Organized crime has a stack, and it is getting more sophisticated. Today’s criminal networks no longer operate only through hidden meetings, cash transactions, and physical supply chains: they also exploit the same tech—from Cloud services to hosting infrastructure, from fintech platforms and domains to communication tools—that legitimate businesses rely on every day.
For MSPs, this creates an uncomfortable reality: a client may appear ordinary while using legitimate digital infrastructure to conceal, coordinate, or scale criminal activity. The service provider may not be the target of the operation; but it can become part of the machinery, an unwitting and unwilling accomplice, without realizing it.
Brigadier General Salvatore Russo has spent much of his career examining that machinery from the inside. An officer of the Guardia di Finanza, the Italian Economic and Financial Police, he has led operational departments and investigations into organized crime across Naples, Sicily, and Apulia. He has also coordinated joint investigation teams involving law-enforcement agencies from Serbia, the United Kingdom, Switzerland, Spain, and Albania.
Russo has a pretty serious CV. From 2020 to 2024, he served as Guardia di Finanza attaché at the Italian Embassy in Washington, D.C., with diplomatic accreditation in Canada and Mexico. He has lectured at Georgetown University, American University, the Inter-American Defense College, the Organization of American States, and the Inter-American Development Bank. In 2025, he also spoke at the World Border Security Congress in Madrid.
His perspective brings another layer to the organized crime cybersecurity conversations already taking place across the MSP GLOBAL community. While Dr. Stefanie Frey examines why MSPs have become strategic targets, and Ralph Echemendia explores how attackers view trusted service providers and their RMM infrastructure, Russo focuses on how Mafia-type organizations exploit legitimate technology, and what providers need to understand before warning signs become evidence in an international investigation.
The legal dimension is equally important. Cooperation with law enforcement must account for privacy, client trust, jurisdiction, and the obligations imposed on providers. These questions connect closely with Michael Bartsch’s discussion of NIS2, governance, supplier risk, and incident reporting.
Ahead of MSP GLOBAL 2026, we spoke with Brigadier General Russo about emerging technologies in transnational investigations together with the growing use of fintech and digital platforms by criminal organizations, mandatory provider disclosures under European law, and the warning signs MSPs should learn to recognize.
Last year, MSP GLOBAL attendees were especially interested in how Mafia-type organizations use digital service providers. What has changed most in the threat landscape since then?
Last year, many participants expressed their interest in learning how the “Mafia” operates in the digital world. This year, I will report on the new technologies that have been uncovered in recent transnational investigations.
When we talk about “provider collaboration” in transnational anti-Mafia investigations, what does that actually look like in practice?
It all comes down to mandatory information sharing by service providers under European law. In other words, the legal framework requires private companies to share, exchange, or disclose existing data directly with law enforcement and judicial authorities.
Why is Spain an important case study for understanding the international evolution of Mafia organizations and their use of technology?
In recent months, the Guardia di Finanza in Palermo (Italy) and the Policía Nacional in Málaga (Spain) concluded a historical investigation of digital money laundering in Spain and five other countries around the world using fintech. I will provide the details during our meeting.
From your experience, how are criminal organizations using legitimate digital infrastructure—cloud services, hosting, domains, communication platforms, or managed services—to hide or scale their activities?
To avoid wiretapping, the use of digital platforms has become commonplace. During the session, I will explain how they are typically used.
What are the early warning signs that an MSP or service provider might be unknowingly supporting criminal activity through a client account or infrastructure?
It is important to understand how organized crime operates so that service providers can become more aware of this issue: only in this way can they see and understand the warning signs. This is the goal of the conference during MSP GLOBAL 2026.
How can MSPs cooperate with law enforcement while still respecting privacy, data protection, client trust, and legal boundaries?
Unfortunately, each country has different laws, even though they are often based on recommendations issued by international organizations. The service provider’s location is therefore important.
What is the one message you would like MSP GLOBAL attendees to take away from your talk this year?
Since this is a conference for professionals, I will discuss practical examples to facilitate long-term knowledge for their work.
See Brigadier General Salvatore Russo at MSP GLOBAL 2026
At MSP GLOBAL 2026, Brigadier General Russo will use practical examples from transnational investigations to show how organized crime operates through digital services, and how MSPs can become better prepared to identify suspicious activity and respond within the law.
Join the global community of MSPs, MSSPs, resellers, systems integrators, corporate IT leaders, and cybersecurity specialists at PortAventura, Spain, on October 21–22, 2026.
REGISTER NOW FOR FREE
