Misha Glenny is an associate of the SecDev Group whose books include DarkMarket: How Hackers Became the New Mafia and McMafia: A Journey Through the Global Underworld, the TV adaptation of which debuts on AMC in February.
When I was at university, if you wanted to score some drugs, after several cryptic phone calls and conversations with your mates, you had to run the gauntlet of dark alleys and dodgy characters standing shiftily on street corners while both vendor and buyer kept a wary eye out for passing police cars and undercover cops.
It's all so much easier these days. School and college students buy their drugs online, and these then arrive either via courier or in the mail. Peer reviews on dark-web sites have led to a lowering of prices and an increase in purity of drugs such as cocaine. It is an efficient and, on the whole, stress-free operation.
Organized crime has changed so fundamentally in quantitative and qualitative terms over the past 30 years that it is extremely hard if not impossible for law-enforcement agencies and politicians to keep up with the developments. The emergence of dark-web sites selling drugs is just one of the many ways in which digital culture is making a significant impact on the world of organized crime.
Interestingly, it has taken a lot longer to begin its disruptive effects on mafia business than it has on other industries. For a long time, traditional mafia groups and cybercriminals had very little to do with each other. That is now changing as the two criminal cultures are beginning to merge.
Illustration by Bryan Gee
During their evolution, these discrete phenomena have sought to interact with and appropriate the mechanisms of global capitalism as well as the shortcomings of both liberal democracy and autocratic governments.
Global criminal networks began to expand dramatically almost two decades before cybercrime became a serious issue. Two events were key in promoting the growth of hundreds of transnational criminal pathways into an opaque network spanning the world: the deregulation of controls on capital movement in the Anglo-American sphere in the 1980s, and the emergence of a temporary but vast lawless zone between 1989 and 1991 following the collapse of communism.
This stretched from the Sino-Russian border in the East to the Yugoslav-Austrian border in the West. For the first time in history, every single country – even isolated ones such as North Korea – was drawn into global flows of illicit goods and service.
Then, around the dawn of the new millennium, another nexus of criminal networks started to emerge. Cybercrime began modestly in the 1990s with so-called "script kiddies" – young hackers who defaced websites or erased people's data on computers for fun. In a short space of time, some had evolved into protocriminals, establishing websites where the denizens of this embryonic virtual underworld could trade huge volumes of stolen credit and debit-card data.
Within the past five years, cybermalfeasance has reached industrial proportions. The hackers, programmers, social engineers and money mules keep office hours and often deploy advanced targeting techniques against companies and individuals. The most spectacular hack so far saw the central bank of Bangladesh lose US$81-million to what security researchers have claimed was a North Korean group. Ocean's 11 and other standard heist movies are set to become a quaint memory.
The two criminal cultures, traditional and digital, developed in parallel. The managers and foot soldiers of the drug cartels or the people traffickers had never been associated with mass credit-card fraud, systematic identity theft or ransomware.
There is a simple reason why they remained apart. At the heart of traditional mafias lies the protection of markets. Sometimes these are licit markets, such as restaurants, targeted by a protection racket; more often they are illicit, such as the drug trade. But to protect markets, whether from your competitors or from the police, you have to be able to do one thing: deploy decisive violence. Without that, you don't get through the front door.
Cybercrime was a revolutionary development. For the first time, individuals and gangs were able to use an instrument for committing major crimes, which could lead to devastating financial and personal consequences for the victim, without having to resort to violence. You can plan an attack in Kazakhstan against a target in Los Angeles and then cash it out in Dubai. You do not need a virtual baseball bat to ward off any competitors or the cops.
The implications of this are profound. Most importantly, people involved in cybercrime have very little in common with their peers in traditional organized crime. There is little call for thick-necked thugs or hit men. Cybercriminals develop their skills at a younger age, usually between the ages of 12 and 15; they come from all social classes, countries and ethnicities; and they can generally boast a much higher level of educational achievement than mafia members. The one thing they share is gender: Ninety-six per cent of cybercriminals, according to the United Nations' Hackers Profiling Project, are male, which is comparable to most organized crime syndicates.
As cybercrime spread in the first years of the new century, traditional organized crime bosses treated it with disdain. Recka, a Swedish hacker I have interviewed, came from a traditional organized crime family in Malmo. He had become involved in "carding," the trade in stolen credit cards. He attempted to persuade his father and the gang's other associates to set up a cyberdivision alongside their extortion and drug operations. The leadership dismissed the youngster, arguing that these newfangled ways were not worthy of a well-established criminal organization.
But today's incoming bosses are different: They are digital natives and have a much better grasp of the advantages that cybercrime can offer. In March last year, Europol, the EU's co-ordinating law-enforcement agency, revealed in its annual crime-threat report what it now spends most of its time trying to understand and combat: the digitization of organized crime.
European police forces first spotted this trend as far back as 2013, when Belgian police arrested members of a traditional Dutch-Turkish drug gang who had recruited (or coerced) two hackers to break into a port's computer system using a phishing attack. Once in, the gang was able to track all the shipping containers going in and out of the port and issue permits to take containers they knew were carrying cocaine from South America.
Nowadays, gangs specializing in burglary will case a whole street of potential victims by sending up drones, monitoring the residents' comings and goings using cameras and social-media accounts and timing their attacks accordingly. It's only a matter of time before they work out how to get Alexa to reveal the code to the burglar alarm.
Police are seeing this across all crime sectors – people trafficking where refugees are given SIM cards to assist their passage across borders; the rise of bitcoin and other cryptocurrencies to trade in illicit goods; the ubiquitous use of encrypted messaging services in the trade in endangered wildlife species; and above all, the distribution of recreational and prescription drugs.
In the short term, two policy issues and one policing issue will determine whether the flow of large-scale criminal activity can be stanched. First, offshore tax jurisdictions should be required, in all cases, to publish the beneficial ownership of any shell company that is formed. Governments have been reluctant to grasp this nettle because so many influential and licit corporations find these havens useful for avoiding taxes. But for criminal syndicates, they are integral to their money-laundering operations.
Second, governments should support investigations into major corruption scandals, such as the one that has been shaking Brazil to its very core in the past three years. The relationship between corrupt politicians, organized crime and licit corporations seeking to engage in illegal activity is a central mechanism driving the disastrous inequality that French economist Thomas Piketty described so well in his book Capital.
Law-enforcement agencies are working hard, on the whole, to keep pace with the internet's impact on organized crime. But just as there is a dearth around the world of competent cybersecurity engineers, so do the police have difficulty attracting recruits with the requisite hacking and security skills to combat cybercrime groups, which often enjoy the tacit or active support of state security apparatuses.
Crime is a curious parasite. It needs to suck blood from its host to weaken it – without allowing the host to die. But profits from crime and corruption are increasing, and the greed this generates is hard to rein in. In an age of austerity, after the financial crash of 2008, and at a time when hackers are getting ever closer to crippling critical parts of national infrastructures, the world needs to develop a proper strategy for dealing with the issue.
Misha Glenny is speaking at the Phil Lind Initiative in US Studies series on the future of the liberal order at UBC's School of Public Policy and Global Affairs.