The Gozi group: A criminal firm in cyberspace?
Published date | 01 September 2023 |
DOI | http://doi.org/10.1177/14773708221077615 |
Author | Jonathan Lusthaus,Jaap van Oss,Philipp Amann |
Date | 01 September 2023 |
Subject Matter | Articles |
The Gozi group: A criminal
firm in cyberspace?
Jonathan Lusthaus
University of Oxford, UK
Jaap van Oss
Independent Researcher, Netherlands
Philipp Amann
Europol, Netherlands
Abstract
The relative glut of data on cybercriminal forums has led to a growing understanding of the func-
tioning of these virtual marketplaces. But with a focus on illicit online trading, less attention has
been paid to the structures of groups that carry out cybercrimes in an operational sense. In eco-
nomic parlance, some such groups may be known as ‘firms’. This concept has been a significant
part of the literature on more traditional forms of organised crime, but is not widely discussed
in the cybercrime discourse. The focus of this article is, by way of a case study of the Gozi malware
group, to explore the applicability of the concept of firms to the novel environment of cybercrime.
Keywords
Criminal firms, cybercrime, cybercriminal organisation, Gozi, malware groups
Introduction
The relative glut of data on cybercrime marketplaces has led to a growing understanding of how
these forums function and their role within the illicit digital economy (see, for instance,
Décary-Hétu and Dupont, 2013; Dupont et al., 2017; Dupont and Lusthaus, 2021; Holt,
2013; Holt and Lampke, 2010; Motoyama et al., 2011). While marketplaces are undoubtedly
an important part of the cybercrime economy, less attention has been paid to the structures of
Corresponding author:
Jonathan Lusthaus, Department of Sociology, University of Oxford, 42-43 Park End Street,
Oxford OX11JD, UK.
Email: jonathan.lusthaus@sociology.ox.ac.uk
Article
European Journal of Criminology
2023, Vol. 20(5) 1701–1718
© The Author(s) 2022
Article reuse guidelines:
sagepub.com/journals-permissions
DOI: 10.1177/14773708221077615
journals.sagepub.com/home/euc
groups that carry out cybercrimes in an operational sense (see Broadhurst et al., 2014; Leukfeldt
et al., 2017c; Lusthaus, 2018b; Musotto and Wall, 2020; Wall, 2014). That is, those groups
which are the source of the products and services that are brought to market. We might
regard these as enterprises, businesses or companies. But in traditional economic terms, the
concept of firms is standard and foundational (on theories of firms see Gibbons, 2005). In
short, a firm is a profit-making entity supplying a service or good (Sullivan and Sheffrin, 2003).
The concept of firms has been a significant part of the literature on more traditional
forms of organised crime (most notably Reuter, 1983; for a review see von Lampe,
2016: 127-157). But its application to cybercrime is less developed. Some comparative
research has been done on cybercriminal business models (Broadhurst et al., 2014;
Leukfeldt et al., 2016; Leukfeldt et al., 2017a; Lusthaus, 2018b), and the idea of cyber-
criminal networks has begun to gain greater prominence (see e.g. Leukfeldt et al., 2017b;
Leukfeldt et al., 2017c). Yet, only a handful of scholars have directly touched on the
concept of a firm or the oft-linked area of transaction cost economics (Herley and
Florêncio, 2010; Lusthaus, 2018a; Paquet-Clouston et al., 2018; see also Hardy and
Norgaard, 2016). The concept has not been probed in depth, and key questions remain
to be answered. Do cybercriminal businesses match our conventional expectations of
what a firm is? Do they differ from (non-digital) criminal firms? Does the concept of a
firm help us understand the organisational structure of cybercriminal groups?
The focus of this article is, by way of a case study, to explore the applicability of the
concept of firms to the novel environment of cybercrime. The first section of this article
provides theoretical background on the concept of the firm. The second section addresses
the data and methods employed in the study. The third section is the core case study of the
Gozi group, one of the leading malware producers and distributors of its time. This
section analyses the group’s background, structure and operations. A discussion
section then follows, linking this case study to broader themes of interest.
Theory
To explore whether the concept of firms is applicable to cybercrime, we must first outline
theoretical background on the nature of both legal and criminal firms. This analysis draws
on a range of social science contributions, across not only criminology, but also sociology
and economics.
The nature of firms
While definitions, like the one in the introduction, see firms as profit-making entities, this
does not tell us much about the nature of firms. The terms business,enterprise or even
company might be equally applied. Such a broad approach would incorporate huge
swathes of commercial activity, in line with the thinking that ‘firms can take many dif-
ferent forms, each with its own sociological profile: partnerships, family firms, joint-stock
corporations, and so on’(Swedberg, 2003: 74). Rather than getting caught in the quag-
mire of exhaustively listing every type of firm that might exist, a more useful analytical
1702 European Journal of Criminology 20(5)
To continue reading
Request your trial