News / The people attacking your business couldn’t be better organised

We’ve said previously in our blogs that after an attack perhaps the last thing you worry about is who was behind the crime. Once it has happened most organisations worry about damage limitation than the unlikely prosecution of those responsible.

One reason why cyber crime is so attractive to organised criminal groups (OCG) is they know how hard it is to get convictions. In many parts of the world where OCGs are based, the authorities hardly bother to investigate, while in the UK those hackers caught tend to lone teenagers, attached to the thrill of hacking rather than monetary gain.

The UK authorities are further frustrated by the fact that OCGs attacking British businesses are largely based overseas and protected by the continuing lack of international cooperation on cybercrime from major nations.

To its credit, the UK government is more proactive than most. A new report from the its National Cyber Security Centre (NCSC) gives some useful insight into how the cyber wings of the OCGs operate.

For if nothing else, the organisation of these cyber groups within the criminal gangs is impressive. At the top is the Team Leader, who in the report’s words: “keeps everyone in check” – but perhaps with a tad more menace than his or her law abiding equivalent in the enterprise world.

But it’s the structure below that gets more interesting. For according to the report there are malware developers, network administrators, intrusion specialist and data miners.

At the end of the chain, but probably of greatest importance are the Money Specialists. The report explains: “Once an OCG has clean data, they can ‘monetise’ it. A money specialist can identify the best way to make money from each type of dataset. This could be selling in bulk to trusted criminal contacts, or by using specialist online services.”

It’s not a stretch to describe this as almost an enterprise level crime structure. The gangs also have the ability to hire and fire at will, and their only overheads and costs are those of the technology and malware they invest in. The also have a level of cooperation and communication between hacker groups via the dark web, that those of us on the side of the angels can only dream about.

The groups also know how to deal with the cash they steal. They employ money mules and mule herders to launder stolen money through thousands of bank accounts, landing eventually overseas and into the hands of the OCG.

They use the dark web to sell on stolen data including something called an “Automated Vending Cart (AVC) where data can be bought in bulk with digital currencies such as Bitcoin.”

Of course like most things in life, it is those at the top that always reap the greatest rewards. The report makes a very good and welcome assertion that making huge piles of cash out of cybercrime is actually difficult for the majority of the foot soldiers doing the dirty work on the front line, who also take the greatest risk of being caught.

While they siphon cash and date to their paymasters – who invariably will be involved in many more types of, no doubt very nasty, criminal activity – the foot soldiers have to work almost full time to make money.

This report is well worth reading – but of course your priority must remain keeping these highly organised groups away from your business. Read the report here. 


  • PLUS
  • Certified Information Systems Security Professional
  • PCi
  • Information Security Management System - ISO Certified
  • Cisco Certified CCIE
  • Centre for Internet Security
  • TOGAF 9
  • HM Government G-Cloud Supplier
  • crest

Get in touch