Crimetech – It’s like fintech, but not as much of a scam

Crimetech is a catch all for the technology developed by criminal enterprises to further their aims. It is the set of botnets, hacking tools,  bulletproof hosting and interfaces that join up criminal intent with their victims. (There is a company selling various bits kit for forensics called ‘CrimeTech’. They are the go to if you need tape with ‘Evidence’ on it, or that thick chalk you draw round a body.) Crimetech is specific in its purpose. There is wider melange of technology used by criminals which is not crimetech – Tor, cryptocurrency and such are independent of it but we should be aware of how some technology articulates and gives affordance to hostile actors.

The prevailing framework is of technology and crime is of tech as a quality that enables or disables crime or security. Crime exists on a scale from cyber-enabled to cyber-dependent. A little less encryption here, a little more there. As technology is now so embedded and provided as a service to criminals we have to move past that and think of tech as part of the material matrix. So rather than this gradient from ‘lo tech’ to ‘full on tech’ we could see intersections between different kinds of technology and the material operation of crime, in some instances surrounding a hard core of dedicated, tech dominant crimetech operations. Really we are talking about the old classics: what is the division of labour, where are the command and control processes, how are criminal enterprises able to combine different data types and where are the critical points where harm happens. 

Consider a phone scam that’s highly centralised, which combines basic and simple technological platforms and user scripts, and a social engineering attack which used tested AI driven communication forms to ensare victims. The first is heavy on human labour, and can be undermined by time wasting tactics on the other end. The latter is less contact driven, more passive, highly failure tolerant and generates more data. A zero day exploit is of a different quality as it is likely to be valued in itself, traded and used by a range of individuals and enterprises, including state agencies.

As well as the organisation/complexity axis we should also consider hwo crimetech scales. Many crimes are low severity individually and hence tend to be unreported, but have an impact at scale which is what makes them hard to prosecute. This focus on a scalar threat is a recurring one in many documents now such as the Mills, Skodbo and Blyth (2013) which explicitly tackles it. To me we are facing two challenges: first, tools and exploitation modes are designed to scale up and down depending on opportunity. Second, distributed delivery means interventions tend to end up punching fog. In each case, my interest comes back to how crimetech reorganises and revalues criminal labour, just as other platforms do the same. The same problem can occur in both cases. In the world of venture capital the relentless focus on devaluing human labour means we miss how much labour goes into algorithmic control. In the world of crimetech the extensive labour behind scalar threats is also hidden.

Mills H, Skodbo S and Blyth P (2013) Understanding organised crime: estimating the scale and the social and economic costs. London: Home Office.

 

 

Author: Angus Bancroft

I'm a lecturer at the University of Edinburgh department of Sociology, studying illicit drug use, illicit markets and various shades of cyber crime. Email angus.bancroft@ed.ac.uk Tweet @angusbancroft

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.