Cybercrime as an industry: examining the organisational structure of Chinese cybercrime

In an age of advancing information technology, widespread internet access has facilitated a rise in profit-driven cybercrime. Empirical research has found that cybercrime is now highly industrialised. Cybercrime operations have evolved into an assembly of various malicious acts, some of which do not require advanced technical abilities. While extensive research on cybercrime has been conducted globally, there is a lack of detailed investigation into the cybercrime landscape in China, despite it being a vast economic entity with a significant number of cybercrime incidents. Drawing on interviews and secondary data from China collected between 2020 and 2022, this paper seeks to address this gap by offering a comprehensive examination of Chinese cybercrime. It explores the degree of industrialisation within Chinese cybercrime and discusses its impact on the work performed by Chinese cybercriminals. Echoing findings from previous studies on the industrialisation of cybercrime, the current study reveals an elaborate industry built around cyber fraud, populated by various market players working on diverse tasks to support the successful operation of cyber fraud. The research also uncovers the existence of cybercriminal firms that closely mimic the structural and operational approaches of legitimate companies. Similar to how the Industrial Revolution reshaped traditional manufacturing, the industrialisation of cybercrime has transformed it into an assembly line operation, where each cybercriminal carries out basic, tedious, and repetitive tasks on a daily basis.