Organized Financial Cybercrime: Criminal Cooperation, Logistic Bottlenecks, and Money Flows

  • E. R. (Rutger) LeukfeldtEmail author
  • E. W. (Edwin) Kruisbergen
  • E. R. (Edward) Kleemans
  • R. A. (Robert) Roks
Living reference work entry


This chapter provides an overview of what we know about organized forms of cybercrime executed with a financial goal. First, criminal cooperation is covered. We discuss recent insights into the structure, composition, and mechanisms of origin and growth. Second, bottlenecks in the criminal business process and criminal money flows are described. Every criminal business process entails logistical bottlenecks: logistical problems that must be resolved to ensure the successful execution of criminal activities. One major bottleneck is safely spending illegally obtained money without drawing the attention of the authorities. After all, when it comes to financial cybercrime, the goal of criminals is gaining financial benefits. Finally, in the last section of this chapter, several overarching conclusions about organized forms of cybercrime are presented.


Cybercriminal network Criminal network Organized crime Cybercrime Dark web 


  1. Ablon, L., Libicki, M.C., & Golay, A.A. (2014). Markets for cybercrime tools and stolen data. Hackers’ Bazaar. RAND:
  2. Aldridge, J., & Décary-Hétu, D. (2014). Not an ‘eBay for drugs’: The cryptomarket ‘Silk Road’ as a paradigm shifting criminal innovation., geraadpleegd April 2018.
  3. Anderson, R., Barton, C., Bohme, R., Clayton, R., van Eeten, M., Levi, M., & Moore, T. (2012). Measuring the cost of cybercrime. Presented at the Workshop on the Economics of Information Security (WEIS), Berlin, Germany. Retrieved from
  4. Andresen, M. A., & Felson, M. (2010). Situational crime prevention and co-offending. Crime Patterns and Analysis, 3(1), 3–13.Google Scholar
  5. Bijlenga, N., & Kleemans, E. R. (2018). Criminals seeking ICT-expertise: An exploratory study of Dutch cases. European Journal of Criminal Policy and research. Scholar
  6. Bouchard, M., & Morselli, C. (2014). Opportunistic structures of organized crime. In L. Paoli (Ed.), The Oxford handbook of organized crime. Oxford/New York: Oxford University Press.Google Scholar
  7. Broadhurst, R., Grabosky, P., Alazab, M., & Chon, S. (2014). Organization and cyber crime: An analysis of the nature of groups engaged in cyber crime. International Journal of Cyber Criminology, 8(1), 1–20.Google Scholar
  8. Bulanova-Hristova, G., Kasper, K., Odinot, G., Verhoeven, M., Pool, R., Poot, C. de, Werner, W., & Korsell, L. (Eds.) (2016). Cyber-OC - Scope and manifestations in selected EU member states. Wiesbaden: Bundeskriminalamt.Google Scholar
  9. Christin, N. (2012). Traveling the silk road: A measurement analysis of a large anonymous online marketplace. Pittsburgh: Carnegie Mellon University.CrossRefGoogle Scholar
  10. Chu, B., Holt, T. J., & Ahn, G. J. (2010). Examining the creation, distribution, and function of malware on-line. Technical Report for National Institute of Justice. NIJ Grant No. 2007-IJ-CX-0018. Available at
  11. Décary-Hétu, D., & Dupont, B. (2012). The social network of hackers. Global Crime, 13(3), 160–175.CrossRefGoogle Scholar
  12. Décary-Hétu, D., & Dupont, B. (2013). Reputation in a dark network of online criminals. Global Crime, 14(2–3), 175–196.CrossRefGoogle Scholar
  13. Décary-Hétu, D., Morselli, C., & Leman-Langlois, S. (2012). Welcome to the scene: A study of social organization and recognition among warez hackers. Journal of Research in Crime and Delinquency, 49(3), 359–382.CrossRefGoogle Scholar
  14. Dhanjani, N., & Rios, B. (2008). Bad sushi: Beating phishers at their own game. Paper presented at the Annual Blackhat Meetings. Las Vegas.Google Scholar
  15. Dupont, B., Côté, A. M., Savine, C., & Décary Hétu, D. (2016). The ecology of trust among hackers. Global Crime, 17(2), 129–151.CrossRefGoogle Scholar
  16. Dupont, B., Côté, A. M., Boutin, J. L., & Fernandez, J. (2017). Darkode: Recruitment patterns and transactional features of “the Most Dangerous Cybercrime Forum in the World”. American Behavioral Scientist. Scholar
  17. Edwards, A., & Levi, M. (2008). Researching the organization of serious crimes. Criminology and Criminal Justice, 8(4), 363–388.CrossRefGoogle Scholar
