Humanising the Cyber Criminal

Hackers and Cyber-criminals are ever-present in the media, the ‘folk devils’ (see the definition in the ‘Glossary of criminological terminology’ PDF available at the bottom of this page) of recent times.

Cybercrime is now a central concern of crime control, from the rise of online activism (also sometimes referred to by the newly coined term ‘hacktivism’); to the writers of viruses, trojans and worms; the hackers stealing data and the carders buying and selling stolen credit cards and using them to buy goods and services.

It is now a central concern of government and law enforcement. Carding, the trading of stolen credit card details, is one of the main profit-driven cybercrimes currently taking place and the topic of this article which is a summary of a book chapter on ‘Drifting on and off-line: Humanising the cyber criminal’¹.

‘Drifting on and off-line: Humanising the cyber criminal’ chapter summary

This article explores the myths and representations of cyber criminals. Cybercrime is a central concern of crime control today. Hackers, In particular, have seen their representation shift from the positive and creative to the deviant. Our interest is on those who engage in the related practice of online carding, the trade in stolen and false credit cards. Very little academic research has been conducted on this activity. They hide behind their computers and they steal credit cards from people around the world. That is as much as we know, but what about the human side? We used previously unexplored historical online forums to understand the activity from a criminological perspective.

By looking at online carding forums we approach the subjects of this activity as having a life that drifts between the online and the offline world and challenges preconceptions about the mythical hacker. One of the stereotypes of cybercrime is the cybercriminal as technical geniuses able to transcend the original intention of a technology. Although, clearly there are those with high technical ability, in reality the world of cybercrime is a complex interaction of the technical and the mundane.

The objective of a carder is simple: to steal financial information from a large number of victims. Although carders can steal credit cards in the ‘offline’ world, only the Web can provide a large enough pool of potential victims making carding profitable. There are three main ways in which credit card details can be stolen: hacking, eavesdropping and phishing: hacking involves gaining access into database(s) of Web-enabled systems to steal the stored credit card data.

Eavesdropping involves either hiring a malware author to produce specifically designed malicious software (malware) to eavesdrop on computers and steal credit card data entered by unsuspecting victims, or purchasing ready-made malware generator toolkits. Phishing is by far the easiest option, by luring unsuspecting users into providing such information voluntarily.

Trust is an essential social process in criminal networks. However, trust is made almost impossible by the anonymity offered by the Web and has become a major problem in the underground economy.

However, in 2002, a clever solution was borrowed from business and implemented in the underground economy: escrow. Escrow is a system to overcome the problem of dishonest traders, also known as rippers. These rippers would sell stolen data which no longer works, and sell the same set of stolen data to two or more buyers meaning that the resulting cards were not only useless, but that many buyers might be risking arrest. Carding forums were created to minimize this problem, although they could not eradicate it. Escrow meant that a sample of the stolen card data would be given to a trusted third party who would test the cards, and the buyer would pass the money to buy the cards to the same person who would exchange the data and the money if the cards worked. Unfortunately this system of ensuring fair play turned carding into an industry.

The Web has given rise to online carding forums on which online criminals communicate and trade with one another, with their dialogues recorded over the entire lifespan of the forum. This represents a unique methodological tool, a genuine insight into those who engage in criminal enterprises, the discussions they have, their frailties, triumphs and the challenges of the everyday.

We examine the perceptions, fears and triumphs of the carders themselves and glimpse into the life that is lived outside the confines of their computers and outside the purpose of the forum’s original creation. Rather than their opinions and values being located in a distinct group separate from mainstream, ethical values, they instead exist as part of a continuum. We are presented with a unique opportunity to finally understand them from their perspectives and get to know their attitudes. Why did they choose to become a carder? Do they have plans for the future? Do they have boundaries? Are they serious organised criminals or comparable to delinquent youths?

Rather than being some kind of techno-genius or super-criminal, carders are instead engaging in mundane, everyday discussions that we can relate to. Worrying over their choice of ‘career’, the ethics of what they do, and how to do the job better all appear in forum posts. We also see a sense of political anarchy in the discussions and in the pseudonyms they used. For some carders, this activity was a way to cheat the system, to get one over on the banks, government and other corporations.

Carding is perceived, like so much else on the Web, as a victimless crime. Rather than the offence being against an individual like you, it is against the banks that will, in any event, compensate the victim. Many of these carders take the line that they are enriching themselves in the face of a system designed to keep everyone down, they see themselves as fighting this system and winning.

Of course, we all actually pay for these crimes. The sense of rebellion is misplaced, and the thought that the banks are really losing out misguided.

Note: If this article has been of particular interest to you, you may like to look at the OPTIONAL [Advanced] activities in Steps 3.18 and 3.19 which explore these ideas further.