Slashdot Mirror
Cybercrime More Lucrative Than Drugs
prostoalex writes "Yahoo is reporting that global cybercrime overtook global drug trafficking in terms of revenue this past year. In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent, and Americans filed 207,000 reports on cybercrime to FBI."
Yeah sure, they'd better party like it is twenty-zero-five, sooner or later they'll run out of idiots like dotcoms ran out of VCs.
Cybercrime requires constant training, otherwise your hacking skills can be out of date in just a few months. On the contrary, a crowbar-trained criminal can still make a living in today's high-tech security world.
I foresee in 5-10 years' time, traditional crimes will go mainstream again as many cyber-criminals will be out of jobs^H^H^H^Hcrimes by then.
Rock that crushes, Paper & Scissors that don't matter.
Geeks! Now better than junkies.
If brevity is the soul of wit, then how does one explain Twitter?
When I started, the USENET application would inform me that my message would be spread across tens of thousands of computers at immeasurable cost as a subtle hint to keep things interesting, and Internet Chat required some basic knowledge of Makefiles and attention to documentation before you could run a client. Frankly, things became unmanageable at the point the Internet was made accessible to anybody with a web browser; anybody who's been around this long knows what I'm talking about.
It's a short hop to realizing that the problems we're experiencing with virii and worms are the same problem. Intimate knowledge of x86 assembly used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires fifteen minutes and an Effective VBScript In Fifteen Minutes manual. Every document is now a program, and e-mail doubles as FTP.
Many experts believe we should raise the barrier of entry by requiring programmers to undergo education, certification, and maybe even an oath to do no harm as part of the certification process if going into a security field. It used to take years to do what kids today can do in months; additionally, a would-be programmer who spends a few months picking up Visual Basic or whatever has hardly learned the fundamentals of programming any more than someone who reads a manual about his DVD player has become a laser engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers (by means of pricing and with the cooperation of the open source community) and by separating macros or other executable content from documents.
It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate" passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to computers?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Yet, I bet both of them combined aren't as lucrative when it comes to funding terrorism as hitting your local gas station for a fill-up.
Cybercrime pisses off U.S. black market businesses because it outsources a huge income potential to other countries.
All kidding aside, I don't personally believe in cybercrime. Some cybercrime victims are merely stupid users, and no law can fix them. Other cybercrimes that do disturb one's property should be covered by laws already in place.
My fear is that defending the cybercrime idea will only help make more wealthy lawyers and give politicians more abusive power.
I've yet to understand the supposed principle that the Powers That Be or the Media could possibly figure out any kind of accurate figures on illegal activites.
:p)
/end rant :p
Dunno 'bout the rest of you guys here, but I never told the police or the press how much profit I made back when I was a small time dealer (can't touch me, young offenders act!
If I didn't, you can be damn sure that big-time or organized criminals do not share these figures either.
Neither do the users. (How many crack-heads report the amount they spend on their habit?)
So what the hell is the premise on which these "statistics" have ever been based on?
I can think of a few ways to fudge up some statistics about people screwed outta their money on the net, but I can't see a way to truly gauge that either. Again, if I fell for the "send me a grand and I'll send you a million" I sure as hell wouldn't tell anyone I was that stupid.
Hence, I dub the entire original article as BS, just like the 'War on Drugs' and even the 'War on Spam'
A couple fans told me that my last journal entry was mint; give it a shot. Hope you like.
According to the book Freakonomics, drug dealers make less than the minimum wage, on average. It would not be hard to beat that level of productivity in any undertaking, criminal or not.
As for the phishing problem, I really don't understand why people fall for those. Your bank, or eBay, or Paypal, will never, ever, ever, ever, ever send you an email asking you to disclose any account information. If those people want to contact you for an important reason, they will either call or send you actual mail. This seems like a simple rule to remember, doesn't it?
Actually, that message wasn't really from your mom, it was a phishing attempt.
I took the e-mail test and I "failed" it, identifying two "legitimate" e-mails as bogus. In both of those cases, the explanation said it would better not to follow the links in those two e-mails.
