Abstract
The Social Network Analysis (SNA) is now widespread in the academic community in the study of organised criminal networks. It allows analysing the network as a complex structure composed of actors or entities connected by links or relationships and in which a variety of resources is changed. This method, despite having capabilities and innovations at various levels, also has some limitations that need further attention. Nevertheless, the SNA is still taking its first steps in the fight against organised cybercrime as well as in Portugal. With this in mind, this article describes and analyses critically the usefulness of SNA for the criminal investigation and intelligence, procedural and political levels by focusing on: (1) the SNA in the study of organised criminal networks, (2) the SNA in organised cybercrime research and (3) the SNA in Portugal.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
On the one hand, the human capital frame people with the right skills and competencies to optimise overall performance. So the core or the model of the criminal operations includes a strategic design (e.g. the organisational structure) and an operational design (e.g. roles and processes) which intends integrate people, information and technology to optimise their efficiency and effectiveness. On the other hand, another key issue to create organisational success is to generate competitive advantage through social connections that facilitate the achievement of objectives that would not be possible in its absence. The advantages that result from social networks are known as social capital, which is to say that actors and entities with better access to valuable social resources are more successful in their performance (Bourdieu 1986; Coleman 1990).
- 2.
For example i2 Analyst’s Notebook, SocNetV, NodeXL, Sentinel HL.
- 3.
There are five main parameters for analysis that can be measured at the individual level—ego-cantered network—or at the group level—whole network (Haythornthwaite 1996; Wasserman and Faust 1994): the structural positioning—allows the assessing of the structural position of actors in relation to other actors in the network; the range—indicates the extent of the network, i.e. calculates the number of nodes that an actor can have within a specified distance; cohesion—scans the cluster nodes according to the intensity of common relations, measuring the degree to which all members of a network interact with other members; structural equivalence—studies the cluster nodes according to the similarity of the relationship; and brokerage—indicating the bridge of inter- or intra-network connections.
- 4.
- 5.
There is no consensus on the definition of cybercrime. However, two levels of cybercrime could be highlighted. In a narrow sense, the strict computer crime refers to any illegal behaviour directed by means of electronic operations that targets the security of computer systems and the data processed by them. In a broad sense, the computer-related crime denoted any illegal behaviour committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession, offering or distribution information by means of a computer system or network (United Nations 2000, p. 5).
- 6.
For example according to Lusthaus (2013) forums generally have an administrator(s), moderators and then members. Yip (2011) noted that a typical western online carding forum is constituted by administrators, moderators, reviewers, reviewers vendors and then members. Europol (2014) found that online payment fraud is composed of the ring leader, the trustee and then by a panoply of actors, namely technical experts, skimming cells, online trader, runner coordinator and runners, mule herder and mules, and good reseller. Aiken, Moran and Berry (2011, cited in Europol 2014) state that the child exploitation online could be tiered by experts, closed traders, open traders and then simple viewers.
- 7.
For example some can recruit others to do the technical work for them. Others can buy and exploit code created by expert coders. Some simply specialise in the risky business of ‘cashing out’ profits made online into tangible physical assets (Lusthaus 2013).
- 8.
However, we need to mention these marketplaces are also frequented and utilised by sole offenders. As well as those who may actively participate in discussions but not participate in illegal activities themselves. Furthermore, organised criminal networks may not necessarily operate in online marketplaces (Hutchings 2014).
- 9.
For example CardersMarket, DarkMarket, Ghostmarket.
- 10.
Notwithstanding child sex offenders and producers make increasing use of the Darknet and other similar platforms to exchange child abuse material, some offenders affiliate themselves with each other in order to share physical access to children, therefore facilitating the production of new material, as well as its customisation (Europol 2014).
- 11.
For example the Russian Business Network (Lusthaus 2013).
- 12.
The aim is not to dissect on the definition of organised cybercriminal networks. This task deserves a better and extends reflection that I cannot provide here concerning the space constraints. However, the brief work I developed on the definition helps understanding this phenomenon in the paper’s goals.
- 13.
