Slashdot Mirror
Cybercrime More Lucrative Than Drugs
prostoalex writes "Yahoo is reporting that global cybercrime overtook global drug trafficking in terms of revenue this past year. In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent, and Americans filed 207,000 reports on cybercrime to FBI."
Yeah sure, they'd better party like it is twenty-zero-five, sooner or later they'll run out of idiots like dotcoms ran out of VCs.
Cybercrime requires constant training, otherwise your hacking skills can be out of date in just a few months. On the contrary, a crowbar-trained criminal can still make a living in today's high-tech security world.
I foresee in 5-10 years' time, traditional crimes will go mainstream again as many cyber-criminals will be out of jobs^H^H^H^Hcrimes by then.
Rock that crushes, Paper & Scissors that don't matter.
Geeks! Now better than junkies.
If brevity is the soul of wit, then how does one explain Twitter?
When I started, the USENET application would inform me that my message would be spread across tens of thousands of computers at immeasurable cost as a subtle hint to keep things interesting, and Internet Chat required some basic knowledge of Makefiles and attention to documentation before you could run a client. Frankly, things became unmanageable at the point the Internet was made accessible to anybody with a web browser; anybody who's been around this long knows what I'm talking about.
It's a short hop to realizing that the problems we're experiencing with virii and worms are the same problem. Intimate knowledge of x86 assembly used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires fifteen minutes and an Effective VBScript In Fifteen Minutes manual. Every document is now a program, and e-mail doubles as FTP.
Many experts believe we should raise the barrier of entry by requiring programmers to undergo education, certification, and maybe even an oath to do no harm as part of the certification process if going into a security field. It used to take years to do what kids today can do in months; additionally, a would-be programmer who spends a few months picking up Visual Basic or whatever has hardly learned the fundamentals of programming any more than someone who reads a manual about his DVD player has become a laser engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers (by means of pricing and with the cooperation of the open source community) and by separating macros or other executable content from documents.
It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate" passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to computers?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Yet, I bet both of them combined aren't as lucrative when it comes to funding terrorism as hitting your local gas station for a fill-up.
Cybercrime pisses off U.S. black market businesses because it outsources a huge income potential to other countries.
All kidding aside, I don't personally believe in cybercrime. Some cybercrime victims are merely stupid users, and no law can fix them. Other cybercrimes that do disturb one's property should be covered by laws already in place.
My fear is that defending the cybercrime idea will only help make more wealthy lawyers and give politicians more abusive power.
I once read that 10% of all trade worldwide is underground, dollar for dollar (or peso for peso or whatever). That's trillions of dollars.
I wonder if aggregate underground economy percentages have increased, or if more traditional underground trade has just moved online.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I've yet to understand the supposed principle that the Powers That Be or the Media could possibly figure out any kind of accurate figures on illegal activites.
:p)
/end rant :p
Dunno 'bout the rest of you guys here, but I never told the police or the press how much profit I made back when I was a small time dealer (can't touch me, young offenders act!
If I didn't, you can be damn sure that big-time or organized criminals do not share these figures either.
Neither do the users. (How many crack-heads report the amount they spend on their habit?)
So what the hell is the premise on which these "statistics" have ever been based on?
I can think of a few ways to fudge up some statistics about people screwed outta their money on the net, but I can't see a way to truly gauge that either. Again, if I fell for the "send me a grand and I'll send you a million" I sure as hell wouldn't tell anyone I was that stupid.
Hence, I dub the entire original article as BS, just like the 'War on Drugs' and even the 'War on Spam'
A couple fans told me that my last journal entry was mint; give it a shot. Hope you like.
According to the book Freakonomics, drug dealers make less than the minimum wage, on average. It would not be hard to beat that level of productivity in any undertaking, criminal or not.
As for the phishing problem, I really don't understand why people fall for those. Your bank, or eBay, or Paypal, will never, ever, ever, ever, ever send you an email asking you to disclose any account information. If those people want to contact you for an important reason, they will either call or send you actual mail. This seems like a simple rule to remember, doesn't it?
Actually, that message wasn't really from your mom, it was a phishing attempt.
I took the e-mail test and I "failed" it, identifying two "legitimate" e-mails as bogus. In both of those cases, the explanation said it would better not to follow the links in those two e-mails.
