Slashdot Mirror
Cybercrime — an Epidemic?
ChelleChelle writes "'Cybercrime is pervasive, nondiscriminatory, and dramatically on the increase.' So states TEAM CYMRU, an altruistic group of researchers focused on making the Internet more secure. This article is a look into the root causes of Cybercrime, its participants, and their motivations, as well as suggestions on what we can do to stop this epidemic." From the article: "Many victims do not seem to draw the correlation between their losses and cybercrime; worse, they often view it as a crime that is impossible to investigate and prosecute. For cybercrime to be acknowledged as an important issue, the victims must report such incidents to a receptive law enforcement community with a well-informed judiciary. Attempts such as the president's National Strategy to Secure Cyberspace represent a significant first step in the right direction. To have the desired impact, however, the detailed provisions delineated as action/recommendations must be implemented."
I recently (days ago) posted an on-line ad to sell my car. Within a day I found 5 missed calls all from the same number. Hmmm, better carry my cell phone with me until I sell this thing.
Next time he called, he asked if the car was still for sale. Yes! Cool, maybe I can sell this thing.
He asked if he could send someone out to take some pictures... I asked what exactly it was he wanted. He said they (autotrader magazine) was having a special and they wanted to run my car ad in their mag for the special one-time offer of $25. WTF?
I said no, I wasn't interested, hung up on him. They've called seven more times since, I didn't answer (didn't have the phone with me).
I also got the first e-mail on that cell phone EVER from someone interested in buying my time share? WTF? I don't have a time share.
The timing seems more than a coincidence... It's probably not truly a crime, but it seems sleazy at best. Why would people be allowed to base their cold-calls on someone's posted ads?
For the record, if anyone's interested, the phone number from which they called is: 407 515-6094.
Cybercrime? WTF is "cybercrime"?!
Oh, they mean crimes involving computers. How about we use a nice term people can understand like "computer crime" or "internet crime" or maybe even something simple like "hacking".
Where there is money, there will be thieves.
Simple as that, the internet has easy money and easy access. Coupled with the ability to steal from long distance and dramatically lowered possibility of getting caught...
It's a no brainer, of course the level of cybercrime is increasing.
Do not look at laser with remaining good eye.
...the overuse of the word epidemic/pandemic.
I've delt with cybercrime more than once. Doing the legwork and tracking the perpetrator down wasn't difficult for me - but had I not done it myself it would have never been done.
Until law enforcement steps up to the plate and carries over on their job, people are going to continue to feel this way. Even once I had tracked the perpetrator down I had to personally go into the local prosecuting attorney's office to re-explain the case because they didn't get it either.
People have a reason to feel like they are unprotected on the internet.
It's because for a greater portion of incidents, they are.
Then there is the FBI's fraud division they setup online - which seems to be there for the sole purpose of reducing phone calls they have to take, while yet ignoring the reports unless they are very large cases - something I have seen discussed here on slashdot more than once.
I'm sure there are people with victorious memories over online criminals, but those are surely trumped by the sheer volume of cases where the victim reports the crime and the responsible law enforcement authorities do absolutely nothing if for no other reason than they simply do not know how.
With my credit score, ID theifs will get nothing other that some collection bills...
I once heard that a significant percentage of computer virusses are written because of the russian mafia's influence. Is this true?
P.s. Please limit your responses to things that are not "In Soviet russia, Virii write you!", etc.
""Many victims do not seem to draw the correlation between their losses and cybercrime; worse, they often view it as a crime that is impossible to investigate and prosecute. "
I feel the same way about piracy.
If so, watch out: there's been a security leek!
And I mean, web-forms vandalism. From spammers to Wikipedia vandals. The reaction is always "clean up and forget". Or, when a particular page is too frequent a target — protect it to registered users only.
Not enough, IMO. The vandals should by sought out and prosecuted — {RI|MP}AA style — making a few high-profile prosecutions against (semi-)randomly picked abusers to "drive it home" to others, that one's being far away does not make them immune.
