The Money Mule: Its Discursive Construction and the Implications

The proceeds of cybercrime are typically laundered by money mules--people used by criminal organizations to interrupt the financial paper trail by transferring money for the criminals. This Article analyzes the discursive construction of the money mule in documents of national and international anti-money laundering authorities such as Financial Intelligence Units (FIUs), Europol, and the Financial Action Task Force (FATF). It shows how case study narratives, visualizations, and metaphors contribute to an understanding of the money mule as an innocent victim of organized crime networks from West Africa and Eastern Europe, supported by money remittance companies like Western Union. These constructions have several implications: First, they make awareness-raising campaigns the key policy response at home (i.e., in countries in the North and West). Second, they imply a policy reaction of playing tough with sovereigns on the margins of the law deemed abroad (i.e., countries in the South and East). And third, they direct blame and responsibility towards financial transmitters, but they let banks get away

Adversarial behaviours knowledge area

The technological advancements witnessed by our society in recent decades have brought improvements in our quality of life, but they have also created a number of opportunities for attackers to cause harm. Before the Internet revolution, most crime and malicious activity generally required a victim and a perpetrator to come into physical contact, and this limited the reach that malicious parties had. Technology has removed the need for physical contact to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio

Criminal networks in a digitised world: on the nexus of borderless opportunities and local embeddedness

This article presents the results of empirical analyses of the use of information technology (IT) by organized crime groups. In particular, it explores how the use of IT affects the processes of origin and growth of criminal networks. The empirical data presented in this article consist of 30 large scale criminal investigations into organized crime, including traditional organized crime, traditional organized crime in which IT is an innovative element, low tech cybercrimes and high tech cybercrimes. Networks involved in cybercrimes or traditional crimes with an innovative IT element can be characterized as a mixture of old school criminals that have a long criminal career, and a limited number of technically skilled members. Furthermore, almost all cases have a local dimension. Also the cybercrime cases. Dutch sellers of drugs on online marketplace, for example, mainly work for customers in the Netherlands and surrounding countries

Money talks money laundering choices of organized crime offenders in a digital age

In this explorative study we provide empirical insight into how organized crime offenders use IT to launder their money. Our empirical data consist of 30 large-scale criminal investigations into organized crime. These cases are part of the most recent, fifth data sweep of the Dutch Organized Crime Monitor (DOCM). We do not focus on cybercrime alone. Instead, we explore the financial aspects of criminal operations in a broad range of types of organized crime, i.e. from ‘traditional’ types of organized crime, such as offline drug smuggling, to cybercrime. Regarding the spending of criminal proceeds (consumption and investment), the analyses show several similarities and no major differences between traditional crime and cybercrime. When it comes to concealing criminal earnings (money laundering), we do see important differences. Financial innovation, such as the use of cryptocurrencies, seems to be limited to cases of IT-related crime. One of the most striking similarities between cybercrime and traditional crime is the offenders’ preference for cash. In the analysed cases, malware and phishing offenders as well as online drug traffickers change their digital currencies for cash, at least in part

Phishing schemes - typology and analysis in Serbian cyber space

Purpose: The purpose of this paper is to identify and describe various factors for understanding criminal behaviour involved in phishing and to provide advice in the areas of security, criminal procedure, and victimology. Design/methodology/approach: The project combined several qualitative and quantitative techniques such as interviews and surveys, as well as content analysis. Findings: Several categories of subjects were identified: those who are aware of some scientific achievements in this field and who feel increasingly apprehensive about the disclosure of private information; those who are not prepared to readily incorporate scientific progress in similar fields; the third category includes staff members who do not embrace all new measures in the fight against this type of cybercrime. The participants could also be categorized on the basis of their inclination to recognize new forms and types of phishing: some are aware of new forms and can recognize them as soon as they emerge locally; others cannot do so. Research limitations/implications: To allow findings to be generalized, future research should include measures that could specify additional means to be used by members of a wider representative group, such as tools, materials, educational and course modules, implemented during training. Practical implications: This research represents a useful source of information for method implication in combating phishing schemes, and for detecting new emerging forms and types of cybercrime promptly, as well as new social engineering methods to facilitate it. Originality/value: This paper should be of particular interest to forensic specialists, in the analysis of crime scene behaviour and of methods phishers use in luring their victims