  18. EMCDDA (European Monitoring Centre for Drugs and Drug Addiction). (2016). The internet and drug markets. Luxemburg: Publications Office of the European Union.Google Scholar
  19. EMCDDA (European Monitoring Centre for Drugs and Drug Addiction) & Europol. (2017). Drugs and the darknet: Perspectives for enforcement, research and policy. Luxemburg: Publications Office of the European Union.Google Scholar
  20. European Police Office (Europol) (2015). Why is cash still king? A strategic report on the use of cash by criminal groups as a facilitator for money laundering. Trends in Organized Crime, 18: 355–379.Google Scholar
  21. Felson, M. (2003). The process of co-offending. In M. J. Smith & D. B. Cornish (Eds.), Theory for practice in situational crime prevention (Vol. 16, pp. 149–168). Devon: Willan Publishing.Google Scholar
  22. Felson, M. (2006). The ecosystem for organized crime (HEUNI paper nr 26). Helsinki: HEUNI.Google Scholar
  23. Franklin, J., Paxson, V., Perrig, A., Savage, S. (2007). An inquiry into the nature and cause of the wealth of internet miscreants. Paper presented at CCS07, October 29–November 2, 2007 in Alexandria.Google Scholar
  24. Grabosky, P. (2007). The internet, technology, and organized crime. Asian Criminology, 2(2), 145–161.CrossRefGoogle Scholar
  25. Herley, C., & Florencio, F. (2009). Nobody sells gold for the price of silver: Dis-honesty, uncertainty and the underground economy. Redmond: Microsoft. Microsoft TechReport nr. MSR-TR-2009-34.Google Scholar
  26. Holt, T. J. (2007). Subcultural evolution? Examining the influence of on- and off-line experiences on deviant subcultures. Deviant Behavior, 28(2), 171–198.CrossRefGoogle Scholar
  27. Holt, T. J. (2013). Exploring the social organisation and structure of stolen data markets. Global Crime, 14(2–3), 155–174.CrossRefGoogle Scholar
  28. Holt, T. J., & Kilger, M. (2008). Techcrafters and makecrafters: A comparison of two populations of hackers. 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing, 67–78.Google Scholar
  29. Holt, J. T., & Lampke, E. (2010). Exploring stolen data markets online: Products and market forces. Criminal Justice Studies, 23(1), 33–50.CrossRefGoogle Scholar
  30. Holt, T. J., & Smirnova, O. (2014). Examining the structure, organization, and processes of the international market for stolen data. Washington, DC: U.S. Department of Justice.Google Scholar
  31. Holt, T. J., Strumsky, D., Smirnova, O., & Kilger, M. (2012). Examining the social networks of malware writers and hackers. International Journal of Cyber Crimi-nology (IJCC), 6(1), 891–903.Google Scholar
  32. Holt, T. J., Smirnova, O., Chua, Y. T., & Copes, H. (2015). Examining the risk reduction strategies of actors in online criminal markets. Global Crime, 16(2), 81–103.CrossRefGoogle Scholar
  33. Holt, T. J., Smirnova, O., & Chua, Y. T. (2016). Exploring and estimating the revenues and profits of participants in stolen data markets. Deviant Behavior, 37(4), 353–367. Scholar
  34. Holz, T., Engelberth, M., & Freiling, F. (2009). Learning more about the under-ground economy: A case-study of keyloggers and dropzones. In M. Backes & P. Ning (Eds.), Computer security-ESCORICS (pp. 1–18). Berlin/Heidelberg: Springer.Google Scholar
  35. Hutchings, A. (2014). Crime from the keyboard: Organised cybercrime, co-offending, initiation and knowledge transmission. Crime, Law and Social Change, 62(1), 1–20.CrossRefGoogle Scholar
  36. Hutchings, A., & Holt, T. J. (2015). A crime script analysis of the online stolen data market. British Journal of Criminology, 55(3), 596–614.CrossRefGoogle Scholar
  37. Ianni, F. A. J., & Reuss-Ianni, E. (1972). A family business; kinship and social control in organized crime. London: Routledge & Kegan Paul.Google Scholar
  38. Kleemans, E. R., & De Poot, C. J. (2008). Criminal careers in organized crime and social opportunity structure. European Journal of Criminology, 5(1), 69–98.CrossRefGoogle Scholar
  39. Kruisbergen, E. W., & Soudijn, M. R. J. (2015). Wat is witwassen eigenlijk? Introductie tot theorie en praktijk. Justitiële verkenningen, 41(1), 10–23.CrossRefGoogle Scholar
