Accessed 27 October 2009.
Chapell, A. (2006, October 13). Re-Evaluating Click Fraud. http://www.imediaconnection.com/printpage/printpage.aspx?id=11361. Accessed 27 October 2008.
Claburn, T. (2008, April 9). The Cybercrime Economy. http://www.informationweek.com/blog/main/archives/2008/04/the_cyber_crime.html. Accessed 27 October 2008.
Clark, K. B., & Fujimoto, T. (1991). Product development performance: Strategy, organization, and management in the world auto industry. Boston: Harvard Business School Press.
Dillman, B. (2007). Introduction: Shining light on the shadows: The political economy of illicit transactions in the Mediterranean. Mediterranean Politics, 12(2), 123–139.
DiMaggio, P. J., & Powell, W. W. (1983). The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48, 147–160.
Edelman, B. (2007, January 25). Why I can never agree with adware and spyware. The Guardian.
Ehrlich, I. (1973). Participation in illegitimate activities: A theoretical and empirical investigation. Journal of Political Economy, 81, 521–565.
Einhorn, B. (2006). Advertisers in China are getting burned, too. Business Week, 4003, 54.
Eisenhardt, K., Martin, M., & Jeffrey, A. (2000, October/November). Dynamic capabilities: What are they? Strategic Management Journal, 21(10/11), 1105–1121.
Espiner, T. (2007, November 9). Infamous Russian malware gang vanishes. CNET News.com. http://news.cnet.com/Infamous-Russian-malware-gang-vanishes/2100-7355_3-6217852.html Accessed 27 October 2009.
Etges, R., & Sutcliffe, E. (2008). An overview of transnational organized cyber crime. Information Security Journal: A Global Perspective, 17(2), 87–94.
Foreign Policy. (2005, March/April). Caught in the net: Australian teens, 92.
Freeman, S., Grogger, J., & Sonstelie, J. (1996). The spatial concentration of crime. Journal of Urban Economics, 40(2), 216–231.
GAO Reports. (2007, June 22). Public and private entities face challenges in addressing cyber threats. RPT-number: GAO-07-705.
Ghose, A. (2009). Internet exchanges for used goods: An empirical analysis of trade patterns and adverse selection. MIS Quarterly, 33(2), 263–291.
Glaser, D. (1971). Social deviance. Chicago, IL: Markham.
Gleeson, S. (2008). Superhacker convicted of international cyber crime, April 2. http://www.nzherald.co.nz/category/story.cfm?c_id=30&objectid=10501518.
Gohring, N. (2008, June 25). Woman gets two years for aiding Nigerian internet check scam. PC World. http://www.pcworld.com/businesscenter/article/147575/woman_gets_two_years_for_aiding_nigerian_internet_check_scam.html. Accessed 27 October 2008.
Graft, M. (2000). Cyber threats and the U.S. economy: Hearing before the joint economic committee on Cyber Threats and the US Economy, The One Hundred Sixth United States Congress.
Gregg, D. G., & Scott, J. E. (2008, April). A typology of complaints about ebay sellers. Communications of the ACM, 51(4), 69–74.
Grimes, B. (2001, July 31). The right ways to protect your net. PC World. http://www.pcworld.com/howto/article/0,aid,56423,00.asp. Accessed 27 October 2005.
Grow, B., Elgin, B., & Herbst, M. (2006, October 2). Click fraud. Business Week, 4003, 46.
Hall, J., & Rosson, P. (2006). The impact of technological turbulence on entrepreneurial behavior, social norms and ethics: Three Internet-based cases. Journal of Business Ethics, 64(3), 231–248.
Hamel, G. (2002). Leading the revolution. Boston: Harvard Business School Press.
Hampton, M. P., & Levi, M. (1999). Fast spinning into oblivion? Recent developments in money-laundering policies and offshore finance centres. Third World Quarterly, 20(3), 645–656.