In Soviet Washington the swamp drains you.
By The Way #1: They seem to have found some atypically literate hax0rs. I see commas, apostrophes (used correctly!!!), mostly correct spelling.
By The Way #2: I'm looking forward to all the hello_world.pl'ists ranting about how the ACM doesn't know what "hacker" properly means.
What I'm listening to now on Pandora...
an onion and a garlic?
Team Cymru: Securing people and sheep - online.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
an altruistic group of researchers
Just that statement is more than enough to a) scare the crap out of me and b) doubt their "research".
Seven puppies were harmed during the making of this post.
Problem w/ cybercrime is that it is unreported. People are either 1) afraid to report, or 2) don't know how to report. Concern #1 is legitimate - some businesses don't want to have everybody know that their security is weak. Concern #2 is awareness problem - users should know what to do in case something bad happens to them. So, to play my part in user education and awareness - some ways to report cybercrime.
I don't think it's unreasonable to estimate that, in aggregate, spammers and the associated fraud is costing the country billions of dollars. I think it's a travesty that they don't seem to take the problem seriously. What I would do:
1) Stock pump scams. When one starts making the rounds (Cana Petrolium today judging by my mail), find out who made purchases of the stock in the previous week. Freeze their accounts until the individuals responsible can be dragged into an FBI office. If the FBI/SEC can't locate the individuals then it just means that the laws regulating the stock trade are jokes.
2) Phishing. Set up fake accounts with the banks being phished and submit them to the phishing sites. I'm sure the banks will be more than happy to help. As soon as anybody tries to transfer money in our out of the account, freeze the account on the other end.
3) Drug / Software scams. Same as #2. Set up fake accounts with Visa and MC. Submit them to the sites trying to 'sell' the stuff and wait for the account numbers to get re-used somewhere else (you didn't think any of these sites were doing anything other than harvesting CC numbers did you?). Follow the money.
If the Feds can't do these things, then I think it indicates that we may be at risk of a fairly catastrophic economic collapse. After all, if I can buy and sell stock illegally, take money out of bank accounts fraudulently and buy stuff with credit cards without authorization, and do it all anonymously, it's safe to say the criminals are going to win. If Bush would just declare these crooks to be 'cyberterrorists' and start subjecting them to extraordinary renditions and gitmo treatment, I bet his popularity would surge. And he would be doing something good for the country with his remaining two lame duck years.
Why there is more cybercrime? Because there is more cyberusers. People make Crime, so if number of people in an ecosystem increases, so do crime.
Extreme Programming - Redundant Array of Inexpensive Developers
This is a no-brainer, really. The more you criminalize people the more crime you get.
...
Take the internet, and take file-sharing and then just add the two together and
outlaw file sharing, you get an instant couple of million of additional criminals.
Nothing to see here, move along citizens. There's a whole "Enforcement Community" to be
built here on the net, much like the "War on Drugs" racket that criminalizes millions
of Americans already and is the cause for more than 70% of all incarceration in this country.
for stupidreason in Drugs War Terror; do
echo "War on $stupidreason & profit"
done
But hey it's for the children and in order to keep them safe we have a billion dollar
Corrections Industry (Corrections USA Inc. comes to mind)
Three Letter Agencies that lap up your tax dollars
Special Police Squads
Drug Testing Laboratories (to test you at the workplace)
but that's so 20th century, now with "Cybercrime" we get
even more people in prison
even more Three Letter Agencies
even more Police Squads
even more Wiretapping and spying on your home computer
even more searches of your property at the airport (they already started copying harddrives at the AP).
If you're not dumb I think you get the picture: another artificial reason to criminalize, prosecute and
incarcerate in the making and bread and butter for thousands more of bureaucrats.
Dear BeBoxer, We called it yesterday and now it's up 100%! Brand new issue, Cana Petroleum, heading straight up! VERY tightly held, in a booming business sector, with a huge publicity campaign starting up, Cana Petroleum (CNPM) is already bringing our readers huge gains. We advise you to get in on this one as well and ride it to the top! Symbol: CNPM Current Price: 5.87 Projected Price: $15.40
Hey, you! This is a stick-up! Hand over all your money - now!