These numbers are almost certainly very sketchy. They list piracy and stock manipulation as part of the total funds brought in by cybercrime. If they just mean people selling pirated software that's one thing, but if they mean people downloading MP3's, then that's different; nobody makes a dime when someone downloads the newest pop hit off the internet, as much as the record companies would like you to think someone just pocketed $15 of their money.
With the stock manipulation, this is also a pretty nebulous number. Did they include only verified cases of people doing this? What did they consider manipulation? The article is very thin.
Narrative
cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy
That's a pretty open-ended definition. So is old-school white collar insider trading or shenanigans now Cyber-Crime just because they do it from a workstation? It'd be interesting to see just what is a cyber-crime now and how it breaks down into that total 150 billion dollars they just throw out there. Of course such data might pop the balloon of FUD as delicious as this.
What is music when you despise all sound?
if you mark all of them as fraud, you 'fail' the test.
I consider all email from commercial entities as fraudulent.
You mean there's a difference between those two?! I thought kiddies do drugs! It's an onomatopoeia!
Huge difference there. Hacking directly infringes on anothers persons rights; the drug war attempts to legislate control over what people do with their own bodies. If drugs were legalized, doing things like slipping a girl roofies would still be illegal. Drugs hurt others only to the extent that other freedoms, such as speech, can.
In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent
Had a look at the test and this is not surprising. Basically, they just take a screenshot of the mail reader window, ripping out any info (headers, html source) that could be of any help. Not to mention that as long as you assume anything you get from your bank/ebay/paypal/... is *potentially* a phishing e-mail, you don't have to actually be able to tell the difference. Education should not be about recognizing phishing emails because phishers will always be ahead. However, if you *never* click on a link and always use bookmarks (to bank and all) you have, then there's nothing a phisher can do. Of course, education should also be for institutions like my bank which includes its website URL in emails they send me (they're encouraging their customers to learn bad habits).
Opus: the Swiss army knife of audio codec
That test is a waste. The 'emails' are image files, so you can't see where the actual links point to, you can't see the email header or the true from address. Anyone who nails 100% is more lucky then savey.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
> I suggest that the field and the general user experience would be greatly enhanced by
> limiting access to compilers/assemblers (by means of pricing and with the cooperation of
> the open source community) and by separating macros or other executable content from
> documents.
[eg. the premise: artificially raise the cost of compilers and nastybad people will stop writing viruses, etc. just like gangsters in New York improvised zip guns when guns cost too much... oh, wait, that's a bad analogy... bad people just make do.]
You should also consider separating "clueless" from "malicious" in your thought process. HTH.
> Think about it; in what other field do we "educate" "users"?
Other than prenatal care, disaster response, home safety, poison control, vehicular operation, wildfire control, diabetes management, power tools, gun storage, and how to program your VCR? Can't think of any offhand...
> We don't try to educate people
> with electrical outlets and let any curious individual perform as a licensed electrician.
But we'll sell wire cutters and conduit to any moron at Home Depot, along with a Hole Hawg and a 3 foot masonry bit. Surprisingly, a license is not required to burn down your house as a DIY repairman, nor is it required to pack a thousand pounds of fertilizer, some gasoline, and some nails into the back of a van, detonate it, and cause much worse harm.
Cars are deadly weapons, as are guns; both require a license to operate, but in neither case does that eliminate fatalities caused thereby. (In fact, on the evening news last night, I noticed that a Class C licensed bus driver rolled over an embankment, killing 2 people and one fetus, injuring the other 39 people on the bus. More than likely, a smaller percentage of licensed commercial drivers do this than, say, unregulated Pakistani mountain bus jockeys, but I have no useful measure of the protective effect conferred by this certifying process.)
Bad people will still be bad people, and "the cooperation of the opensource community" is not something I think you can depend on for this venture. (cf. PGP and SSL export restrictions)
Stack protection, virtualization, perhaps legal penalties for willfully distributing software known to pose a risk to the users without their awareness or education (cf. the Theramed); maybe an overhaul of the communications system, and use of (NON-unicode) certificates required for financial communications. I don't know for certain, but I do believe that your rant about compilers holds little relevance to phishing at this point in time.
Full disclosure: I learned to program on an HP-80 and a Timex-Sinclair ZX-81. I was using Usenet before AOL 'broke' it. And I still think you're chasing the wrong idea.
Remember that what's inside of you doesn't matter because nobody can see it.
