How law enforcement agencies tackle cybercriminal groups


There are plenty of reasons for traditional organized criminal groups to gradually expand from offline criminal activities to cybercrimes. The cyber-world removes the need for face-to-face contact between individuals and enables individuals who have never met before to work closely and coordinate their activities from anywhere. Criminal groups can collaborate anonymously using aliases, alleviating the risk of revealing identities and locations.

Although tracking and arresting organized cybercriminal groups can be extremely difficult due to a range of challenges such as lack of evidence, transnational nature of crimes, difficulties with international cooperation and jurisdiction, and difficulties with identifying physical locations and extraditing suspects, governments and law enforcement agencies worldwide use special investigative techniques, critical to the effective investigation and prosecution of cyber organized crimes.

Those special investigative techniques, including electronic surveillance, undercover operations, and controlled delivery, enable law enforcement agencies to conduct investigations remotely and collect the evidence needed to ensure that the perpetrators are arrested and prosecuted for their crimes. These techniques are often costly and complicated, requiring specialized expertise and sometimes advanced technological knowledge and instruments. Their use may, in some cases, pose ethical problems since the special investigative techniques may infringe on fundamental individual rights (e.g., the right to privacy).

Special investigative techniques against cybercriminal groups

1. Electronic surveillance

Electronic surveillance involves the use of information and communications technology (ICT) to monitor and maintain surveillance of suspects and their movements and to intercept suspects’ electronic communications (phone calls, SMS, email messages and chat messages, etc.), track individuals and devices, create audio and video recordings, etc.

Before conducting electronic surveillance or collecting electronic evidence, a legal order is frequently obtained to ensure that the evidence is admissible in court. Assume that the surveillance does not require a warrant. In this case, there are limiting factors to prevent its arbitrary and illegal use (e.g., privacy considerations, subject notification, or the requirement to obtain non-judicial permission). Electronic surveillance is very intrusive, and its legality varies from jurisdiction to jurisdiction. Different countries have different requirements for using various types of electronic surveillance (such as audio, visual, tracking, and data surveillance) and statutory safeguards to protect the rule of law and human rights.

2. Undercover operations

An undercover operation entails infiltrating an organized criminal group with the help of an undercover agent, an informant (a person who provides information about a crime or suspect), or another person. Undercover operations are used to gather evidence of planned and executed crimes and gain insight into the structure, organisation, roles, and/or identities of members of organized criminal groups.

Informants can access closed organized criminal groups, places, or spaces where members of those groups assemble and/or commit or conspire to commit a transnational organized crime. Infiltrating an individual into an organized criminal group or illicit network to participate in general criminal activity or a specific illicit business is one type of undercover operation. For those involved, undercover operations are difficult and risky, and they necessitate a significant investment of time human, financial, and technical resources. Depending on the jurisdiction, undercover operations may or may not be legal.

3. Controlled delivery

Controlled delivery allows illicit or suspect consignments to pass out of, through, or into the territory of one or more States with the knowledge and supervision of their competent authorities to investigate an offense and identify those involved in its commission. This technique was initially used to combat drug trafficking. This technique has been used to identify and trace the origin, route, and destination of illegal goods, trafficked wildlife, migrants, etc.

Overall, the methods in intercepting illicit or suspect consignments can include one of the following: (a) allowing them to continue to their destination intact; (b) replacing them in whole or in part and then allowing them to continue to their destination; or (c) removing the identified illicit or suspect consignments. This special investigative technique’s legality, conditions, and limits vary by country.

4. Other techniques

Exploits (codes that take advantage of software vulnerabilities or security flaws to allow intruders to remotely access a network and gain elevated privileges), malware, and hacking are other special investigative techniques used by cyber-organized criminal groups to gain access to sites, servers, and tools. In some countries, exploiting ICT flaws, hacking, and malware are becoming more common as special investigative techniques. These methods are known as “network investigative techniques” in the United States.

This network investigative technique known as a “watering hole attack” was used to gain access to the Playpen server in Operation Pacifier, a law enforcement operation that shut down Playpen, one of the largest sites on the darknet that had housed child sexual abuse and child sexual exploitation material. The FBI continued to run the Playpen website on its server after gaining access, and malware was placed on a link on the site. When users clicked on the link, the malware was downloaded onto their devices, then used to track down IP addresses and other identifying information about those who had visited the site and clicked on it.

In addition to malware such as keylogging software (software that records user keystrokes), law enforcement agencies use known software vulnerabilities and/or exploit “zero-day vulnerabilities” (software vulnerabilities unknown to those interested in fixing them, including the vendor of the software) in investigations of members of organized criminal groups.