Depictions of cybercrime often revolve around the figure of the lone ‘hacker’, a skilled artisan who builds their own tools and has a deep mastery of technical systems. However, much of the work involved is now in fact more akin to a deviant customer service or maintenance job. This means that exit from cybercrime communities is less often via the justice system, and far more likely to be a simple case of burnout.

This is increasingly well-recognised in the security industry, but until now has yet to be systematically accounted for and evidenced through empirical research. Reprising a paper we had at WEIS last year, we have recently published the results of a study in the British Journal of Criminology which sets this phenomenon out in detail. The paper (accepted version linked here) looks at some of the more mundane (but still important) aspects of cybercrime economies. In particular, we explore how the economic and structural changes which have taken place in the cybercrime economy over the last twenty years have also changed the nature of work – and the cultural and social aspects of the communities and subcultures associated with cybercrime.

This was a mixed-methods study drawing on a wide range of different kinds of data (including interviews as well as chat channels and forum data) to study a scale shift in the structural underpinnings of cybercrime markets. This shift has been well-documented in the security literature – the rise of cybercrime-as-a-service, heralding the move from tool- and skill-sharing economies to relatively mature underground markets for illicit services. Rather than learning to conduct DDoS attacks or infect machines themselves, or buying tools to do this, now young people are able simply to buy these as services for (often quite small) amounts of money.

The shift to a service economy has meant, in accordance with basic economic pressures, people building illicit infrastructure to support these services and save labour. Thus, a purpose-built illicit infrastructure grants economies of scale – people don’t have to build or buy tools themselves, they can simply rent their capacities as a service. Ultimately, this also scales up cybercrime problems – allowing the skill barrier to reduce to near zero and the facilitation of true ‘volume crime’.

This means that the nature of work has also changed – rather than skilled artisans creating bespoke tools for their own use, or people buying and selling generic tools and using them to commit crime, now much of the work on which cybercrime economies depend is boring – basic customer service, maintenance, and system administration. This has caused serious issues in communities whose idea of themselves often still revolves around the image of the lone, skilled hacker. Admins and customer support staff find it hard to cultivate elite status in these communities, and learn little in the way of advanced technical skills which might enable them to advance. Although for some with the skills and drive, this inspires them to learn to develop exploits themselves, for most it simply leads to burnout.