Written by the Center of Security Studies (KEMEA)

Let’s face it: cybercriminals have become disturbingly efficient. With Crime-as-a-Service (CaaS), anyone with a few crypto coins and questionable morals can rent a ransomware kit or outsource a phishing campaign. These CaaS platforms operate like startups in a sense: they come with customer support, reviews, and even loyalty programs, making fighting this criminal business model more intricate. To effectively battle it, LEAs mess with the trust between the criminals.

CaaS networks rely on reputation. Vendors build credibility through consistent delivery, encrypted communication, and – as mentioned – reviews from “customers”. Buyers want assurance that their malware will work and their identities will stay hidden. It’s a fragile ecosystem since it can be disrupted by a whistle-blower. Enter counter-disinformation: By injecting false narratives, mimicking internal messages, or impersonating trusted persons, Law Enforcement can plant doubt.

A fake leak suggesting law enforcement has infiltrated a marketplace may be enough to deter buyers and create chaos. And, thanks to advances in AI, agencies can now replicate writing styles, generate convincing fake posts, and simulate internal disputes. One forged message from a “trusted” admin can trigger a domino effect of distrust.

Nevertheless, even in these instances, ethical boundaries matter. These tactics must be deployed with oversight, transparency, and a clear goal—disrupting criminal operations without compromising public trust or civil liberties. Counter-disinformation isn’t a silver bullet, but it’s a powerful addition to traditional investigation practices. While forensic teams trace IP addresses, disinformation buys time. It slows transactions, fractures networks, and makes criminal collaboration less appealing and riddled with suspicion.

The real win is that this protects potential victims. By undermining the credibility of exploitative platforms, fewer people fall into their traps. Hence, disruption becomes a form of prevention.

As CaaS continues to evolve, LE response must be just as agile. Disinformation as a disruption tool offers a low-cost, high-impact way to target the psychological foundations of cybercrime. In the end, credibility is central. If cybercriminals doubt their own networks and tools, that’s half of the battle won.