The evolution of serious and organised crime: the diversifying nature of criminal operations in the digital age
30 Sep 2020

Organised crime groups (OCGs) have evolved and adapted techniques designed to facilitate criminal activities, evade detection and enable criminal enterprise to endure. The National Crime Agency’s (NCA) national strategic assessment of serious and organised crime (SOC) 2020 reports that SOC continues to have more impact on UK citizens than any other national security threat, and estimates that the social and economic cost of SOC to the UK is in excess of £37 billion per year. This global threat has been further exacerbated by the Covid-19 pandemic and criminals have been quick to seize opportunities presented by the unprecedented crisis.

The convergence of the physical and digital world over the past 20 years has resulted in variations in criminal activity. Digital and mobile technology is rapidly evolving which has fundamentally changed the global business landscape. Increased global connectivity has presented new ways of doing business with the creation of 24-7 digital banking platforms, virtual stores and companies together with the evolution of the internet of things (IOT) and crypto-assets. This clearly presents opportunity for legitimate business and digital entrepreneurship to thrive. However, where there is opportunity there too comes threat. Advancements in the digital age have also created chances for criminal innovation to prosper further, with Europol’s IOCTA 2019 reporting that cybercrime continues to mature and become more audacious.

Owing to human and business dependence on the internet, in recent years there has been an exponential rise in cyber-enabled fraud, also referred to as cyber fraud. The Crown Prosecution Service (CPS) defines fraud as ‘the act of gaining a dishonest advantage, often financial, over another person’. They further define cyber-enabled crimes as ‘crimes which do not depend on computers or networks but have been transformed in scale or form by the use of the internet and communications technology’. Within England and Wales fraud is now the most commonly experienced crime. A report on the fraud crime trends published by the City of London Police shows that 822,276 reports were received for 2019-20, amounting to a £2.3bn loss with 85% of reported fraud being cyber-enabled. Due to the clandestine nature of crime, conflicting definitions and underreporting, the likelihood is that the number of incidents and associated losses is actually much greater than this figure, demonstrating the immense scale of the threat.

It is clear that the convergences between cyber, economic and organised crime has catalysed a crime evolution. Cybercrime is a profitable market with low barriers to entry. For example, investment fraud relies on social engineering techniques (the mechanisms by which online deception is used to extract information) and can be highly lucrative. One investigation revealed that a European OCG generated profits of up to EUR 3 billion from the activity. The CPS reports that cyber-enabled fraud is possibly the most common of all cybercrime offences, and given the recent statistics, fraud is more likely than not to be cyber-enabled.

Cyber fraud has negative societal and economic consequences and is a primary enabler for cyber-attacks against the public and private sector, often motivated by financial gain. Acquired profits need to be laundered and integrated into the legitimate economy. The World Economic Forum’s Regional Risks for Doing Business 2019 report highlights the scale of the digital threats to the global ecosystem, with the world’s enterprise leaders ranking cyberattacks as the second-most significant threat to their businesses, after the threat of a fiscal crisis but before governmental breakdown or violent conflicts.

For criminals, operating in cyberspace is advantageous for a number of reasons;

  • The internet allows offenders to conceal their identities, hiding behind temporary and shared IP addresses, and exploiting proxy servers to obfuscate the origins of an attack.
  • It facilitates constant global access to networks and data; yet law enforcement agencies and governments remain restricted by national boundaries and have challenging resource constraints.
  • Perpetrators can operate transnationally, persistently targeting copious victims (individuals and organisations) to gain increased profits.
  • When physical movements are restricted, as by Covid-19, diversified criminal business operations can be sustained to maintain a source of income.

Criminals can extend their activities to cyberspace easily and without great investment. OCGs whom may seek to become agile and diversify to cyber-related activity do not themselves require the technical knowledge or skills to execute the crime. Cybercriminals offer everything necessary to arrange a cyber fraud or to conduct a cyber-attack, with terms such as attacks-as-a-service, malware-as-a-service and fraud-as-a-service commonly used to describe the practice of facilitating illegal activities for cybercriminals through the provisioning of services. This makes cybercrime an attractive and viable option for sophisticated OCGs operating in more physical dependant crime-types. For example, it has been reported that Mexican drug trafficking organisations are increasingly demonstrating a desire to benefit financially from cyber-crime, tempted by the high profits and minimal risks.

By Kate Wilson, RUSI, 28 September 2020

Read more at RUSI

RiskScreen: Eliminating Financial Crime with Smart Technology

Count this content towards your CPD minutes, by signing up to our CPD Wallet