Helfat, C. E. (1997). Know-how and asset complementarity and dynamic capability accumulation. Strategic Management Journal, 18(5): 339–360.
Hirshleifer, J. (1971). The private and social value of information and the reward to inventive activity. American Economic Review, 61, 561–574.
Hirshleifer, J., & Riley, J. G. (1979). The analytics of uncertainty and information: An expository survey. Journal of Economic Literature, 17, 1375–1421.
ITPRO. (2008). RSA 2008 – Spamming a shadow economy. http://www.itpro.co.uk/blogs/maryb/2008/04/10/rsa-2008-spamming-a-shadow-economy. Accessed 27 October 2009.
Katyal, N. K. (2001). Criminal law in cyberspace. University of Pennsylvania Law Review, 149(4), 1003–1114.
Koopmans, T. (1957). Three essays on the state of the economic science. New York: McGraw-Hill.
Kotler, P., & Armstrong, G. (2005). Principles of marketing. NJ: Prentice Hall.
Krebs, B. (2007). Taking on the Russian Business Network, October 13, 2007. http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_business.html. Accessed 27 October 2008.
Kshetri, N. (2005). Hacking the Odds. Foreign Policy, May/June, 93.
Kshetri, N. (2009). Entrepreneurship in post-socialist economies: A typology and institutional contexts for market entrepreneurship. Journal of International Entrepreneurship, 7(3), 236–259.
Lawrence, T. B., & Phillips, N. (2004). From Moby Dick to Free Willy: Macro-cultural discourse and institutional entrepreneurship in emerging institutional fields. Organization, 11, 689–711.
Lovet, G. (2006). Dirty money on the wires: The business models of cyber criminals. Virus Bulletin Conference.
Lynn, M. (2006, October 7). Why Google has already passed its peak. The Spectator.
Machlup, F. (1962). The production and distribution of knowledge in the United States. Princeton, NJ: Princeton University Press.
Marketing. (2006, July 19). Media Analysis: Click fraud rears its head.
Metropolitan Police. (2006). Criminal networks, a new approach. London: Metropolitan Police.
Milyan, A. (2007, May 14). Developing click fraud standards: Q&A with Tom Cuthbert l Click Forensics. http://www.searchmarketingstandard.com/articles/2007/05/developing-click-fraud-standards-qa-with-tom-cuthbert-l-click-forensics.html. Accessed 27 October 2008.
Mittelman, J. H., & Johnston, R. (1999). The globalization of organized crime, the courtesan state, and the corruption of civil society. Global Governance, 5(1), 103–126.
Moses, A. (2009, August 18). Hackers break into police computer as sting backfires. The Age. http://www.theage.com.au/technology/security/hackers-break-into-police-computer-as-sting-backfires-20090818-eohc.html. Accessed 27 October 2008.
Motlogelwa, T. (2007, October 5). Cyber crime law gets teeth. mmegi Online. http://www.mmegi.bw/index.php?sid=1&aid=30&dir=2007/October/Friday5. Accessed 27 October 2009.
Naím, M. (2005). Illicit: How smugglers, traffickers, and copycats are hijacking the global economy. New York: Doubleday.
Naylor, R. T. (2005, Winter/Spring). The rise and fall of the underground economy. Brown Journal of World Affairs, 11(2), 131–143.
Nordstrom, C. (2004). Shadows of war: Violence, power, and profiteering in the twenty-first century. Berkeley: University of California Press.
Paoli, L., & Fijnaut, C. (2006). Organized crime and its control policies. European Journal of Crime, Criminal Law & Criminal Justice, 14(3), 307–327.
Paoli, L. (2001). Drug trafficking in Russia: A form of organized crime? Journal of Drug Issues, 31(4), 1007–1037.
Pearce, J. A. (1982, Spring). The company mission as a strategic tool. Sloan Management Review, 23(3), 15–24.
publictechnology.net. (2008). The latest Cybercrime Business Model... Crimeware-as-a-Service, 11 April. http://www.publictechnology.net/modules.php?op=modload&name=News&file=article&sid=15173. Accessed 27 October 2008.