Back in the old days, we had to shovel coal into our computers. That was way back when Usenet traffic was passed via UUCP and by the sacrificing of virgins (never hard to find in CS departments way back when). Why, I remember alerts going "Keep signatures to 28 characters or someone will come and remove your testicles with a 7/16ths nut driver and some mouldy toast".
The world's burning. Moped Jesus spotted on I50. Details at 11.
And technically, what makes a drug a drug? What about perscription, cigarettes, alcohol? Those are all mind altering and bad for you.
:)
This is my field of study, so I feel obliged to throw in my 2 bits here.
When someone refers to a "drug" in the sense of crime, they mean more accurately a "Schedule I Material" (and rarely, Schedule II or III, but usually just I). What does this nonsense mean? Well, in theory anyway, Schedule I is reserved for materials deemed to have no redeeming medical value, with a high possibility of chemical addiction or overdose. Now, given your statement about cigarettes and booze -- you and I both realize that that isn't entirely the case.
While at the core, the doctors who worked with the FDA and the DEA to create the original controlled substances lists were doing so in good faith to protect the population at large from "Snake Oil" and soft drinks with addictive spikes (Ahem, Coca-Cola); there are unfortunately, larger powers at work than even the medical industry today. "Big Tobacco" has been in power in this country for hundreds of years before this country was even a country. So even though nicotine in all scientific methods would be a Schedule I material -- it isn't. This is also the reason THC is Schedule I despite having qualities that should qualify it for Schedule III (your usual prescription medications). Alcohol, for similar social reasons, is not Schedule I either.
Your usual prescription medications are Schedule III; which roughly defined is materials that have useful medical value and low possibility for addiction, but have other qualities such as allergens or drug interactions that merit having a doctor or two check you out before giving you them.
Hope that I have helped
~Rebecca
The test was also not entirely fair since it only showed images of the emails. For this kind of thing, I always hit view source, and read the headers and the markup before making a decision - and then usually go to the site by typing in the address and logging in manually, rather than clicking on a link.
I am TheRaven on Soylent News
One's a crime of greed, while the other is a crime of demand (although plently of people get into the drug business solely for the income potential).
If there wasn't a demand for drugs, there would be no drug trade. Conversely, the only reason to steal from others is always greed. Some might steal for fun *cough* winona ryder *cough*, but theft (in person, 3rd person, or via cybercrime) is almost always due to greed. Big difference there... One's there as a result of people wants, and demands. The other is largely parasitic, and exists solely to leech off people.
Personally, I'd rather see my government invest more of our tax dollars into protecting our identities, and investments, as opposed to busting generally harmless dope smokers, and their suppliers (In case you didn't know, marijuana smokers are the most commonly targeted drug demographic these days, and the majority of our tax dollars, go towards fighting marijuana, while proven "bad drugs", such as meth, ruin lives, and run rampant throughout the country).
The reason for all this is greed. The big companies almost write their own laws these days, and meanwhile more and more of our freedoms our lost, as our lawmakers focus on giving their funders (not constituents!) what they want. And surprisingly, things like Cybercrime continue to grow, and be largely ignored (Note, I'm talking real crimes, such as identity theft, phishing, and so on. Not downloading music and videos, which IMHO should be near the bottom of our list of priorities) .
Personally, I'd like to see a major change in how we handle crimes in this country: Elevate identity theft, and other life-altering crimes to the level they deserve, focus our energies and money on bettering our country, and removing our dependence on other countries for our very existance, and stop focusing on the average downloader as being the worst thing to hit the US since Pearl Harbor. Meanwhile, start fighting the real drug problems that are facing our country: Meth, Cocaine, Heroin, and so on, rather than going after the "low hanging fruit", marijaua users, which are largely chosen simply for the ease of busts, and the profit available to cops for doing so.
It's all about priorities, and right now our lawmakers top priorities are largely themselves, as evidenced by recent events.
So for all of us who are busy googling for this person, the name is not Valerie McNiven, but Valerie McNevin. She is a lawyer, worked for the state of Colorado in about 2002 and then for the World Bank and is now with a private company, Cybrinth, LLC which does consulting on cyber crime. The Reuters correspondent did not bother to reveal this.
The article itself is rather confusing - he is actually claiming that cybercrime is perpetrated by "idle youths looking for quick gain"? In the Third World?? And just for fun, once the Reuters dispatch gets rewritten, she turns into a cybercrime guru...
Now, how she gets the number of more that $100 bn being made by cybercrime, I have no idea. I guess it includes the $40 bn revenue Microsoft makes each year...
