3

We had a small presentation by my colleagues on 'Organized Cyber Crime' and they presented the topic with a supporting case on The Ashley Madison Hack. Well, I disputed the case presentation by saying that the hack was more of a "targeted attack" rather than an "organized crime" incident. They disputed by saying that the hacker group The Impact Team had the following:

  1. A clear plan in place to execute the hack and breach data
  2. An internal structure of command and control.
  3. Performed a 'cyber crime'.

I do not think that the hack was an 'organized crime' attempt. I link this concept more to the underground illicit activities like money laundering or narcotics or weapons. It should be more of a national issue I think. I want to ask the following questions:

  • If my colleagues are right.. Then would you call all hacker groups as organized crime groups?
  • Would one exactly associate 'organized cyber crime' with contexts to hacks like Sony or Ashley Madison, since all of them require co-ordinated efforts and execution?

Thanks for your help.

user2339071
  • 271
  • 1
  • 8
  • 1
    I would think that Organized Crime would require a monetization plan, which we haven't seen in Ashley Madison. Crime doesn't pay, but Organized Crime doesn't work for free. – gowenfawr Sep 06 '15 at 06:33
  • They stole credit card information as well. They would use that as a monetization method. Check : http://www.wired.com/2015/09/dangers-looking-ashley-madison-hack-infographics/ – user2339071 Sep 06 '15 at 07:26
  • 1
    I don't really understand your question, it seems to be based on a false dichotomy: these terms are not mutually exclusive, rather they are orthogonal to each other. Specifically, "organized crime" is a legal / law enforcement term, whereas "targeted attack" (in this case) is an InfoSec / inforisk term. OC could be doing both targeted and untargeted; a single, non-organized person can likewise do both. – AviD Sep 06 '15 at 15:04
  • 1
    Also, organized crime today is no longer necessarily limited to national borders. – AviD Sep 06 '15 at 15:05
  • 1
    Lastly, re @gowenfawr's comment on monetization - you're not wrong (though in fact there were originally some reports of potential blackmail == very lucrative), but then again it is not always JUST about the payout: sometimes *the family* needs to "send a message" (i.e. flex their muscles to threaten others...) – AviD Sep 06 '15 at 15:07
  • 1
    @user2339071, they stole credit card information but they did not monetize it. If they wanted to make money, they'd sell the cards to a carding site. What they did do - release the info - is the opposite, as it makes the card numbers useless for sale because they can be looked up by everyone and the banks can cancel the cards before they're abused. I've seen no indications the blackmail reports trace back to the initial attackers; it's just remoras coming to feed on the data dump. – gowenfawr Sep 06 '15 at 19:21
  • The problem with this case in particular is that not all the facts are known and much of what has been reported is conjecture and hyperbole. – TheJulyPlot Sep 07 '15 at 08:48

1 Answers1

3

I have a lot of experience with this subject and it probably meets the requirements of what can be defined as 'organised crime'. I'm going to drop the word 'cyber' as it is implied by the type of crime it is

There is no single legal definition of what that means. But in general the following requirements are usually met; the crime is serious, planned, coordinated and perpetrated by individuals working together in a ongoing basis.

Without knowing all the facts, (no one does) this is probably organised crime, as there appears to be evidence of each of the above requirements.

It will be down to the authority conducting the investigation to produce an evidential case that they can take to court and gain convictions.

Convictions on what, will be down to legal teams and lawyers. This would need to be done before we can really define this as organised crime, even then it could be difficult to define. For example; there have been cases of terror legislation being used against various computer misuse cases in which the perpetrators definitely were not terrorists.

It is a gray area, but for the purposes and standards required for a presentation, I would say on the face of it, the Ashley Madison case passes the test to be labelled organised crime. Even if it does not meet the definition of what many would consider traditional organised crime, which in itself has a morphing and evolving definition.

Regardless it is definitely a serious crime so it will fall under the same/similar remit.

TheJulyPlot
  • 7,669
  • 6
  • 30
  • 44