Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.
Crime, technology and society by Angus Bancroft
Crimetech – It’s like fintech, but not as much of a scam

Crimetech – It’s like fintech, but not as much of a scam

Crimetech is a catch all for the technology developed by criminal enterprises to further their aims. It is the set of botnets, hacking tools,  bulletproof hosting and interfaces that join up criminal intent with their victims. (There is a company selling various bits kit for forensics called ‘CrimeTech’. They are the go to if you need tape with ‘Evidence’ on it, or that thick chalk you draw round a body.) Crimetech is specific in its purpose. There is wider melange of technology used by criminals which is not crimetech – Tor, cryptocurrency and such are independent of it but we should be aware of how some technology articulates and gives affordance to hostile actors.

The prevailing framework is of technology and crime is of tech as a quality that enables or disables crime or security. Crime exists on a scale from cyber-enabled to cyber-dependent. A little less encryption here, a little more there. As technology is now so embedded and provided as a service to criminals we have to move past that and think of tech as part of the material matrix. So rather than this gradient from ‘lo tech’ to ‘full on tech’ we could see intersections between different kinds of technology and the material operation of crime, in some instances surrounding a hard core of dedicated, tech dominant crimetech operations. Really we are talking about the old classics: what is the division of labour, where are the command and control processes, how are criminal enterprises able to combine different data types and where are the critical points where harm happens. 

Consider a phone scam that’s highly centralised, which combines basic and simple technological platforms and user scripts, and a social engineering attack which used tested AI driven communication forms to ensare victims. The first is heavy on human labour, and can be undermined by time wasting tactics on the other end. The latter is less contact driven, more passive, highly failure tolerant and generates more data. A zero day exploit is of a different quality as it is likely to be valued in itself, traded and used by a range of individuals and enterprises, including state agencies.

As well as the organisation/complexity axis we should also consider hwo crimetech scales. Many crimes are low severity individually and hence tend to be unreported, but have an impact at scale which is what makes them hard to prosecute. This focus on a scalar threat is a recurring one in many documents now such as the Mills, Skodbo and Blyth (2013) which explicitly tackles it. To me we are facing two challenges: first, tools and exploitation modes are designed to scale up and down depending on opportunity. Second, distributed delivery means interventions tend to end up punching fog. In each case, my interest comes back to how crimetech reorganises and revalues criminal labour, just as other platforms do the same. The same problem can occur in both cases. In the world of venture capital the relentless focus on devaluing human labour means we miss how much labour goes into algorithmic control. In the world of crimetech the extensive labour behind scalar threats is also hidden.

Mills H, Skodbo S and Blyth P (2013) Understanding organised crime: estimating the scale and the social and economic costs. London: Home Office.




Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.