Slashdot Mirror
Cybercrime More Lucrative Than Drugs
prostoalex writes "Yahoo is reporting that global cybercrime overtook global drug trafficking in terms of revenue this past year. In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent, and Americans filed 207,000 reports on cybercrime to FBI."
When I started, the USENET application would inform me that my message would be spread across tens of thousands of computers at immeasurable cost as a subtle hint to keep things interesting, and Internet Chat required some basic knowledge of Makefiles and attention to documentation before you could run a client. Frankly, things became unmanageable at the point the Internet was made accessible to anybody with a web browser; anybody who's been around this long knows what I'm talking about.
It's a short hop to realizing that the problems we're experiencing with virii and worms are the same problem. Intimate knowledge of x86 assembly used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires fifteen minutes and an Effective VBScript In Fifteen Minutes manual. Every document is now a program, and e-mail doubles as FTP.
Many experts believe we should raise the barrier of entry by requiring programmers to undergo education, certification, and maybe even an oath to do no harm as part of the certification process if going into a security field. It used to take years to do what kids today can do in months; additionally, a would-be programmer who spends a few months picking up Visual Basic or whatever has hardly learned the fundamentals of programming any more than someone who reads a manual about his DVD player has become a laser engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers (by means of pricing and with the cooperation of the open source community) and by separating macros or other executable content from documents.
It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate" passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to computers?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
I've yet to understand the supposed principle that the Powers That Be or the Media could possibly figure out any kind of accurate figures on illegal activites.
:p)
/end rant :p
Dunno 'bout the rest of you guys here, but I never told the police or the press how much profit I made back when I was a small time dealer (can't touch me, young offenders act!
If I didn't, you can be damn sure that big-time or organized criminals do not share these figures either.
Neither do the users. (How many crack-heads report the amount they spend on their habit?)
So what the hell is the premise on which these "statistics" have ever been based on?
I can think of a few ways to fudge up some statistics about people screwed outta their money on the net, but I can't see a way to truly gauge that either. Again, if I fell for the "send me a grand and I'll send you a million" I sure as hell wouldn't tell anyone I was that stupid.
Hence, I dub the entire original article as BS, just like the 'War on Drugs' and even the 'War on Spam'
A couple fans told me that my last journal entry was mint; give it a shot. Hope you like.
Petty crime has plenty of 'local' variables like where the police hang out, which places have alarms and electronics, et cetera, but most have similar principles; electronic crimes have different rootkits and different websites to fake and emails to send and addresses to harvest and spam filters to bypass, but again, most have similar principles. Unless you're manufacturing the (crowbar|rootkit/botnet) things won't change much.
The World Wide Web is dying. Soon, we shall have only the Internet.
In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent
Had a look at the test and this is not surprising. Basically, they just take a screenshot of the mail reader window, ripping out any info (headers, html source) that could be of any help. Not to mention that as long as you assume anything you get from your bank/ebay/paypal/... is *potentially* a phishing e-mail, you don't have to actually be able to tell the difference. Education should not be about recognizing phishing emails because phishers will always be ahead. However, if you *never* click on a link and always use bookmarks (to bank and all) you have, then there's nothing a phisher can do. Of course, education should also be for institutions like my bank which includes its website URL in emails they send me (they're encouraging their customers to learn bad habits).
Opus: the Swiss army knife of audio codec
What does your "believing" in it have anything to do with whether it exists?
Belief means placing trust or confidence in something. I don't believe (trust) that cybercrime exists beyond the basic property crimes we already have laws against.
> I suggest that the field and the general user experience would be greatly enhanced by
> limiting access to compilers/assemblers (by means of pricing and with the cooperation of
> the open source community) and by separating macros or other executable content from
> documents.
[eg. the premise: artificially raise the cost of compilers and nastybad people will stop writing viruses, etc. just like gangsters in New York improvised zip guns when guns cost too much... oh, wait, that's a bad analogy... bad people just make do.]
You should also consider separating "clueless" from "malicious" in your thought process. HTH.
> Think about it; in what other field do we "educate" "users"?
Other than prenatal care, disaster response, home safety, poison control, vehicular operation, wildfire control, diabetes management, power tools, gun storage, and how to program your VCR? Can't think of any offhand...
> We don't try to educate people
> with electrical outlets and let any curious individual perform as a licensed electrician.
