The future of organised crime – and Britain’s response

Last month, the National Crime Agency (NCA) published its National Strategic Assessment of Serious and Organised Crime (SOC). It highlights all the threats the agency is specifically aiming to tackle, from firearms and drugs to child sexual abuse, modern slavery, human trafficking and economic crime. For the first time this year, the headline story is not about criminal behaviour, but about how much more vulnerable we all are to becoming victims. Changes in organised crime are being driven more than anything else by our everyday reliance – in our personal and professional lives – on online services. In fact, the majority of crime now takes place online or is enabled by online resources. We have all become more vulnerable to organised crime because we spend more of our lives online.

Serious and organised online crime is increasingly causing harm to people across the UK. Examples of how serious and organised criminals are exploiting this trend range from disruption to public services through ransomware, which has had a serious impact on NHS services in Scotland and South East England in recent months, to the life-changing financial and psychological impact of online fraud. One major fraud platform shut down by the NCA last month had an estimated 170,000 victims nationwide; the average loss suffered by those reporting the abuse to Action Fraud was £9,400. Child sexual abuse is nothing new, but is facilitated by online connectivity, which gives perpetrators easy access to thousands of children, allows them to widely distribute child sexual abuse material, and normalises, enables and radicalises abuse – including commissioning the rape of children abroad, which they can watch live without having to leave their homes. Even crimes not traditionally associated with the internet are affected: social media connects traffickers with their desperate victims and enables the direct sale of synthetic opioids, substances that have caused 300 deaths in the UK in the last 15 months because they are up to 300 times more potent than heroin. It also facilitates the sharing of blueprints for 3D-printed firearms that can be used to bypass physical border controls. And finally, beyond the central SOC perimeter, encrypted messages are used to spread viral mis/disinformation and social media apps allow trolls to incite each other to increasingly intimidating abuse, particularly towards women and minorities.

The online revolution is also changing the fundamental business model of crime. Data leaks can give criminals access to a person’s usernames, passwords or financial data, or key material for social engineering. Successful techniques are being optimized more quickly and deployed on an astonishing scale – first by criminal participants and then by larger numbers of coerced victims in countries like West Africa and the Golden Triangle of Southeast Asia. We are now increasingly seeing criminals use technology and AI to automate, thereby eliminating humans as a limiting factor in scale. Online connections also enable the laundering of proceeds of crime. Cryptocurrencies are a crucial factor connecting money-making criminals such as drug gangs with fraud organizations and ransomware operators looking to monetize their crypto profits.

States contribute in many ways: by harboring and in some cases even inspiring cybercriminals to pressure their adversaries; by developing new methods to exploit cyberspace or by concealing financial flows themselves and passing them on to criminal groups; by allowing officials to abuse state tools for criminal purposes; and even by directly enabling ransomware attacks, as the US Cybersecurity Agency revealed last month. The online world is likely to see the most significant development of further state-criminal connections in the coming years.

To address these evolving threats harming people across the UK, four specific changes are needed. Together they create a response from the local to the global level. First, digital and online literacy is now the price of entry into fighting crime for traditional law enforcement agencies around the world, not just specialist cybercrime units. This means the skills we demand of our people are changing; our partnerships are driven by data sharing – both between governments and with industry; and our use of technology increasingly determines the extent of our success. Second, investigative capacity must keep up with the speed of cyberspace. Cumbersome international processes such as international mutual legal assistance requests must be complemented by information sharing between like-minded jurisdictions that is fast enough to seize and freeze criminal profits. Third, of course, the companies that provide and benefit from our new online world have a critical role to play – at their best, implementing inspired and thoughtful changes to remove vulnerabilities exploited by criminals. We need a lot more of that to keep society safe. And fourth, we must recognise that justice is not so often achieved through a conviction in a UK court: a fraudster with victims around the world can best be punished in the country where they are arrested. So we need to pay even more attention to asset freezing and recovery. For criminals in uncooperative jurisdictions, sanctions and travel bans need to be strengthened. And we can increase cyber disruption by exploiting the same features of the online environment that are at the root of the problem.

The reality is that rapid online innovation brings both risks and benefits for criminals. Competition has always been fierce, and as in other industries, online connectivity opens markets to new entrants. But increasingly, groups that don’t use the latest technology to connect and scale their businesses risk becoming uncompetitive and falling prey to those that do. And often, that technology can be the reason for their downfall. Many serious criminals who pounced on a supposedly secure communications platform used by criminals were exposed after law enforcement infiltrated the service in 2020. In the UK alone, over 12,800 years in prison were handed down based on evidence gathered from this system.

To optimize their use of online services, criminal groups tend to specialize and become more dependent on other groups. The availability of “as-a-service” offerings for ransomware and fraud, as well as the introduction of AI, have lowered barriers to entry, allowing damage to be inflicted at a higher level, at a higher pace, and on a larger scale. These two developments – forced adaptation and leveraging others – together give law enforcement a strategy that is becoming increasingly widespread. By infiltrating supposedly safe criminal services and marketplaces, undermining criminals’ trust in their online relationships, and disrupting key nodes in the stolen data ecosystem, we turn cybercriminals’ tools and approaches against them.

The infiltration and takedown of the NCA-led LockBit ransomware group in February is both significant in its own right and a useful case study. It was followed by charges against the group’s leader and joint sanctions between the UK, US and Australia. The numerous LockBit “affiliates” that carried out the actual ransomware attacks via the service are currently under investigation based on the detailed technical data we have obtained on them. Other ransomware organizations have had to distance themselves from the discredited group and, for their own safety, tend to deny membership to former LockBit affiliates, limiting their ability to harm us all on a large scale. The result is an increasingly fragmented ecosystem that limits the scale, sophistication and damage of their attacks.

Ultimately, our increasing use of and reliance on online services is changing the face of crime and significantly increasing the risk of serious harm from criminals we never meet. To address these problems, we need to rethink how we seek justice and how we work together inside and outside the UK. The signs of possible future success are already there, but there is still much work to be done.

The views expressed in this commentary are those of the author and do not reflect the views of RUSI or any other institution.

Do you have an idea for a commentary you would like to write for us? Send a short introduction to [email protected] and we will get back to you if it fits with our research interests. The full guidelines for contributors can be found Here.