Who Are the Hackers? Inside the Multi-Billion Pound Cybercrime Industry

Fraud isn’t just changing. It’s getting smarter. As we explored in our last article, cybercriminals are using AI to create fake identities, clone voices and design highly convincing scams. But these attacks are just the surface of a much larger operation.

Many people still picture hackers as individuals working alone in a dark basement, typing away under the glow of a single computer screen. In reality, cybercrime has evolved far beyond this image. It has become a large, organised industry worth billions. Behind these threats are teams of people working together, much like a business, with defined roles, goals, and processes.

In this article, we take a closer look at who these hackers are, what drives them, and how these hidden networks operate.

Who’s Behind the Keyboard?

Cybercriminals come in many forms. While their goals and methods vary, most belong to one of the following groups:

• Organised Crime Groups (OCGs): These are large criminal networks that run coordinated cyber activities, often with a strong hierarchy and structure. They manage their operations like a business. OCGs regularly target individuals or organisations with phishing campaigns, ransomware attacks and other forms of online fraud, sometimes affecting hundreds of victims at once.
• State-Sponsored Actors: These groups are backed by governments and carry out cyber activities for political, economic or strategic reasons. This might include stealing sensitive information, gathering intelligence or disrupting important public services and national infrastructure.
• Hacktivists: These attackers are motivated by political, social or environmental causes. Their goal is not financial gain but visibility and influence. They often try to expose information, disrupt services or deface websites in support of their message.
• Insiders: These are individuals within an organisation who misuse their access. This could be intentional, for revenge or profit, or accidental due to poor security habits or lack of awareness.

Each of these groups operates in their own way, but they all contribute to the wider cybercrime landscape that impacts people, businesses, and governments worldwide.

Why People Become Hackers

People are drawn into cybercrime for different reasons. Not all of them begin with harmful intentions. Some are drawn in by curiosity, wanting to understand how systems work or to test their own skills. Others are motivated by financial gain, particularly in places where opportunities are limited or difficult to access.

There are also those driven by strong personal beliefs. Known as hacktivists, these individuals use digital tools to support causes they care about, often believing their actions are justified even if they break the law. In other cases, people may be influenced by frustration, peer pressure or communities that make cybercrime appear normal or even impressive.

Today, access to cybercrime tools is easier than ever. With step-by-step guides, downloadable software and online forums offering support, even those with limited technical knowledge can participate. This accessibility means more people than ever are getting involved, sometimes without fully understanding the consequences of their actions.

By better understanding what draws individuals into this space, we can recognise how education, awareness and responsible online behaviour all play a key role in prevention.

Inside a Cybercrime Operation

Today’s cybercriminal networks don't always follow the same pattern. Some groups are tightly structured and operate like a business, with clear hierarchies and roles. Others are looser associations, made up of individuals who come together temporarily for specific tasks, share services and then disband. These temporary groups often form through online marketplaces and forums, working together for a time before breaking apart, regrouping or joining different networks. This constant shifting makes it difficult to track who is truly responsible for an attack, especially when we assign names to groups that may only exist briefly. 

Here are some of the most common roles found in cybercrime groups:

• Team Leader: Oversees the entire operation and makes key decisions. They plan attacks, assign responsibilities and make sure the group avoids unwanted attention from authorities.
• Coders: Writes programs or tools that can break into systems, steal data or help hide the group’s activity. They often modify existing tools to make them harder to detect or more effective.
• Network Administrator: Manages a collection of compromised devices, which can be used to launch attacks or help hide the true identity and location of the group.
• Intrusion Specialist (Access Broker): Gains entry into systems, often using stolen credentials, and sells that access to others for profit.
• Data Miner: Sorts through stolen information to find what is useful, such as passwords, credit card details or account numbers, and prepares it for sale.
• Money Specialist: Determines how to turn the stolen data into profit, whether through fraud, selling to other criminals or moving money through a web of accounts to hide where it came from.

These operations often span multiple countries and rely on hidden systems to share knowledge, exchange services and make payments. Their global reach makes it much harder for law enforcement to track, investigate and shut down.

Conclusion

Cybercrime is no longer a small issue or the work of a few lone individuals. It has grown into a highly organised, multi-billion-pound industry that is becoming more advanced by the day.

Each attack or breach involves a group of people working behind the scenes, each with specific skills and responsibilities that contribute to the overall success of the operation. 

By learning who these individuals are and what motivates them, we can build a clearer picture of the risks and how to respond.

In the next article, we’ll shift our focus to vulnerability management. We’ll address what software vulnerabilities are, why they matter and how businesses can manage them effectively to reduce their exposure to cyber threats and improve security.