For example the Asian triads and Japanese Yakuza, whose criminal activities adopted computer software piracy and credit card forgery and fraud (Organisation for Economic Co-operation and Development 2008).
- 14.
Or engage money mules in laundering funds (Hutchings 2014).
- 15.
For example Imam Samudra and Tamil Tigers.
- 16.
Many researchers have questioned whether the leaders of the Dark Web can be identified using their interaction with other members (e.g. L’Huillier et al. (2010). Moreover, it is assumed that a single individual or group of actors may represent separate or concurrent users which make its complex and interwoven structure (Tropina 2012). The SNA could clarify if the relations between cybercriminals are transient or simply transactional, and if criminals rarely know each other offline. There is also a recent theory which maintains that cybercriminals, although they may hypothetically operate in loose networks, while in group its members are located in geographical proximity, even when attacks go beyond national borders. It could, then, help to know if, as in other types of organised crime, small local networks, kinship groups and relational are significant actors (Kshetri 2013, cited in Broadhurst et al. 2014).
- 17.
Knowing where organised cybercriminal networks can operate is very important to their combat. The device can be used to analyse underground forums, criminal marketplaces, online social networks, and bulletproof hosts, amongst others. Thus, their constitution and dynamics will be better understood.
- 18.
Analysing private messaging, public posts, emails, text mining, web servers, amongst others, through the use of the SNA, will allow identifying and targeting criminal networks, its actors, links and patterns of relationships.
- 19.
The method could clarify if states, organisations or individuals are the objective victims.
- 20.
The device will clarify if we’re tackling profit-driven or non-Profit-driven networks.
- 21.
The tool will then describe the typology of crimes committed, from crime-as-a-service, malware, child sexual exploitation online, payment fraud, criminal finances online, crimes relating to social engineering, data breaches and network intrusions, to vulnerabilities of critical infrastructure.
- 22.
The Portuguese police model is centralised and pluralist being composed by two public security forces—Policia de Segurança Publica (PSP) and the Guarda Nacional Républicana (GNR) and two specialised security forces—the Policia Judiciária (PJ) and the Serviço de Estrangeiros e Fronteiras (SEF) (Oliveira 2006). These forces jointly with the Service of Information Security constitute the FSS (Diário da República 2008b). The criminal analysis information, in the strict sense, is restricted to the generic competencies of the first three organisations namely, the PSP, the GNR and the SEF being thus de-nominated as the OPC (Diário da República 2008a).
- 23.
The investigation stage entails a number of diligences that have as priority the investigation of the existence of a crime, determining of the agents as well as their responsibilities, discover and collect evidence required by law on decision of the accused (Código de Processo Penal 2015, art. 262, no. 1).
- 24.
The inquiry stage aims the judicial evidence regarding the decision of reducing the accusation or closing the investigation so as to either take or not take the case further to court of law (Código de Processo Penal 2015, art. 286, no. 1).
- 25.
On the national level Portugal has various systems of information that are segregated to different entities. The introduction of the Integrated Criminal Information System (Diário da República 2008a) permitted action against the diversity and the lack of interoperability existent. On an International level, it is quite frequent to exchange data and information through the agencies of Interpol, Europol and SIS-Schengen Organisms (Diário da República 2009).
- 26.
As open sources we have as a basis information which is freely available without any sort of restriction be it through newspapers, publications, books, reports or radio and TV broadcasts, amongst others (Shulsky and Schmitt 1993).
- 27.
As human sources we consider all the bases of information collected by individuals who have resorted to the observation of direct behaviour, events or objects (Fernandes 2014, cited in Ferraz 2015).
- 28.
A technical channel has the intention of being a intermediary means parallel to the hierarchical chain being informal so as to guarantee a direct communication between the technical information entities (Ferraz 2015). This channel, which has its foundations on the efficiency and effectiveness of its services, aims to hasten and facilitate communication through a less formal contact and so quicker with superior entities or even essential services during a specific activity as well as in determined situations where the typical formalisms are not, exceptionally of course, justifiable. We are targeting, for example, the enlightenment of doubts/queries, contact authorization, amongst others.
