Even brokers in the criminal marketplace have a reputation to protect

It talks about brokers, a service market, online reputation and maintaining buyers’ trust but this is not a report on businesses and consumers penned by some economist.

Instead, this is a report on the way organised crime is using the internet to steal personal and private data for financial, ideological and disruptive purposes.

Penned by Europol, an EU law enforcement agency, the report provides a glimpse into the world of cybercriminals and the techniques used to access and steal personal data. 

The report titled, Internet Organised Crime Threat Assessment 2025, describes a veritable market with brokers at different levels of the supply chain, who market and sell their exploits to a host of criminals on the dark web. Europol describes this as a “crime-as-a-service” market.

“A thriving part of the criminal ecosystem revolves around selling access to compromised systems and accounts,” the assessment reads. “Initial Access Brokers (IABs) are increasingly advertising these services, along with related commodities, on specialised criminal platforms used by a wide range of cybercriminals.”

In a nutshell, IABs are those who have gained unauthorised access to data systems and sell the keys to others. But the ecosystem also includes data brokers, who have acquired the information and sell it—in either raw form or analysed—to other criminals.

Social engineering and AI

Europol says “social engineering stands out” as a particularly prevalent technique used to access and steal personal data. Criminals exploit both system vulnerabilities and human oversight.

Unsuspecting victims are lured through devious means to hand over access to their personal or sensitive data. And the situation is becoming more complex with what Europol says is the “wider adoption” of large language models (LLMs) and other forms of generative artificial intelligence.

“Cybercriminals may use AI for attack automation, social engineering and bypassing security measures, enabling more scalable and complex attacks,” the report states.

The value of the stolen data lies in its ability to facilitate a wide range of criminal activities, Europol says, including cyber-attacks, online fraud schemes, sexual exploitation of children online, and extortion.

“Demand for data is skyrocketing and its illicit trade is expected to become even more widespread in underground economies, contributing to the destabilisation of legitimate economies and the erosion of trust in governance structures,” the report says.

Europol says the illicit data ecosystem can also be exploited by intruders that use prolonged, stealthy, targeted cyberattacks to steal sensitive data.

“By infiltrating secure systems, they can steal data of strategic importance for governments or businesses and provide hybrid threat actors with invaluable information that can then be used for espionage, economic advantage or even coercion,” Europol says.

The stolen data can also be used to launch cyber-attacks against governments and critical infrastructure, resulting in widespread disruption and instability.

Good reputation in the criminal marketplace

Europol goes on to describe how the “criminal marketplace” and forums is driven by trust and an individual’s reputation within the underground community.

“Building an online reputation is essential for full engagement, including viewing restricted posts and access to all content. In some cases, a deposit may be required before newcomers can view any listings. For sellers of products and services, a good reputation and the implied trust that this engenders will ensure sales,” the report says. It adds: “A solid reputation may also be valuable in case of dispute resolution.”

The hacktivist challenge

Cybercrime investigators are being forced to navigate an increasingly complex environment, where intelligence and law enforcement-like actions are also carried out by non-state actors.

Europol sounds a cautionary note on the impact of activists, who use hacking as a means to further their agenda in favour of free speech, human rights and other causes.

“While hacktivist data leaks potentially offer intelligence on adversaries, they create challenges in terms of validation, admissibility, and investigation interference,” Europol says.

It adds that online doxing, the act of publicly providing identifiable information about someone, further complicates matters since it bypasses “legal due process” and potentially contaminates evidence.

The report proposes granting law enforcement agencies lawful access to end-to-end encrypted communication channels in cooperation with service providers and regulators.

It also proposes establishing “clear and harmonised EU standards” for retention and expedited access to essential metadata and improve the effectiveness of cross-border investigations.

Europol also calls for the promotion of “broad digital literacy, critical verification skills and responsible online sharing practices” to empower individuals with the tools to mitigate online risks and adopt effective privacy management in an era of data openness.