We document and evaluate emerging policing strategies that are reshaping how centralised law enforcement agencies deal with online cybercrime markets. The first of these we term infrastructural policing, drawn from law enforcement campaigns to disrupt international drug markets and involving targeting the administrators who maintain the infrastructure supporting cybercrime markets. The second, we term influence policing, a strategy drawn from counter-radicalisation involving the delivery of highly targeted messaging campaigns to potential customers. We illustrate these with a study of the online market for Denial of Service (DoS) attacks, conducting a longitudinal analysis of five years of time series attack data to establish the effect of interventions. While arresting and sentencing key players had little lasting effect on DoS attacks (due to jurisdictional issues which the Internet poses), after infrastructure administrators were targeted with takedowns there was a significant reduction in attacks and a dramatic reshaping of market structure. Additionally, the use of search engine advertisements targeted at potential customers in the UK was associated with a cessation in growth in attacks in this country. We interviewed law enforcement to explore the rationales behind the interventions, and interviewed DoS attack providers and observed their online communication channels to explore these effects in depth. We argue that these emerging forms of online policing constitute (apparently successful) attempts by law enforcement to recenter themselves as key actors in online enforcement coalitions. This rests on them enrolling the capacities of the platform intermediaries who provide the very Internet infrastructure which so complicates traditional, jurisdictionally-bound forms of policing.
- illicit markets