Integral in the operation of an online crime/terror nexus is the role of Kingpins who facilitate the cybercrimes undertaken by those committing terror acts. Kingpins are brokers and facilitators who enable. For example, Hackers (data breachers and ransomware makers), DDoSsers and spammers to commit ‘upstream’ big data crimes’ that enable/ facilitate offender groups ‘downstream’, including those seeking to commit terror acts, to commit cybercrimes different victim groups. This paper brings together work undertaken for the TAKEDOWN (Organised Crime and Terror Netorks), CRITiCal (Crime in the Cloud) and EMPHASIS (Ransomware) projects to explore what we know and don’t know about the various facilitating offender groups in the big data cybercrime ecosystem. It will be argued in this paper that it is important to map out the different types of offenders in the cybercrime ecosystem to separate the upstream offenders from the downstream offenders to assist in allocating resources to pursue criminals, prevent them from escalating their activities, mitigating their attacks and ultimately preventing them.
