Jonathan Lusthaus has just published Industry of Anonymity: Inside the Business of Cybercrime, a fascinating account of the lives of cybercriminals and the vast international industry they have subversively created. We asked Jonathan about how he got interested in this unusual, yet important field.
While Industry of Anonymity is a labor of love, it is also a product of luck. In a different reality, it might never have been written. When I moved to Oxford to begin a Masters program in the sociology department many years ago, I was set on researching religious violence. Unfortunately, the work I wanted to do didn’t match the research strands among the faculty. In a classic student conundrum, I was quickly forced to come up with a new dissertation topic at short notice.
As it happened, just before the deadline for announcing topics, the former Guardian and BBC journalist Misha Glenny came to Oxford to give a talk. A well-known author on organized crime, Glenny was writing a new book on cybercrime at the time. That project would become Darkmarket, and the sneak preview we were treated to opened my eyes to a world I had never considered before.
Cybercrime – something I had figured as a purely technical phenomenon – involved people. These people communicated with each other, worked together and traded products on large online marketplaces. There was a secret world here, an undiscovered economy. I sensed immediately that I wanted to explore and map this new underground economy that seemed to be hidden from sight.
Luckily, I was in the perfect department to do this. Following scholars like Diego Gambetta and Federico Varese (who would become an inspirational doctoral supervisor), one of the strengths of Oxford sociology is the study of extra-legal governance. This examines how groups outside the control of the state, such as criminals and insurgents, regulate their own dealings. They can't rely on the courts or the police, so they have to develop their own institutions of governance.
Cybercrime presented a fascinating sociological puzzle: how do cybercriminals manage to cooperate together on a wide scale? It would seem that criminals, and anonymous ones at that, don’t make great business partners. You ostensibly can’t beat them up if a deal goes wrong. Yet we were seeing increasing levels of collaboration taking place, and later I would come to the realisation that a fully-fledged cybercrime industry had formed. How was this happening? Answering this question became the heart of my research.
One of the first people I interviewed for this project asked me whether I would continue working in the cybercrime space after my masters. At the time, I was starting out and hadn’t really thought about it. But he told me that this was a fascinating and hugely important area, with tremendous opportunities and one that I should stick with.
After I finished my masters and the pilot research on which this book would be built, I realized that this interviewee was right. I had become obsessed with the topic of cybercrime. I had begun researching this topic with no knowledge of cybercrime and no contacts at all. I wanted to change this and interview the most knowledgeable people I could find – whether from law enforcement, private sector or cybercriminal backgrounds. If I travelled to a country, I wanted to do research on cybercrime while I was there. I knew this was an enormous topic, and an enormously important topic. And I knew that one day it would become a book.
After seven years of fieldwork, this passion had taken me to Russia, Ukraine, Romania, China, Nigeria, Brazil and more. I have interviewed 238 people, including some leading former cybercriminals. I have visited the sites where key historical events took place, such as a conference held in Odessa by some of the pioneers of the cybercrime industry. I have moved from the periphery of the topic towards its heart, and had an amazing adventure along the way.
This journey confirmed my view that the human dimension of cybercrime is vital to understanding the challenge and seeking solutions to fix it. Cybercrime is not just a technical phenomenon but one that is driven by people. Its victims are also people. By focussing on the technical, many can simply turn away and chose not to address the problem. It is complex and ultimately mystifying. But when we have a better understanding of how cybercrime affects us in personal terms and how the attacks stem from people in different parts of the world, we are in a much better position to engage people and make progress in addressing the threat.