But we'll sell wire cutters and conduit to any moron at Home Depot, along with a Hole Hawg and a 3 foot masonry bit. Surprisingly, a license is not required to burn down your house as a DIY repairman, nor is it required to pack a thousand pounds of fertilizer, some gasoline, and some nails into the back of a van, detonate it, and cause much worse harm.
Cars are deadly weapons, as are guns; both require a license to operate, but in neither case does that eliminate fatalities caused thereby. (In fact, on the evening news last night, I noticed that a Class C licensed bus driver rolled over an embankment, killing 2 people and one fetus, injuring the other 39 people on the bus. More than likely, a smaller percentage of licensed commercial drivers do this than, say, unregulated Pakistani mountain bus jockeys, but I have no useful measure of the protective effect conferred by this certifying process.)
Bad people will still be bad people, and "the cooperation of the opensource community" is not something I think you can depend on for this venture. (cf. PGP and SSL export restrictions)
Stack protection, virtualization, perhaps legal penalties for willfully distributing software known to pose a risk to the users without their awareness or education (cf. the Theramed); maybe an overhaul of the communications system, and use of (NON-unicode) certificates required for financial communications. I don't know for certain, but I do believe that your rant about compilers holds little relevance to phishing at this point in time.
Full disclosure: I learned to program on an HP-80 and a Timex-Sinclair ZX-81. I was using Usenet before AOL 'broke' it. And I still think you're chasing the wrong idea.
Remember that what's inside of you doesn't matter because nobody can see it.
While I have no love for the regimes of oil-producing countries in the Middle East and South America, the notion that importing less oil will seriously affect the funding of global terrorism is nonsense. According to the 9/11 commission, the attacks on the US were funded with only about $500,000 (link). I would venture that the global "budget" for terrorism is only in the low tens of millions of dollars, which is a drop in the barrel compared to the many billions of dollars oil exporters are making. A better argument for importing less oil is that we should not support the prosperity of regimes that have turned a blind eye on terrorism and that deprive their populations of democratic institutions (even if free democracy might result in theocratic leadership in the short term). However, I think that just working to ensure that the income generated by oil is more evenly distributed among the populations of exporters would go much further toward eliminating terrorism than trying to indirectly strangle the funding of groups that can already do quite a bit of damage on a shoe-string budget.
I have a real problem in that they expect me to be able to tell just by looking at a screenshot from (what I believe to be) Outlook Express. I can't hover over links to see if the URL matches the displayed text, I can't look at the message source, and I sure as hell can't see the headers. How am I supposed to be able to tell for sure without this? Sure, I can get most of them, but #3,9 for example would be very nice to see the headers of.
One's a crime of greed, while the other is a crime of demand (although plently of people get into the drug business solely for the income potential).
If there wasn't a demand for drugs, there would be no drug trade. Conversely, the only reason to steal from others is always greed. Some might steal for fun *cough* winona ryder *cough*, but theft (in person, 3rd person, or via cybercrime) is almost always due to greed. Big difference there... One's there as a result of people wants, and demands. The other is largely parasitic, and exists solely to leech off people.
Personally, I'd rather see my government invest more of our tax dollars into protecting our identities, and investments, as opposed to busting generally harmless dope smokers, and their suppliers (In case you didn't know, marijuana smokers are the most commonly targeted drug demographic these days, and the majority of our tax dollars, go towards fighting marijuana, while proven "bad drugs", such as meth, ruin lives, and run rampant throughout the country).
The reason for all this is greed. The big companies almost write their own laws these days, and meanwhile more and more of our freedoms our lost, as our lawmakers focus on giving their funders (not constituents!) what they want. And surprisingly, things like Cybercrime continue to grow, and be largely ignored (Note, I'm talking real crimes, such as identity theft, phishing, and so on. Not downloading music and videos, which IMHO should be near the bottom of our list of priorities) .
Personally, I'd like to see a major change in how we handle crimes in this country: Elevate identity theft, and other life-altering crimes to the level they deserve, focus our energies and money on bettering our country, and removing our dependence on other countries for our very existance, and stop focusing on the average downloader as being the worst thing to hit the US since Pearl Harbor. Meanwhile, start fighting the real drug problems that are facing our country: Meth, Cocaine, Heroin, and so on, rather than going after the "low hanging fruit", marijaua users, which are largely chosen simply for the ease of busts, and the profit available to cops for doing so.
It's all about priorities, and right now our lawmakers top priorities are largely themselves, as evidenced by recent events.