These numbers are almost certainly very sketchy. They list piracy and stock manipulation as part of the total funds brought in by cybercrime. If they just mean people selling pirated software that's one thing, but if they mean people downloading MP3's, then that's different; nobody makes a dime when someone downloads the newest pop hit off the internet, as much as the record companies would like you to think someone just pocketed $15 of their money.
With the stock manipulation, this is also a pretty nebulous number. Did they include only verified cases of people doing this? What did they consider manipulation? The article is very thin.
Narrative
cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy
That's a pretty open-ended definition. So is old-school white collar insider trading or shenanigans now Cyber-Crime just because they do it from a workstation? It'd be interesting to see just what is a cyber-crime now and how it breaks down into that total 150 billion dollars they just throw out there. Of course such data might pop the balloon of FUD as delicious as this.
What is music when you despise all sound?
if you mark all of them as fraud, you 'fail' the test.
I consider all email from commercial entities as fraudulent.
In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent
Had a look at the test and this is not surprising. Basically, they just take a screenshot of the mail reader window, ripping out any info (headers, html source) that could be of any help. Not to mention that as long as you assume anything you get from your bank/ebay/paypal/... is *potentially* a phishing e-mail, you don't have to actually be able to tell the difference. Education should not be about recognizing phishing emails because phishers will always be ahead. However, if you *never* click on a link and always use bookmarks (to bank and all) you have, then there's nothing a phisher can do. Of course, education should also be for institutions like my bank which includes its website URL in emails they send me (they're encouraging their customers to learn bad habits).
Opus: the Swiss army knife of audio codec
Undergraound economy... do you mean eBay?
> I suggest that the field and the general user experience would be greatly enhanced by
> limiting access to compilers/assemblers (by means of pricing and with the cooperation of
> the open source community) and by separating macros or other executable content from
> documents.
[eg. the premise: artificially raise the cost of compilers and nastybad people will stop writing viruses, etc. just like gangsters in New York improvised zip guns when guns cost too much... oh, wait, that's a bad analogy... bad people just make do.]
You should also consider separating "clueless" from "malicious" in your thought process. HTH.
> Think about it; in what other field do we "educate" "users"?
Other than prenatal care, disaster response, home safety, poison control, vehicular operation, wildfire control, diabetes management, power tools, gun storage, and how to program your VCR? Can't think of any offhand...
> We don't try to educate people
> with electrical outlets and let any curious individual perform as a licensed electrician.
But we'll sell wire cutters and conduit to any moron at Home Depot, along with a Hole Hawg and a 3 foot masonry bit. Surprisingly, a license is not required to burn down your house as a DIY repairman, nor is it required to pack a thousand pounds of fertilizer, some gasoline, and some nails into the back of a van, detonate it, and cause much worse harm.
Cars are deadly weapons, as are guns; both require a license to operate, but in neither case does that eliminate fatalities caused thereby. (In fact, on the evening news last night, I noticed that a Class C licensed bus driver rolled over an embankment, killing 2 people and one fetus, injuring the other 39 people on the bus. More than likely, a smaller percentage of licensed commercial drivers do this than, say, unregulated Pakistani mountain bus jockeys, but I have no useful measure of the protective effect conferred by this certifying process.)
Bad people will still be bad people, and "the cooperation of the opensource community" is not something I think you can depend on for this venture. (cf. PGP and SSL export restrictions)
Stack protection, virtualization, perhaps legal penalties for willfully distributing software known to pose a risk to the users without their awareness or education (cf. the Theramed); maybe an overhaul of the communications system, and use of (NON-unicode) certificates required for financial communications. I don't know for certain, but I do believe that your rant about compilers holds little relevance to phishing at this point in time.
Full disclosure: I learned to program on an HP-80 and a Timex-Sinclair ZX-81. I was using Usenet before AOL 'broke' it. And I still think you're chasing the wrong idea.
Remember that what's inside of you doesn't matter because nobody can see it.
Back in the old days, we had to shovel coal into our computers. That was way back when Usenet traffic was passed via UUCP and by the sacrificing of virgins (never hard to find in CS departments way back when). Why, I remember alerts going "Keep signatures to 28 characters or someone will come and remove your testicles with a 7/16ths nut driver and some mouldy toast".