  40. Kruisbergen, E. W., Van de Bunt, H. G., & Kleemans, E. R. (2012). Georganiseerde criminaliteit in Nederland. Vierde rapportage op basis van de Monitor Georganiseerde Criminaliteit [Organized crime in the Netherlands. Fourth report of the Organized Crime Monitor]. Den Haag: Boom Lemma. English summary available at: Scholar
  41. Kruisbergen, E. W., Kleemans, E. R., & Kouwenberg, R. F. (2015). Profitability, power, or proximity? Organized crime offenders investing their money in legal economy. European Journal on Criminal Policy and Research, 21(2), 237–256.CrossRefGoogle Scholar
  42. Kruisbergen, E. W., Kleemans, E. R., & Kouwenberg, R. F. (2016). Explaining attrition: Investigating and confiscating the profits of organized crime. European Journal of Criminology. Scholar
  43. Kruisbergen, E. W., Leukfeldt, E. R., Kleemans, E. R., & Roks, R. A. (2018). Georganiseerde criminaliteit en ICT Nederland. Rapportage in het kader van de vijfde ronde van de Monitor Georganiseerde Criminaliteit [Organized crime and IT. Report based on the fifth round of the Organized Crime Monitor]. Den Haag: WODC. English summary available at: Scholar
  44. Kruithof, K., Aldridge, J., Décary-Hétu, D., Sim, M., Dujso, E., & Hoorens, S. (2016). Internet-facilitated drugs trade: An analysis of the size, scope and the role of the Netherlands. Santa Monica/Cambridge: Rand Corporation.Google Scholar
  45. Leukfeldt, E. R. (2014). Cybercrime and social ties: Phishing in Amsterdam. Trends in Organized Crime, 17(4), 231–249.Google Scholar
  46. Leukfeldt, E. R. (2016). Cybercriminal networks: Origin, growth and criminal capabilities. Den Haag: Eleven International Publishers.Google Scholar
  47. Leukfeldt, E. R. (2017). Research agenda the human factor in cybercrime and cybersecurity. Den Haag: Eleven International Publishing.Google Scholar
  48. Leukfeldt, E. R., Lavorgna, A., & Kleemans, E. R. (2017a). Organised cybercrime or cybercrime that is organised? An assessment of the conceptualisation of financial cybercrime as organised crime. European Journal on Criminal Policy and Research, 23(3), 287–300.CrossRefGoogle Scholar
  49. Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2017b). A typology of cybercriminal networks: From low tech locals to high tech specialists. Crime, Law and Social Change.
  50. Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2017c). Cybercriminal networks, social ties and online forums: Social ties versus digital ties within phishing and malware networks. British Journal of Criminology.
  51. Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2017d). Origin, growth and criminal capabilities of cybercriminal networks. An international empirical analysis. Crime, Law and Social Change.
  52. Leukfeldt, E. R., Kleemans, E. R., & Stol, W. P. (2017e). The use of online crime markets by cybercriminal networks: A view from within. American Behavioral Scientist. Scholar
  53. Leukfeldt, E. R., de Poot, C., Verhoeven, M., Kleemans, E. R., & Lavorgna, A. (2017f). Cybercriminal networks. In E. R. Leukfeldt (Ed.), Research agenda: The human factor in cybercrime and cybersecurity. Den Haag: Eleven International Publishers.Google Scholar
  54. Leukfeldt, E. R., Kleemans, E. R., Kruisbergen, E. W., & Roks, R. (2019). Criminal networks in a digitized world: On the Nexus of borderless opportunities and local embeddedness. Trends in Organized Crime. Scholar
  55. Lu, Y., Luo, X., Polgar, M., & Cao, Y. (2010). Social network analysis of a criminal hacker community. Journal of Computer Information Systems, 51(2), 31–41.Google Scholar
  56. Lusthaus, J. (2012). Trust in the world of cybercrime. Global Crime, 13(2), 71–94.CrossRefGoogle Scholar
  57. Lusthaus, J., & Varese, F. (2017). Offline and local; the hidden face of cybercrime. Policing: A Journal of Policy and Practice.
  58. Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G. M., & Savage, S. (2013). A fistful of bitcoins: Characterizing payments among men with no names. San Diego: University of California. Geraadpleegd April 2018. Scholar
  59. Moore, T., & Christin, N. (2013). Beware the middleman: Empirical analysis of bit-coin-exchange risk. In A. R. Sadeghi (Ed.), Financial cryptography and data security, FC 2013, lecture notes in computer science (Vol. 7859). Berlin: Springer.Google Scholar
