Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School

Cybercrime Hotspots

| Aug. 24, 2021

Identifying the Conditions that Influence the Emergence of Financially-Motivated Cybercriminal Networks

Download the Full Publication

Executive Summary

Organized cybercrime groups pose the most significant financial threat to institutions and individuals in the United States (U.S.), more so than nation-states or terrorists engaged in cyberattacks, and the volume and cost of these fraud-based cyber campaigns are growing exponentially. In the financial services industry, LexisNexis Risk Solutions reports that from 2018 to 2019 the average number of successful fraudulent attempts increased by 85 percent and the financial services industry suffered more login and payment attacks than any other industry in 2020.

The United States Secret Service (USSS) oversees and protects the U.S. financial and payment systems. The USSS seeks to proactively prepare for cyber threats and successfully intercept cybercriminals and their illicit activities before they inflict serious harm to financial institutions. This report assesses common features of organized cybercrime groups and the socioeconomic conditions that influence cybercrime networks in specific countries. It seeks to provide a preliminary picture of how organized cybercrime groups operate and evolve and the conditions that likely allow them to thrive in particular locations using the case studies of Nigeria, India, and Mexico.

The report relies upon insights from government and private sector cybersecurity experts, as well as from industry reports and academic research. The research explored what quantitative data exists on the location of cybercriminals and analyzed qualitative assessments of the general factors that influence crime rates and specific country conditions that influence cybercrime. Leveraging the key findings from this research, the report proposes policy recommendations for the USSS to more strategically and proactively address the threat from organized cybercrime groups.

This report identified the following overarching key insights about organized cybercrime groups and the conditions influencing their operations in Nigeria, India, and Mexico:


FINDING 1: The physical location of cybercriminals is not currently captured in a singular dataset. Further, utilizing proxy data to estimate cybercriminal locations is challenged by the fragmentation and complexity of data around cybercrimes and criminals.

FINDING 2: Organized cybercrime groups are networks of threat actors with complementary skills and roles, working together rather than alone. Groups often converge around particular language communities, and trust is key in these communities to groom and recruit cybercriminals.

FINDING 3: Organized cybercrime groups have relatively consistent tactics, techniques, and procedures (TTPs), but leverage new technologies to better target and execute their criminal objectives.

FINDING 4: Conditions like internet access and technical skills are prerequisites to becoming a cybercriminal. High poverty and unemployment rates and weak cybersecurity infrastructure, laws, and enforcement are conditions that perpetuate organized cybercrime.

Additionally, this report captures findings about organized cybercrime groups operating within three countries: Nigeria, India, and Mexico. Top findings from each country case study include:

1. High poverty and unemployment rates in Nigeria are responsible for  greater rates of cybercrime.
2. Nigeria continues to be a hub for social engineering scams, but cybercrime groups are becoming more sophisticated and efficient.
3. The threat from Nigerian organized cybercrime groups will likely rise as BEC scams increased in 2020, the COVID-19 pandemic exacerbated economic conditions in Nigeria that perpetuate cybercrime, and Nigerian cybercriminals are migrating and operating out of other countries.

1. The disparity between technically skilled individuals and the availability of technical jobs drives organized cybercrime.
2. India’s legitime information technology industry is associated with low cybercrime rates, but criminal groups are increasingly setting up call centers in India to facilitate their illicit cyber operations.
3. There is a gap between cyber laws and the enforcement and prosecution of cybercriminals in India due to lack of cybersecurity-trained law enforcement and cybersecurity focused courts with judges knowledgeable of cyber.

1. Mexico has seen a significant rise in cybercrime since 2018 and cybercrime victims in 2020 identified Mexico as one of the primary locations of their attackers.
2. In Mexico, organized cybercrime is emerging from traditional organized crime groups and drug cartels as they expand their existing criminal activities online.
3. Organized crime groups are exploiting emerging vulnerabilities in a rapidly digitizing Latin America, but as cybercriminals in Mexico become more connected and sophisticated they will likely pose a greater threat beyond the Spanish-speaking world.

The following key recommendations flow from the research and findings and are organized in alignment with the USSS Office of Investigations’ (INV) FY 2021-2027 Strategic Plan.

Goal 1: Investigations

Objective 1.1: Detect, Investigate, and Arrest Those Committing Financial Crimes

1. Align incentivizes to INV objectives and targets

2. Increase coordination to investigate and prevent illicit activity in online criminal forums and marketplaces

3. Dedicate more resources to tracking social media in known cybercrime hubs to identify cybercriminals

4. Work with DOJ, and state and local partners, to pursue less sophisticated cybercrimes more rigorously

Objective 1.2: Identify and Seize Assets to Prevent Illicit Profit and Victim Financial Losses

1. Prioritize targeting illicit marketplaces for commodified cybercrime tools

2. Investigate new trends in exchanging, regulating, and withdrawing cryptocurrency to identify and interdict cybercrime funding

Objective 1.3: Strengthen the Ability of Stakeholders to Prevent Financial Crimes

1. Coordinate with stakeholders to strengthen cybersecurity infrastructure and enhance and publicize detection of attempted fraud campaigns to increase deterrence against financial crimes


Goal 2: Staffing and Training

Objective 3.1: Develop the Investigative Teams for Countering Transnational Cyber Fraud

1. Coordinate language specialists across regional offices

2. Coordinate with state and local partners to intervene at earlier stages of cybercrime maturity

Objective 3.2: Increase Technical and Analytical Training for Cyber Fraud Investigations

1. Enhance training to identify risk factors, enablers, and intervention points of cybercriminals

2. Identify early trends in technological developments and emerging vulnerabilities in financial institutions to predict cybercrime threats

3. Enhance coordination between INV and the Office of Strategic Planning and Policy (OSP) Enterprise Strategy Division (ESD) to drive additional targeted research and information collection


Goal 3: Outreach

Objective 4.1: Strengthen Unity of Effort with Law Enforcement and Government Partners

1. Increase collaboration, training, and data sharing between law enforcement and the private sector to identify and understand organized cybercrime networks

2. Support efforts by DOJ and the U.S. Department of State (State Department) to develop best practices on interagency cybercrime enforcement

3. Pursue additional opportunities to increase information sharing on organized cybercriminal activities with international partners

4. Collaborate with DOJ and the State Department to expand the Budapest Convention

Objective 4.2: Develop the Capabilities of Law Enforcement Partners

1. Advocate for increased cyber training for law enforcement partners as well as prosecutors and judges

Objective 4.3: Cultivate Stakeholder Relationships to Prevent, Detect, and Investigate Crimes

1. Collaborate with domestic and international partners to create public outreach campaigns about cybersecurity threats

2. Work with international law enforcement and government partners to promote productive, lawful opportunities for individuals to apply their technical skills

For more information on this publication: Belfer Communications Office
For Academic Citation: Thinnes, Aoibheann. “Cybercrime Hotspots.” Paper, Belfer Center for Science and International Affairs, Harvard Kennedy School, August 24, 2021.

The Author