The world's burning. Moped Jesus spotted on I50. Details at 11.
And technically, what makes a drug a drug? What about perscription, cigarettes, alcohol? Those are all mind altering and bad for you.
:)
This is my field of study, so I feel obliged to throw in my 2 bits here.
When someone refers to a "drug" in the sense of crime, they mean more accurately a "Schedule I Material" (and rarely, Schedule II or III, but usually just I). What does this nonsense mean? Well, in theory anyway, Schedule I is reserved for materials deemed to have no redeeming medical value, with a high possibility of chemical addiction or overdose. Now, given your statement about cigarettes and booze -- you and I both realize that that isn't entirely the case.
While at the core, the doctors who worked with the FDA and the DEA to create the original controlled substances lists were doing so in good faith to protect the population at large from "Snake Oil" and soft drinks with addictive spikes (Ahem, Coca-Cola); there are unfortunately, larger powers at work than even the medical industry today. "Big Tobacco" has been in power in this country for hundreds of years before this country was even a country. So even though nicotine in all scientific methods would be a Schedule I material -- it isn't. This is also the reason THC is Schedule I despite having qualities that should qualify it for Schedule III (your usual prescription medications). Alcohol, for similar social reasons, is not Schedule I either.
Your usual prescription medications are Schedule III; which roughly defined is materials that have useful medical value and low possibility for addiction, but have other qualities such as allergens or drug interactions that merit having a doctor or two check you out before giving you them.
Hope that I have helped
~Rebecca
One's a crime of greed, while the other is a crime of demand (although plently of people get into the drug business solely for the income potential).
If there wasn't a demand for drugs, there would be no drug trade. Conversely, the only reason to steal from others is always greed. Some might steal for fun *cough* winona ryder *cough*, but theft (in person, 3rd person, or via cybercrime) is almost always due to greed. Big difference there... One's there as a result of people wants, and demands. The other is largely parasitic, and exists solely to leech off people.
Personally, I'd rather see my government invest more of our tax dollars into protecting our identities, and investments, as opposed to busting generally harmless dope smokers, and their suppliers (In case you didn't know, marijuana smokers are the most commonly targeted drug demographic these days, and the majority of our tax dollars, go towards fighting marijuana, while proven "bad drugs", such as meth, ruin lives, and run rampant throughout the country).
The reason for all this is greed. The big companies almost write their own laws these days, and meanwhile more and more of our freedoms our lost, as our lawmakers focus on giving their funders (not constituents!) what they want. And surprisingly, things like Cybercrime continue to grow, and be largely ignored (Note, I'm talking real crimes, such as identity theft, phishing, and so on. Not downloading music and videos, which IMHO should be near the bottom of our list of priorities) .
Personally, I'd like to see a major change in how we handle crimes in this country: Elevate identity theft, and other life-altering crimes to the level they deserve, focus our energies and money on bettering our country, and removing our dependence on other countries for our very existance, and stop focusing on the average downloader as being the worst thing to hit the US since Pearl Harbor. Meanwhile, start fighting the real drug problems that are facing our country: Meth, Cocaine, Heroin, and so on, rather than going after the "low hanging fruit", marijaua users, which are largely chosen simply for the ease of busts, and the profit available to cops for doing so.
It's all about priorities, and right now our lawmakers top priorities are largely themselves, as evidenced by recent events.
So for all of us who are busy googling for this person, the name is not Valerie McNiven, but Valerie McNevin. She is a lawyer, worked for the state of Colorado in about 2002 and then for the World Bank and is now with a private company, Cybrinth, LLC which does consulting on cyber crime. The Reuters correspondent did not bother to reveal this.
The article itself is rather confusing - he is actually claiming that cybercrime is perpetrated by "idle youths looking for quick gain"? In the Third World?? And just for fun, once the Reuters dispatch gets rewritten, she turns into a cybercrime guru...
Now, how she gets the number of more that $100 bn being made by cybercrime, I have no idea. I guess it includes the $40 bn revenue Microsoft makes each year...
...is to legalize cybercrime.
Hey man I'm a tech junkie, got any stuff? Stuff that matters?