  60. Motoyama, M., McCoy, D., Levchenko, K., Savage, S., & Voelker, G. M. (2013). An analysis of underground forums. IMC’11 71–79.Google Scholar
  61. Maurtiz, H. (2014). De aard en omvang van Money Muling: Fraude met internetbankieren en witwassen. [Money Muling] Scriptie, uitgevoerd voor de Nationale Politie.Google Scholar
  62. NVB (Nederlandse Vereniging van Banken). (2017). Factsheet Veiligheid en fraude. Z. pl.:NVB.
  63. Odinot, G., Verhoeven, M. A., Pool, R. L. D., & De Poot, C. J. (2017). Organised cyber-crime in the Netherlands: Empirical findings and implications for law enforcement. Den Haag: WODC. Cahier 2017-1.Google Scholar
  64. Oerlemans, J. J., Custers, B. H. M., Pool, R. L. D., & Cornelisse, R. (2016). Cybercrime en witwassen: Bitcoins, online dienstverleners en andere witwasmethoden bij banking malware en ransomware. Den Haag: Boom criminlogie. Onderzoek en beleid 319.Google Scholar
  65. Peretti, K. K. (2008). Data breaches: What the underground world of ‘carding’ reveals. Santa Clara Computer and High-technology Law Journal, 25(2), 345–414.Google Scholar
  66. Reiss, A. J. (1988). Co-offending and criminal careers. In M. Tonry & N. Morris (Eds.), Crime and justice. A review of research. Chicago: Chicago University Press.Google Scholar
  67. Reiss, A. J., & Farrington, D. P. (1991). Advancing knowledge about co-offending: Results from a prospective longitudinal survey of London males. Journal of Criminal Law and Criminology, 82(2), 360–395.CrossRefGoogle Scholar
  68. Ron, D., & Shamir, A. (2013). Quantitative analysis of the full bitcoin transaction graph. Financial Cryptography and Data Security, 7859, 6–24.CrossRefGoogle Scholar
  69. Shaw, C. R., & McKay, H. D. (1931). Report on the causes of crime: Volume II. Washington, DC: Government Printing Office.Google Scholar
  70. Soudijn, M. R. J. (2017). Witwassen: Criminaliteitsbeeldanalyse 2016 (Crime Pattern Analyses on Money Laundering). Driebergen: Landelijke Eenheid.Google Scholar
  71. Soudijn, M. R. J. (2018). Using police reports to monitor money laundering developments. Continuity and change in 12 years of dutch money laundering crime pattern analyses. European Journal of Criminal Policy and Research. Scholar
  72. Soudijn, M. R. J., & Monsma, E. (2012). Virtuele ontmoetingsuimtes voor cybercrimi-nelen. Tijdschrift voor Criminologie, 54(4), 349–360.Google Scholar
  73. Soudijn, M. R. J., & Zegers, B. C. H. T. (2012). Cybercrime and virtual offender convergence settings. Trends in Organized Crime, 15(2–3), 111–129.CrossRefGoogle Scholar
  74. Sutherland, E. H. (1937). The professional thief. Chicago: The University of Chicago Press.Google Scholar
  75. Wehinger, F. (2011). The dark net: Self-regulation dynamics of illegal online markets for identities and related services. Intelligence and Security Informatics Conference.
  76. Werner, Y., & Korsell, L. (2016). Cyber-OC in Sweden. In G. Bulanova-Hristova, K. Kasper, G. Odinot, M. Verhoeven, R. Pool, C. de Poot, W. Werner, & L. Korsell (Eds.), Cyber-OC: Scope and manifestations in selected EU member states (pp. 101–164). Wiesbaden: Bundeskriminalamt.Google Scholar
  77. Yip, M., Shadbolt, N., & Webber, C. (2012). Structural analysis of online criminal social networks. In IEEE international conference on intelligence and security informatics (ISI) (pp. 60–65). Arlington: IEEE.Google Scholar
  78. Yip, M., Webber, C., & Shadbolt, N. (2013). Trust among cybercriminals? Carding forums, uncertainty and implications for policing. Policing and Society, 23(4), 516–539.CrossRefGoogle Scholar

Copyright information

© The Author(s), under exclusive licence to Springer Nature Switzerland AG 2019

Authors and Affiliations

  • E. R. (Rutger) Leukfeldt
    • 1
    Email author
  • E. W. (Edwin) Kruisbergen
    • 2
  • E. R. (Edward) Kleemans
    • 3
  • R. A. (Robert) Roks
    • 4
  1. 1.Netherlands Institute for the Study of Crime and Law Enforcement (NSCR)The Hague University of Applied SciencesAmsterdamNetherlands
  2. 2.Research and Documentation CentreDutch Ministry of Justice and SecurityThe HagueNetherlands
  3. 3.Vrije Universiteit AmsterdamAmsterdamNetherlands
  4. 4.Erasmus University RotterdamRotterdamNetherlands

Personalised recommendations