Whether certain cybercrimes are identified as a form of organized crime or linked to organized crime depends on the working definitions used of "organized crime" (UNODC, 2013, pp. 44-45). The United Nations Convention against Transnational Organized Crime does not provide a definition of organized crime. This is not only the result of a lack of agreement amongst States, but rather a conscious choice made by the negotiators of the Convention. Any definition would likely include a list of the illicit activities carried out by organized criminal groups, which are constantly changing and adapting to the development of our dynamic world; therefore, such definition would rapidly become outdated. Rather than the crime, the Organized Crime Convention defines the actor involved in its commission: an "organized criminal group" (see Module 1 on Definitions of Organized Crime of the Teaching Module Series on Organized Crime). Specifically, under Article 2(a) of the Convention an "organized criminal group" is defined as "a structured group of three or more persons, existing for a period of time and acting in concert with the aim of committing one or more serious crimes or offences established in accordance with this Convention, in order to obtain, directly or indirectly, a financial or other material benefit." Here, a structured group "does not need a formal hierarchy or continuity of its membership". This makes the definition broad, including loosely affiliated groups without any formally defined roles for its members or a developed structure (see Organized Crime Module 1).
While there is no universally agreed upon definition of organized crime (see Organized Crime Module 1), it can be understood as "a continuing criminal enterprise that rationally works to profit from illicit activities that are often in great public demand. Its continuing existence is maintained through corruption of public officials and the use of intimidation, threats or force to protect its operations" (definition used in the Teaching Module Series on Organized Crime, see Organized Crime Module 1). By way of extension, cyber organized crime is a term used to describe organized crime activities in cyberspace. Like organized crime, there is no consensus on the definition of cybercrime or cyber organized crime (UNODC, 2013; Broadhurst et al., 2014; and Maras, 2016).
Studies on cyber organized crime have pointed out that some of the traditional features of organized crime may not translate well to cyberspace. An example of such a feature is "control of territory" (UNODC, 2013, p. 45). Varese argued that an organized criminal group "attempts to regulate and control the production and distribution of a given commodity or service unlawfully" (2010, p. 14). This regulation is present in dark markets (e.g., the defunct DarkMarket and CardersMarket) where administrators and moderators monitor site and content and ensure rules of the platforms are enforced. If rules are not obeyed, those engaging in non-compliance are excluded from the site. While "the production and distribution of a given commodity or service" could be controlled within these sites, this control does not extend to other online forums (thus limiting the power and authority of the networks). Therefore, unlike traditional organized crime, their "control over production and of certain commodity [or services] in the underworld" is limited (Leukfeldt, Lavorgna, and Kleemans, 2017, p. 296).
In the case of dark markets, the structure, organization, regulation, and control over illicit goods and services are connected to the online sites and not the people who run and/or moderate them. As a result, when these dark market sites are taken offline (e.g., because of law enforcement investigation and seizure of site), the network associated with this site often ceases to exist. There are, however, exceptions, where members or others connected to a site (those not caught up in the law enforcement investigation and prosecution) have created another site that mirrors the one taken offline. A case in point is the (now defunct) darknet site Silk Road 2.0 (which mimicked Silk Road) that was created to maintain continuity of activities previously performed on Silk Road (Maras, 2016). Even the name of the administrator, Dread Pirate Roberts, remained the same as the one used by the administrator of Silk Road (at least before the administrator was arrested).
The name Dread Pirate Roberts comes from a character in the movie Princess Bride (1987). In this movie, the character going by the name "Dread Pirate Roberts" explains the significance of this name. Dread Pirate Roberts does not refer to a specific person; it is a name that is inherited. Whoever uses that name, inherits the reputation associated with that name (Maras, 2016).
Two other features traditionally associated with traditional organized criminal networks, corruption and the threat or use of violence (Arsovska, 2011), are viewed as not translating well to cyber organized crime (Leukfeldt, Lavorgna, and Kleemans, 2017). This, however, depends on the type of cyber organized crime activity. With regards to the first feature, research has shown that political corruption influences decisions to participate in organized crime activities. In one country, online fraud, among other financial crimes, were found to be integral to the functioning of the State (Ellis, 2016; see also discussion of Hoffmann et. al., 2016). Concerning the second feature, there is little evidence to suggest the use of violence or threat of the use of violence in furtherance of cyber organized crime activities (UNODC, 2013; Leukfeldt, Lavorgna, and Kleemans, 2017), with the exception of some cases where, for example, money mules (i.e., "individual[s] who obtain… and transfer… money illegally upon request and payment by other[s]"; Maras, 2016) participated in cyber organized crime activities and informed authorities that they participated in the illegal activities or continued to participate in these activities because they were threatened by criminals (Leukfeldt, Lavorgna, and Kleemans, 2017, p. 294). As an alternative to physical violence, cyber organized criminals conduct or threaten cyberattacks or other forms of cybercrime as a means to coerce individuals into complying with demands (Maras, 2016). Examples of this is cyber organized criminals' use of cryptoransomware (i.e., "malware that infects a user's digital device, encrypts the user's documents, and threatens to delete files and data if the victim does not pay the ransom) and/or doxware (i.e., a form cryptoransomware that perpetrators use against victims that releases the user's data…if ransom is not paid to decrypt the files and data") (see Cybercrime Module 2 on General Types of Cybercrime).
Criminology theories have been applied to cyber organized crime (Maras, 2016). These theories consider cyber organized crime as a product of rational choice, criminal opportunities, conflict, relative deprivation, learning, and/or strain (e.g., Broadhurst et al., 2018; Maras, 2016; Oyenuga, 2018; Wall, 2017; Bossler and Holt, 2009; Yar, 2005; some of these theories are included in Cybercrime Module 1 on Introduction to Cybercrime, Cybercrime Module 9 on Cybersecurity and Cybercrime Prevention: Practical Applications and Measures, Cybercrime Module 11 on Cyber-Enabled Intellectual Property Crime, and Cybercrime Module 12 on Interpersonal Cybercrime; criminology theories regarding organized crime in general are discussed in Module 6 on Causes and Facilitating Factors of Organized Crime of the Teaching Module Series on Organized Crime). Despite the breadth of theories applied to cyber organized crime, the results from studies applying these theories to this cybercrime have varied and support for the application of these theories is mixed (Maras, 2016).