Following three years of research, an international team of researchers have compiled the first ever “World Cybercrime Index,” which identifies the globe’s key cybercrime hotspots by ranking the most significant sources of cybercrime at a national level.
Overall, the index shows that a relatively small number of countries house the greatest cybercriminal threat—with Russia topping the list.
The researchers say the location of cybercrimes has been hard to track previously because offenders often mask their physical locations by hiding behind fake profiles and technical protections.
“Due to the illicit and anonymous nature of their activities, cybercriminals cannot be easily accessed or reliably surveyed. They are actively hiding,” said co-author Jonathan Lusthaus, associate professor at the University of Oxford. “If you try to use technical data to map their location, you will also fail, as cybercriminals bounce their attacks around internet infrastructure across the world. The best means we have to draw a picture of where these offenders are actually located is to survey those whose job it is to track these people.”
And that’s exactly what the international team did. To collect data, they surveyed 92 leading cybercrime experts from around the world who are involved in cybercrime intelligence gathering and investigations.
First, the survey asked the experts to consider five major categories of cybercrime:
- Technical products/services (e.g. malware coding, botnet access, etc.)
- Attacks and extortion (e.g. denial-of-service attacks, ransomware)
- Data/identity theft
- Scams (e.g. advance fee fraud, business email compromise, online auction fraud)
- Cashing out/money laundering
Then, the experts were asked to nominate the countries that they consider to be the most significant sources of each of these types of cybercrime, and rank each country according to the impact, professionalism, and technical skill of its cybercriminals. Based on the five categories and the three attributes, the researchers tallied a “total score” out of 100, leading to the following rankings:
- Russia- 58.39
- Ukraine- 36.44
- China- 27.86
- United States- 25.01
- Nigeria- 21.28
- Romania- 14.83
- North Korea- 10.61
- United Kingdom- 9.01
- Brazil- 8.93
- India- 6.13
- Iran- 4.78
- Belarus- 3.874
- Ghana- 3.58
- South Africa- 2.58
- Moldova- 2.57
Co-author Miranda Bruce, also from the University of Oxford, said the study will enable public and private sectors to focus their resources on key cybercrime hubs and spend less time and funds on cybercrime countermeasures in countries where the problem is not as significant.
“We now have a deeper understanding of the geography of cybercrime, and how different countries specialize in different types of cybercrime,” Bruce said. “By continuing to collect this data, we’ll be able to monitor the emergence of any new hotspots and it is possible early interventions could be made in at-risk countries before a serious cybercrime problem even develops.”
Indeed, the research team sees the World Cybercrime Index as just the first step in a broader aim to understand the local dimensions of cybercrime production across the world.
“We are hoping to expand the study so that we can determine whether national characteristics like educational attainment, internet penetration, GDP or levels of corruption are associated with cybercrime. Many people think that cybercrime is global and fluid, but this study supports the view that, much like forms of organized crime, it is embedded within particular contexts,” concluded co-author Federico Varese from Sciences Po in France.