...is to legalize cybercrime.
Hey man I'm a tech junkie, got any stuff? Stuff that matters?
Well, first of all, "ARRHGHGHGHGHGHHHHH the tinfoil hat, it BURRRNNSSS", and
Secondly, if we raised the barrier of entry to the internet to require programing certifications, we would not need to worry about the worms and virii, because anybody worth their certification would have far less of a likelyhood of having a problem with such things, and the virii would have much less shelter to propigate from.
Third, how are you going to make it that only licensed people are allowed to program? Seize the computer of anybody who tries to write a program? Make compilers and assemblers highly contraband and only allow liscensed individuals have them? Shut down internet based tutorials for programing languages because they are not officaly approved by the certification body, and we cant allow people to learn basic programming on their own? Fourth, what the hell good would educating bus passengers do? Educated computer users ARE better at avoiding worms and virii, are educated bus passengers gonna be better at preventing crashes? I would like to know how that works. Using an electrical outlet to plug in a electronic device is nowhere near what an electrician is supposed to train for, and knowing not to click on the "PUNCH TEH MONKEY AND WIN $999999999 $$$$$ DOLLLARS!!!!" flash ads, is nothing near coding.
Your post frightens me severly, and I sincerely hope that this is not a majority opinion.
only 4% of Internet users can flag 100% of phishing e-mails
I took the test the linked-to article cited as the source of data for that 4% claim. I only scored 80%. Does that mean I flagged only 80% of phish attempts? No, it doesn't. I flagged 100% of the phishing attempts as exactly what they were.
I had two false-positives, which lowered my score. But false-positives are quite a bit safer than false-negatives. In each case, the 'legitimate' email linked to different domains than the origin; the one from Bank of America linked to bankofamerica1.com, and the one from CapitalOne linked to a really odd domain, bfi0.com. That second one is a *huge* red flag, regardless of the content of the email, you'd have to be very trusting or do some extra research in order to *not* flag it as a phishing attempt.
Only 4% of users might score a 100% on that quiz, but that's not at all the same thing as saying that only 4% of users can't flag all phishing scams as such.
How accurate can sales figures of illegal drugs and online fraudsters be? Do all drug dealers and fraudsters submit honest tax returns for their illegal sales?
Oh well, what the hell...
Both those should be scheduled substances, too... espescially the latter.
The Admin and the Engineer
a high possibility of chemical addiction or overdose ok, let's take a brief look on schedule I
MDMA, MDA, TMA, DMT, LSD, Psilocybin, Mescaline, DOET, 2CB, THC, DOB and many many others - none of these substances produce a chemical dependency. Nor it is trivial to get OD'ed on those substances. Furthermore, harm of many psychedelics and empathogens (MDMA would be the most well-known example) is not proved despite extensive research. Makes you think when you compare them to alcohol and tobacco.
Now let's consider alcohol and tobacco. Overdosing on alcohol is very very common (something that you see every weekend if you go out). Another thing that alcohol is an integral part of our culture, so nobody freaks when they see an overdose. Physical dependency to alcohol is well documented and not something rare too.
Nicotine overdose is very rare indeed, at least when smoked. But if you try any other administration route, you'd find that it is quite easy to get OD'ed on it. I take it nothing needs to be said on addiction potential of nicotine.
The original motives for prohibition are sketchy. The benefits of marijuana, for example, were publicized before WW2, but still it got prohibited shortly after the war was over. According to one version, prohibition of coke, opium, marijuana and later psychedelics in 60s was used as a means of race and social oppression. I have no information backing up or discarding this version, but considering the racistic sentiments in the US in the first half of the 20th century, it is not something to completely discard.
GHB prohibition is interesting as well. Despite numerous scientific publications on medical use of GHB, it was placed in Schedule I. Quite an interesting coincidence is that GHB prohibition happened at the same time as new sleep-aid drugs hit the market in the US. Makes you think again.. Also it should be noted that no overdoses on GHB are documented in 80s despite the widespread use.
Those were just examples. If you take a closer look on the whole drug-prohibition policy, it hardly is beneficial for anyone except the state and companies which are in the drug-figthing business. Hopefully this helps.
PS: Amounts of coke in the original Coca Cola were miniscule and cocaine does not produce a physical dependency no matter how much you abuse it. Sugar and caffeine is probably more addictive than amounts of cocaine that were found in the original coke. You should know your subject better.