Cybercrime as an Industry: A Deep Dive into the Organizational Structure of Chinese Cybercrime
In a recent study from the University of Oxford, sociologist Qiaoyu Luo explores the industrialisation of cybercrime in China, revealing a highly organised and profit-driven ecosystem. The report sheds light on how cybercriminal activities in China have transformed into a structured industry resembling legitimate businesses, complete with hierarchies, divisions of labor, and global outreach.
The report highlights that Chinese cybercrime has evolved significantly over the past two decades. Luo notes, “Cybercrime operations have evolved into an assembly of various malicious acts, some of which do not require advanced technical abilities.” Cybercriminal firms now mimic the operational models of legitimate companies, with departments specializing in hacking, fraud, account farming, and money laundering.
One notable example detailed in the report is a fraud operation in Fujian Province structured with a promotion, IT, and sales department. Employees followed strict rules, including specific working hours, and even faced penalties for misconduct. Luo observed that this type of hierarchical structure enhances efficiency and reduces transaction risks, allowing these firms to operate like legitimate businesses.
At the core of China’s cybercrime industry lies a complex value chain comprising various facilitators:
- SIM Card Dealers circumvent real-name registration laws by bulk selling “black cards.”
- Account Dealers use these SIM cards to create fake, verified online accounts.
- Material Dealers supply stolen personal data and IDs to fraudsters.
- Money Launderers, often called “water houses,” expertly disguise illicit funds through layers of transactions.
The report identifies these facilitators as essential components of the industry, enabling cybercriminals to focus on specific tasks without mastering all aspects of cybercrime.
Chinese cybercriminal enterprises are extending their reach globally, particularly into Southeast Asia. Luo describes large-scale “scam compounds” in countries like Myanmar, where dozens of cybercriminal firms operate openly in high-rise buildings.
The industrialisation of Chinese cybercrime has made the field more accessible, with simplified roles reducing the need for technical expertise. Luo writes, “Similar to how the Industrial Revolution reshaped traditional manufacturing, the industrialisation of cybercrime has transformed it into an assembly line operation, where each cybercriminal carries out basic, tedious, and repetitive tasks on a daily basis.”
The study found that the Chinese cybercrime industry is characterized by a clear division of labor, with various actors specializing in different tasks, from data stealing and malware creation to money laundering and traffic referral. These actors operate within a vast and dynamic market, trading illicit goods and services, and collaborating to execute cyberattacks.
“The very preliminary form of cybercrime is commonly referred to as hacking. At first, most hacking behaviors were often not executed with malicious purposes but rather with curious, recreational and intellectual means,” Luo explains.
One of the most striking findings of the study is the emergence of cybercriminal firms that closely mimic the structure and operational approaches of legitimate companies. These firms often have hierarchical structures, with entrepreneurs, managers, and employees working together to maximize profits. They internalize market transactions, reducing costs and risks, and enabling them to operate more efficiently.
“Within a firm, market transactions are eliminated and replaced by a coordinated production process directed by an entrepreneur,” writes Luo.
The study underscores the need for international cooperation to address this growing threat. Luo stresses, “As Chinese cybercriminals expand overseas, it is imperative to strengthen global partnerships and enhance regulatory frameworks, particularly in telecommunications and online payment sectors.”