- 29.
It is of the utmost interest to undergo a more detailed analysis concerning the use of this tool in Police Entities nonetheless, and due to the absence of information sources, this was made impossible.
References
Australian Crime Commission. (2013). Cyber and technology enabled crime. Commonwealth of Australia.
Bertalanffy, L. (1975). Perspectives on general systems theory (Scientific-philosophical studies). New York: George Braziller.
Block, A. (1999). East side, west side: Organized crime in New York, 1930–1950. New Brunswick: Transaction Publishers.
Boissevain, J. (1979). Network analysis: A reappraisal. Current Anthropology, 20(2), 392–394.
Bourdieu, P. (1986). The forms of social capital. In J. Richardson (Ed.), The handbook of theory: Research for the sociology of education (pp. 241–258). New York: Greenwood Press.
Broadhurst, R., Grabosky, P., Alazab, M., & Chon, S. (2014). Organizations and cyber crime: An analysis of the nature of groups engaged in cyber crime. International Journal of Cyber Criminology, 8(1), 1–20.
Bruinsma, G., & Bernasco, W. (2004). Criminal groups and transnational markets: A more detailed examination on the basis of social network theory. Crime, Law and Social Change, 41(1), 79–94.
Cabral, J. (2015). Ética e Corrupção. Julgar, 24.
Carrington, P. (2011). Crime and social network analysis. In J. Scott & P. Carrington (Eds.), Sage handbook of social network analysis (pp. 236–255). London: Sage Publications.
Castells, M. (1997). La Era de la Información: Economía, Sociedad y Cultura (Vol. 1, La Sociedad Red). Madrid: Alianza Editorial.
Choo, K., & Grabosky, P. (2013). Cyber crime. In L. Paoli (Ed.), The oxford handbook of organised crime (Vol. Oxford Handbooks, pp. 482–499). New York: Oxford University Press.
Choo, K., & Smith, G. (2008). Criminal exploitation of online systems by organised crime groups. Asian Journal of Criminology, 3(1), 37–59. doi:10.1007/s11417-007-9035-y.
Clark, R. (2007). Intelligence analysis: A target-centric approach (2nd ed.). Washington, DC: CQ Press.
Código de Processo Penal. (2015). Portugal: Almedina.
Coleman, J. (1990). Foundations of social theory. Cambridge: Harvard University Press.
Diário da República. (2008a). Law 49/2008 27 of August 2008 approves the Organisation of Criminal Investigation Act. Diário da República, 1st Serie, No. 165 (pp. 6038–6042). Portugal: Assembleia da República.
Diário da República. (2008b). Act 53/2008 of 29 August approves the Internal Security Act. Diário da República, 1st Serie, No. 167 (pp. 6135-6141). Portugal: Assembleia da República.
Diário da República. (2009). Act 73/2009 12 of August 2009 establishes the conditions and procedures that shall apply to ensure interoperability between information systems of criminal police bodies. Diário da República, 1st Serie, No. 155 (pp. 5217–5220). Portugal: Assembleia da República.
Diário da República. (2015). Resolution of the Ministers Council No. 36/2015. Diário da República, 1st Serie, No. 113. Portugal.
Europol. (2011). Threat assessment (abridged): Internet Facilitated Organised Crime (iOCTA). Europol Public Information (pp. 1–11). Europol.
Europol. (2014). The Internet Organised Crime Threat Assessment (iOCTA) 2014. (pp. 1–92). Europol.
Ferraz, R. (2015). Facebook e o Planeamento de Grandes Eventos: Um Contributo Operacional na Área das Informações. Lisbon: Instituto Superior de Ciênciasa Políciais e Segurança Interna.
Freeman, L. (2006). The development of social network analysis: A study in the sociology of science. Vancouver: Empirical Press.
Haythornthwaite, C. (1996). Social network analysis: An approach and set of techniques for the study of information exchange. Library and Information Science Research, 18(4), 323–342. doi:10.1016/S0740-8188(96)90003-1.
