Your World of Legal Intelligence
 United Kingdom | +44 (0) 20 7284 8080

The Gozi group: A criminal firm in cyberspace?

Document Cited in Related
Vincent
Published date01 September 2023
DOIhttp://doi.org/10.1177/14773708221077615
AuthorJonathan Lusthaus,Jaap van Oss,Philipp Amann
Date01 September 2023
Subject MatterArticles
The Gozi group: A criminal
f‌irm in cyberspace?
Jonathan Lusthaus
University of Oxford, UK
Jaap van Oss
Independent Researcher, Netherlands
Philipp Amann
Europol, Netherlands
Abstract
The relative glut of data on cybercriminal forums has led to a growing understanding of the func-
tioning of these virtual marketplaces. But with a focus on illicit online trading, less attention has
been paid to the structures of groups that carry out cybercrimes in an operational sense. In eco-
nomic parlance, some such groups may be known as f‌irms. This concept has been a signif‌icant
part of the literature on more traditional forms of organised crime, but is not widely discussed
in the cybercrime discourse. The focus of this article is, by way of a case study of the Gozi malware
group, to explore the applicability of the concept of f‌irms to the novel environment of cybercrime.
Keywords
Criminal f‌irms, cybercrime, cybercriminal organisation, Gozi, malware groups
Introduction
The relative glut of data on cybercrime marketplaces has led to a growing understanding of how
these forums function and their role within the illicit digital economy (see, for instance,
Décary-Hétu and Dupont, 2013; Dupont et al., 2017; Dupont and Lusthaus, 2021; Holt,
2013; Holt and Lampke, 2010; Motoyama et al., 2011). While marketplaces are undoubtedly
an important part of the cybercrime economy, less attention has been paid to the structures of
Corresponding author:
Jonathan Lusthaus, Department of Sociology, University of Oxford, 42-43 Park End Street,
Oxford OX11JD, UK.
Email: jonathan.lusthaus@sociology.ox.ac.uk
Article
European Journal of Criminology
2023, Vol. 20(5) 17011718
© The Author(s) 2022
Article reuse guidelines:
sagepub.com/journals-permissions
DOI: 10.1177/14773708221077615
journals.sagepub.com/home/euc
groups that carry out cybercrimes in an operational sense (see Broadhurst et al., 2014; Leukfeldt
et al., 2017c; Lusthaus, 2018b; Musotto and Wall, 2020; Wall, 2014). That is, those groups
which are the source of the products and services that are brought to market. We might
regard these as enterprises, businesses or companies. But in traditional economic terms, the
concept of f‌irms is standard and foundational (on theories of f‌irms see Gibbons, 2005). In
short, a f‌irm is a prof‌it-making entity supplying a service or good (Sullivan and Sheffrin, 2003).
The concept of f‌irms has been a signif‌icant part of the literature on more traditional
forms of organised crime (most notably Reuter, 1983; for a review see von Lampe,
2016: 127-157). But its application to cybercrime is less developed. Some comparative
research has been done on cybercriminal business models (Broadhurst et al., 2014;
Leukfeldt et al., 2016; Leukfeldt et al., 2017a; Lusthaus, 2018b), and the idea of cyber-
criminal networks has begun to gain greater prominence (see e.g. Leukfeldt et al., 2017b;
Leukfeldt et al., 2017c). Yet, only a handful of scholars have directly touched on the
concept of a f‌irm or the oft-linked area of transaction cost economics (Herley and
Florêncio, 2010; Lusthaus, 2018a; Paquet-Clouston et al., 2018; see also Hardy and
Norgaard, 2016). The concept has not been probed in depth, and key questions remain
to be answered. Do cybercriminal businesses match our conventional expectations of
what a f‌irm is? Do they differ from (non-digital) criminal f‌irms? Does the concept of a
f‌irm help us understand the organisational structure of cybercriminal groups?
The focus of this article is, by way of a case study, to explore the applicability of the
concept of f‌irms to the novel environment of cybercrime. The f‌irst section of this article
provides theoretical background on the concept of the f‌irm. The second section addresses
the data and methods employed in the study. The third section is the core case study of the
Gozi group, one of the leading malware producers and distributors of its time. This
section analyses the groups background, structure and operations. A discussion
section then follows, linking this case study to broader themes of interest.
Theory
To explore whether the concept of f‌irms is applicable to cybercrime, we must f‌irst outline
theoretical background on the nature of both legal and criminal f‌irms. This analysis draws
on a range of social science contributions, across not only criminology, but also sociology
and economics.
The nature of f‌irms
While def‌initions, like the one in the introduction, see f‌irms as prof‌it-making entities, this
does not tell us much about the nature of f‌irms. The terms business,enterprise or even
company might be equally applied. Such a broad approach would incorporate huge
swathes of commercial activity, in line with the thinking that f‌irms can take many dif-
ferent forms, each with its own sociological prof‌ile: partnerships, family f‌irms, joint-stock
corporations, and so on(Swedberg, 2003: 74). Rather than getting caught in the quag-
mire of exhaustively listing every type of f‌irm that might exist, a more useful analytical
1702 European Journal of Criminology 20(5)

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT