Influence, infrastructure, and recentering cybercrime policing: Evaluating emerging approaches to online law enforcement through a market for cybercrime services


We document and evaluate two emerging policing strategies that are reshaping how centralised law enforcement agencies deal with online cybercrime markets. The first of these strategies we term infrastructural policing, a strategy drawn from law enforcement campaigns to disrupt international drug markets which involves targeting the small number of administrators who maintain the infrastructure supporting cybercrime markets. The second, we term influence policing, a strategy drawn from the UK’s approach to counter-radicalisation, which involves the delivery of highly targeted messaging campaigns to potential customers. We illustrate these with a study of the online market for Denial of Service (DoS) attacks, conducting a quantitative longitudinal analysis of five years of time series attack data to establish the effect of these interventions on this illicit market. While arresting and sentencing key players had little lasting effect on DoS attacks (due to the jurisdictional issues which the Internet poses), after infrastructure administrators were targeted with takedowns there was a significant reduction in attacks and a dramatic reshaping of the market structure. Additionally, the use of search engine advertisements targeted at potential customers for these services in the UK was associated with a cessation in growth in attacks in this country. We interviewed law enforcement to explore the rationales behind the interventions, and also interviewed DoS attack providers and observed their online communication channels to explore these intervention effects in depth. From this, we argue that these emerging forms of online policing constitute (apparently successful) attempts by law enforcement to recenter themselves as key actors in online enforcement coalitions. This rests on them enrolling the capacities of the platform intermediaries who provide the very Internet infrastructure which so complicates traditional, jurisdictionally-bound forms of policing.