Hulst, R. V. D. (2008). Introduction to social network analysis as an investigative instrument. Trends in Organized Crime, 12(2), 101–121. doi:10.1007/s12117-008-9057-6.
Hutchings, A. (2014). Crime from the keyboard: Organised cybercrime, co-offending, initiation and knowledge transmission. Crime, Law and Social Change, 62(1), 1–20.
Klerks, P. (2001). The network paradigm applied to criminal organisations: Theoretical nitpicking or a relevant doctrine for investigators? Recent developments in the Netherlands. Connections, 24(3), 53–65.
Koschade, S. (2006). A social network analysis of Jemaah Islamiyah: The applications to counterterrorism and intelligence. Studies in Conflict & Terror, 29(6), 559–575.
KPMG. (2011). Cyber crime—A growing challenge for governments. Issues Monitor, 8, 1–24.
Krebs, V. (2002). Mapping networks of terrorist cells. Connections, 24(3), 43–52.
L'Huillier, G., Alvarez, H., Ríos, S., & Aguilera, F. (2010). Topic-based social network analysis for virtual communities of interests in the dark web. Paper presented at the Workshop on Intelligence and Security Informatics, Washington, July.
Lipson, H. (2002). Tracking and tracing cyber-attacks: Technical challenges and global policy issues (pp. 1–85). Pittsburgh: Software Engineering Institute of the Carnegie Mellon University.
Lusthaus, J. (2013). How organised is organised cybercrime? Global Crime, 14(1), 52–60.
Mainas, E. (2012). The analysis of criminal and terrorist organisations as social network structures: A quasi-experimental study. International Journal of Police Science & Management, 14(3), 264–282.
McAndrew, D. (2000). The structural analysis of criminal networks. In D. Canter & A. Laurence (Eds.), The social psychology of crime: Groups, teams and networks (Vol. 3, Offender Profiling Series, pp. 51–94). Aldershot: Ashgate.
McCusker, R. (2006). Transnational organised cyber crime: Distinguishing threat from reality. Crime, Law and Social Change, 46(4), 257–273.
McDowell, D. (1998). Strategic intelligence: A handbook for practitioners, managers and users. Cooma: Istana Enterprises Pty Ltd.
McGloin, J., & Kirk, D. (2010). An overview of social network analysis. Journal of Criminal Justice Education, 21(2), 169–181.
McGrath, C., Blythe, J., & Krackhardt, D. (1997). The effect of spatial arrangement on judgments and errors in interpreting graphs. Social Networks, 19(3), 223–242.
McGrath, C., Krackhardt, D., & Blythe, J. (2003). Visualizing complexity in networks: Seeing both the forest and the trees. Connections, 25(1), 37–47.
McGuire, M. (2012). Organised crime in the digital age. London: John Grieve Centre for Policing and Security.
McIlwain, J. (1999). Organized crime: A social network approach. Crime, Law and Social Change, 32(4), 301–323.
Moneyval. (2012). Criminal money flows on the Internet: Methods, trends and multi-stakeholder counteraction (pp. 1–93). Council of Europe.
Morselli, C. (2005). Contacts, opportunities, and criminal enterprise. Toronto: University of Toronto Press.
Morselli, C. (2009). Inside criminal networks (Studies of organized crime). New York: Springer.
Oliveira, J. (2006). As Políticas de Segurança e os Modelos de Policiamento: A Emergência do Policiamento de Proximidade. Coimbra: Almedina.
Organisation for Economic Co-operation and Development. (2008). The economic impact of counterfeiting and piracy (p. 397). Paris: Organisation for economic co-operation and development.
Pereira, C. (2013). Análise Criminal e Sistemas de Informação. Pedrouços: Instituto de Estudos Superiores Militares.
Polícia de Segurança Pública. (2013). Visão Global de Operacionalização da Estratégia para as TIC na PSP, 2013–2016. In D. N. d. PSP (Ed.) (p. 8). Lisboa.
Raab, J., & Milward, H. (2003). Dark networks as problems. Journal of Public Administration Research and Theory, 13(4), 413–439.