Rodier, M. (2007). Thwarting Hackers; As hacking increases, experts say firms must use a blend of multifactor authentication, risk analysis and people to protect themselves. Wall Street & Technology, October 1, 17.
Security Director’s Report. (2007, July). Cybercrime in 2007–2008. 7(7), 8.
Simon, H. A. (1957). Models of men, social and rational. New York: Wiley and Sons.
Sjoquist, D. L. (1973). Property crime and economic behavior. American Economic Review, 63, 439–446.
sophos.com. (2008, 22 January). Sophos security threat report reveals cybercriminals moving beyond Microsoft. http://www.sophos.com/pressoffice/news/articles/2008/01/security-report.html. Accessed 27 October 2008.
Sutherland, B. (2008). The rise of black market data; Criminals who steal personal data often don’t exploit it. Instead, they put it up for sale on one of the many vibrant online markets. Newsweek, 152(24), (International ed.).
Symantec. (2007, September 17). Symantec reports cyber criminals are becoming. http://www.prwire.com.au/pdf/symantec-reports-cyber-criminals-are-becoming-increasingly-professional. Accessed 27 October 2008.
Teece, D., Gary, P., & Amy, S. (1997). Dynamic capabilities and strategic management. Strategic Management Journal, 18(7), 509–533.
Thomson, I. (2008). Malware mimicking legitimate business: R&D budgets, outsourcing models and support services. Vnunet.com, 08 Apr. http://www.vnunet.com/vnunet/news/2213747/malware-mimicking-legitimate. Accessed 27 October 2008.
Tillman, R. (1998). Broken promises: Fraud by small business health insurers. Boston: Northeastern University Press.
US Fed News Service, Including US State News. (2008, May 19). 38 Individuals in US, Romania charged in two related cases of computer fraud involving international organized crime. Washington, DC.
Viano, E. C. (1999). Global organized crime and international security. Burlington, VT: Ashgate Publishing.
Vidyasagar, N. (2004). India’s secret army of online ad ‘clickers’. http://timesofindia.indiatimes.com/articleshow/msid-654822,curpg-1.cms. Accessed 27 October 2008.
Warner, M., & Daugherty, C. W. (2004). Promoting the ‘civic’ in entrepreneurship: The case of rural Slovakia. Journal of the Community Development Society, 35(1), 117–135.
Warren, P. (2007, November 15). Hunt for Russia’s web criminals, The Russian Business Network – Which some blame for 60% of all internet crime – Appears to have gone to ground. The Guardian. http://www.guardian.co.uk/technology/2007/nov/15/news.cri. Accessed 27 October 2009.
Williamson, O. E. (1975). Markets and hierarchies: Analysis and antitrust implications. New York: Free Press.
Williamson, O. E. (1985). The economic institutions of capitalism. New York: Free Press.
Wurth, A. H., Jr. (1992/1993). Policy information or information policy? Information types in economics and policy. Knowledge & Policy, 5(4), 65–81.
Wylie, I. (2007). Internet; Romania home base for EBay scammers; The auction website has dispatched its own cyber-sleuth to help police crack fraud rings. Los Angeles Times, C.1.
Zahra, S., & George, G. (2002). Absorptive capacity: A review, reconceptualization, and extension. The Academy of Management Review, 27(2), 185–203.
Zazzaro, A., Fratianni, M., & Alessandrin, P. (2009). The changing geography of banking and finance. Chapter 3: Financial centers between centralization and virtualization. New York: Springer US.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Kshetri, N. (2010). Institutional and Economic Foundations of Cybercrime Business Models. In: The Global Cybercrime Industry. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11522-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-11522-6_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11521-9
Online ISBN: 978-3-642-11522-6
eBook Packages: Business and EconomicsBusiness and Management (R0)