I dati come nuova valuta del cybercrime: mercati criminali, attori e responsabilità penale nell’economia digitale illecita (Analisi a partire dal report di EUROPOL, IOCTA, 2025)
DOI:
https://doi.org/10.32091/RIID0252Keywords:
Cybercrime, Data, Illicit online markets, Europol, Malicious actorsAbstract
Data as the new currency of cybercrime: criminal markets, actors and criminal liability in the illicit digital economy
This contribution examines the emergence of data as a central resource within the digital criminal economy, reconstructing – on the basis of Europol’s IOCTA 2025 report (Steal, Deal and Repeat: How Cybercriminals Trade and Exploit Your Data) – the dynamics that enable its systematic theft, circulation and exploitation. The study develops along two lines of inquiry: (i) an analysis of the economic and criminological dimension of data, understood as target, tool and commodity within the underground data economy; (ii) the reconstruction of the illicit supply chain of stolen data across its phases of extraction, distribution and reuse, with particular attention to the specialisation of the actors involved and to the environments in which exchanges take place. The analysis highlights the autonomous role that data acquires within criminal processes in cyberspace, as well as the resulting implications for the structure and effectiveness of criminal-law protection, which is increasingly required to address forms of aggression against digital assets that fall outside traditional doctrinal frameworks.
References
S. Ahmed, M. Gentili, D. Sierra-Sosa, A.S. Elmaghraby (2022), Multi-layer data integration technique for combining heterogeneous crime data, in “Information Processing & Management”, vol. 59, 2022, n. 3
A. Aktoudianakis (2020), Fostering Europe’s Strategic Autonomy – Digital sovereignty for growth, rules and cooperation, in “European Policy Centre”, 2020
U. Akyazi, M. van Eeten, C.H. Gañán (2021), Measuring Cybercrime–as–a–Service (CaaS) Offerings in a Cybercrime Forum, in “Proceedings of the Workshop on the Economics of Information Security (WEIS)” (Delft, 2021), Delft University of Technology, 2021
G. Costabile (2005), Scena criminis, documento informatico e formazione della prova penale, in “Diritto dell’informazione e dell’informatica”, 2005, n. 3
S.G. Eick, D.E. Fyock (1996), Visualizing Corporate Data, in “AT&T Technical Journal”, vol. 75, 1996, n. 1
Europol (2025), Steal, Deal and Repeat: How Cybercriminals Trade and Exploit Your Data, Internet Organised Crime Threat Assessment (IOCTA), Publications Office of the European Union, 2025
Europol (2023), Cyber–attacks: The Apex of Crime-as-a-Service, Europol Spotlight Report, Publications Office of the European Union, 2023
G. Fiorinelli (2023), Nomina nuda tenemus? Lo statuto penalistico del crimine informatico tra mutamenti fenomenici e modificazioni semantiche, in “Discrimen.it”, 2023
M. Gambini (2013), La protezione dei dati personali come diritto fondamentale della persona: meccanismi di tutela, in “Espaço Jurídico: Journal of Law”, vol. 14, 2013, n. 1
T. Garkava, A. Moneva, E.R. Leukfeldt (2024), Stolen Data Markets on Telegram: A Crime Script Analysis and Situational Crime Prevention Measures, in “Trends in Organized Crime”, 2024
F. Greco, G. Greco (2020), Organised crime: underground economy and regulations to combat cybercrime, in “European Journal of Political Science Studies”, vol. 4, 2020, n. 1
T.J. Holt (2013), Exploring the social organisation and structure of stolen data markets, in “Global Crime”, vol. 14, 2013, n. 2-3
T.J. Holt, O. Smirovna (2014), Examining the structure, organization, and processes of the international market for stolen data, in “Global Crime”, 2014
C.J. Howell, T. Fisher, C.N. Muniz et al. (2023), A Depiction and Classification of the Stolen Data Market Ecosystem and Comprising Darknet Markets: A Multidisciplinary Approach, in “Journal of Contemporary Criminal Justice”, vol. 39, 2023, n. 2
A. Lucas (2010), Corporate Data Quality Management: From Theory to Practice, in “Proceedings of the 5th Iberian Conference on Information Systems and Technologies” (Santiago de Compostela, 2010), 2010
M. Maigre (2022), Cyber threat actors: how to build resilience to counter them, in “Hybrid CoE Papers”, 2022, n. 11
U.A. Mejias, N. Couldry (2019), Datafication, in “Internet Policy Review”, vol. 8, 2019, n. 4
M. Pecorella (2006), Diritto penale dell’informatica (ristampa con aggiornamento), Cedam, 2006
L. Peersman, D. Pencheva, A. Rashid (2021), Tokyo, Denver, Helsinki, Lisbon or the Professor? A Framework for Understanding Cybercriminal Roles in Darknet Markets, in “Proceedings of the 2021 APWG Symposium on Electronic Crime Research (eCrime)”, IEEE, 2021
L. Picarella (2025), Criminalità in rete: dalle piattaforme illegali alle cybermafie, Donzelli Editore, 2025
S. Tanzi (1983), The underground economy. Causes and consequences of this worldwide phenomenon, in “Finance and Development”, vol. 20, 1983, n. 4
D.S. Wall (2024), Cybercrime: The transformation of crime in the information age, John Wiley & Sons, 2024
D.S. Wall (2021), Cybercrime as a transnational organized criminal activity, in F. Allum, S. Gilmour (eds.), “Routledge Handbook of Transnational Organized Crime”, Routledge, 2021
D.S. Wall (2015), Dis-organised Crime: Towards a Distributed Model of the Organization of Cybercrime, in “The European Review of Organised Crime”, vol. 2, 2015, n. 2
R. White, P.V. Kakkar, V. Chou (2019), Prosecuting darknet marketplaces: challenges and approaches, in “Department of Justice Journal of Federal Law & Practice”, vol. 67, 2019
M. Yip, N. Shadbolt, T. Tiropanis, C. Webber (2012), The digital underground economy: A social network approach to understanding cybercrime, in “Digital Futures 2012: The Third Annual Digital Economy All Hands Conference”, 2012
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Rivista italiana di informatica e diritto
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
rivistariidATigsg.cnr.it