Randjeloviü, D., & Popoviü, B. (2011). Visual analytics instruments and theirs application in social networks analysis. Paper presented at the 19th Telecommunications forum (TELFOR), Belgrade, November.
Ratcliffe, J. (2008). Intelligence led policing. Cullompton: Willan Publishing.
Rostami, A., & Mondani, H. (2015). The complexity of crime network data: A case study of its consequences for crime control and the study of networks. PLoS One, 10(3), 1–20. doi:10.1371/journal.pone.0119309.
Rush, H., Smith, C., Kraemer-Mbula, E., & Tang, P. (2009). Research report: Crime online. Cybercrime and illegal innovation (pp. 80–87). CENTRIM, University of Brighton.
Sarvari, H., Abozinadah, E., Mbaziira, A., & McCoy, D. (2014). Constructing and analyzing criminal networks. Paper presented at the IEEE Security and Privacy Workshops, San Jose, May.
Schwartz, D., & Rouselle, T. (2008). Using social network analysis to target criminal networks. Trends in Organized Crime, 12(2), 188–207.
Scott, J. (2000). Social network analysis: A handbook (2nd ed.). London: SAGE Publications.
Shelley, L. (2003). Organized crime, terrorism and cybercrime. In A. Bryden & P. Fluri (Eds.), Security sector reform: Institutions, society and good governance (pp. 303–312). BadenBaden: Nomos Verlagsgesellschaft.
Shulsky, A., & Schmitt, G. (1993). Silent warfare: Understanding the world of intelligence (2nd ed.). New York: Brassey’s.
Sparrow, M. (1991a). Network vulnerabilities and strategic intelligence in law enforcement. Journal of Intelligence and Counterintelligence, 5(3), 255–274.
Sparrow, M. (1991b). The application of network analysis to criminal intelligence: An assessment of the prospects. Social Networks, 13(3), 251–274.
Torrado, H. (2012). A Partilha de Informação Criminal e a Cooperação. Lisboa: Academia Militar.
Tropina, T. (2012). The evolving structure of online criminality how cybercrime is getting organised. Paper presented at the Eucrim.
United Nations. (2000). Crimes related to computer networks: Background paper for the workshop on crimes related to the computer network. Paper presented at the Tenth UN Congress on the Prevention of Crime and the Treatment of Offenders, Vienna, April.
Warr, M. (2002). Companions in crime: The social aspects of criminal conduct. Cambridge: Cambridge University Press.
Wasserman, S., & Faust, K. (1994). Social network analysis. Methods and applications. Cambridge: Cambridge University Press.
Wellman, B. (1992). Which types of ties and networks give what kinds of social support? Advances in Group Processes, 9, 207–235.
Wellman, B. (1997). An electronic group is virtually a social network. In S. Kiesler (Ed.), Culture of the internet (pp. 179–205). Mahwah: Lawrence Erlbaum.
Wellman, B. (2001). Physical place and cyberplace: The rise of personalized networking. International Journal of Urban and Regional Research, 25(2), 227–252.
Wellman, B., & Gulia, M. (1999). Net-surfers don’t ride alone: Virtual communities as communities. In B. Wellman (Ed.), Networks in the global village: Life in contemporary communities (pp. 331–366). Boulder: Westview Press.
Wellman, B., & Hampton, K. (1999). Living networked in a wired world. Contemporary Sociology, 28(6), 1–12.
Xu, J., & Chen, H. (2005). Criminal network analysis and visualization. Communications of the ACM, 48(6), 101–107.
Yip, M. (2011). An investigation into Chinese cybercrime and the applicability of social network analysis. In ACM WebSci’11, Koblenz, June 2011 (pp. 1–4).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Neto, J. (2017). Social Network Analysis and Organised Crime Investigation: Adequacy to Networks, Organised Cybercrime, Portuguese Framework. In: Viano, E. (eds) Cybercrime, Organized Crime, and Societal Responses. Springer, Cham. https://doi.org/10.1007/978-3-319-44501-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-44501-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44499-4
Online ISBN: 978-3-319-44501-4
eBook Packages: Law and CriminologyLaw and Criminology (R0)