The Cybercrime Ecosystem: How the Internet May Support Criminal Behaviour Online

This blog post is a summary of a presentation given by Dr Maria Bada, former research fellow at the Global Cyber Security Capacity Centre, and Dr Jason R. C. Nurse, former researcher at Cyber Security Oxford, during the ‘’Connected Life 2016: Collective Action and the Internet” Conference, at the Oxford Internet Institute, in June 2016. The purpose of the presentation was to reflect on the current research and practice in the field of cybercrime, and especially on the cybercrime ecosystem and the ways that the Internet supports criminal behaviour online.


The Internet has drastically transformed the way that we as a society communicate, interact and trade. At the same time, it has also opened new opportunities for criminals. This article concentrates on the topic of cybercrime with special emphasis on how the Internet supports collective criminal behaviour online. This touches on the increasing use of online means to support cybercriminal communities and actions, but also on social characteristics of these groupings.

They ways cybercriminals use the Internet

Undoubtedly the most significant way that the Internet supports online crime is its provision of a ubiquitous platform for criminals to connect and interact. There are several forums catering to cybercrime e.g. Darkode (KrebsOnSecurity. 2015) and common social-media platforms are also now used for communication (ComputerWeekly. 2016). These allow offenders with common interests from across the globe to come together, share knowledge and even recruit members into the distinctive ethos and attitudes of online crime culture (Denning, D. 1991). 


The online market

In addition to the sharing of knowledge, there is a maturing online market for the sharing of stolen data, hacking tools and zero-day vulnerabilities, as well as criminal services such as renting botnets and spam servers. In the 2016 Underground Hacker Marketplace Report, it was found that credit card details could be purchased for $30 USD, remote computer access toolkits for as little as $5 USD, and Distributed Denial-of-Service attacks on defined sites for as low as $5 USD an hour (Dell SecureWorks. 2016).


Collective/coordinated cyberattacks

Another area of importance is the collective action in terms of coordinated cyberattacks. A perfect example is the case of #OpSony, where a group of hacktivists self-organised and attacked Sony websites in retaliation for Sony’s lawsuit against a PlayStation3 hacker (Ars Technica. 2011).


The social characteristics of cybercriminal online communities

One of the most interesting aspects of the communities discussed above is that of their characteristics and how they function. For instance, these individuals are likeminded and therefore have some shared culture, at least in the context of their actions. This culture includes values as well intergroup dynamics. These include perceptions, attitudes, and behaviours towards one’s own group, as well as those towards another group. A cybercriminal’s social identity may be defined by their group membership, and the general features that define the group and differentiate it from others (Hogg & Williams, 2000). 

Overall, while there has been research in this space (e.g., Broadhurst, et al., 2014, Ablon, et al., 2014) compared to offline crime little is known. Therefore, future research should seek to consider evidence-based research about offender behaviour and criminal activities in cyberspace, and also how other aspects such as learning and imitation play a role (Broadhurst, & Grabosky, 2005).



Ars Technica. 2011. “Anonymous” attacks Sony to protest PS3 hacker lawsuit.

Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B. and Chon, S., 2014. An Analysis of the Nature of Groups Engaged in Cyber Crime. An Analysis of the Nature of Groups engaged in Cyber Crime, International Journal of Cyber Criminology, 8(1), pp.1-20.

Broadhurst, R., and Grabosky, P. 2005. Computer-Related Crime in Asia: Emergent Issues. In R. Broadhurst and P. Grabosky (Eds.), Cybercrime: The Challenge in Asia (pp. 347–360). Hong Kong University Press.

Ablon, L., Libicki, M. and Golay, A. 2014. Markets for Cybercrime Tools and Stolen Data.   

ComputerWeekly. 2016. Cyber criminals are hiding in plain sight, says RSA report

Dell SecureWorks. 2016. 2016 Underground Hacker Marketplace Report.

Denning, D. 1991. Hacker Ethics. Proceedings of the 13th National Conference on Computing and Values. New Haven, CT: Research Centre on Computing and Society.

Hogg, M. A. and Williams, K. D. 2000. From I to we: Social identity and the collective self. Group Dynamics: Theory, Research, and Practice 4: 81.

KrebsOnSecurity. 2015. The Darkode Cybercrime Forum, Up Close.