1) Stock pump scams. When one starts making the rounds (Cana Petrolium today judging by my mail), find out who made purchases of the stock in the previous week. Freeze their accounts until the individuals responsible can be dragged into an FBI office. If the FBI/SEC can't locate the individuals then it just means that the laws regulating the stock trade are jokes.
Yeah, because joe jobs would NEVER happen with this one.
If the Feds can't do these things, then I think it indicates that we may be at risk of a fairly catastrophic economic collapse. After all, if I can buy and sell stock illegally, take money out of bank accounts fraudulently and buy stuff with credit cards without authorization, and do it all anonymously, it's safe to say the criminals are going to win.
<sarcasm>Boy, it sure is funny how all this stuff only happened in the last 10 years, and we were all just as safe before!</sarcasm>
Eventually, by hook or by crook, most people WILL get wise to this stuff. The ones that don't, don't. Con men have been around forever, and the solution is for people to start taking this stuff with a grain of salt.
what truly constitutes cybercrime? really?
... a few will have to pay, for the rest of us to move up a few notches in security. Will you continue to use pop3 and imap over the internet? Will you continue to log into Slashdot without ssl?
- defacing webpages?
- password sniffing?
- phishing?
From my perspective, and my opinion may not always be correct -- the flood of 'cybercrime' by 'criminals' is a step in the right direction. They are forcing everyone to rethink our security models, and our plaintext connections. Far too often we neglect and abuse the passing of cleartext information
for far too long, we have been using these insecure protocols -- its time to step up and improve our security. How hard is it to use TLS, SASL and SSL? how about setting up our webservers to have a plain text portion, and a security based portion, using SSL? When will we finally learn to look at the URL when we are providing banking information to some seemingly safe site?
I'll tell you, we will finally have learned, once people have been driven to the point where insecure is no longer acceptable as status quo. Just like Video Card manufacturers that sell their products with 'hdcp compliant' all over the packaging -- so will ISP's, banks, and whomever, about SSL TLS, and secured authentication, etc, on the internet.
We're like rats, in some experiment! -- George Costanza
...these are career criminals that have turned to online crime. And maybe the internet is actually reducing street crime globally! ah the internet, it's wonders never cease!
It's a cyberdemic.
...following the principles of Heisenburger's Uncertain Cat...
If they truly want to stop stock pump scams, they should start by shutting down all the financial new channels. Then they could bust all the fly by night CEOs. Spam is the least of the problems.
Free Hans!
If someone hacks into my bank's website and steals the money from my account, it's not actually a crime?
Thanks for clearing that up for me!
Crime history depicts both the advancement in technology developed to commit crime and that developed to prevent it.
Ignorance toward preventative measures usually results in victimization or a greater likelihood of it. There is no epidemic here. Crime will occur on every medium available-one must simply defend themselves from it. Given, a criminal can be smart enough (or determined enough) to commit an illegal act and this is bound to happen. That is why we have executive and judicial branches of the government-to apprehend and serve justice to those who succeed in breaking the law.
The internet is in its nascent form (and I dare say almost anarchistic), but it is no less a system effected by (human?-)entropy.
Anything can, could, and will happen.
Forget about the fly-by-night CEOs. Consider taking out the long-term criminal ones. Jeffrey Immelt of GE is a filthy hypocritical liar, and one of his cronies, John Bucci, is rising higher and higher in the company by lying to his employees and customers, in order to cheat them.
Then there's Sony, trying to screw customers in order to pump up the short-term stock options of the execs. These are all people who should be placed carefully in sealed plastic bags.
It's not just one company or a few, though. Once a company gets big enough, this sort of thing is inevitable.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Your suggestion of honey pot accounts (for Banks, Visa, and MC) will never happen. Because the ones losing money are not the Banks, Visa or MC. If they have loses, it's a small fraction of a percent of their profits.
Why should they spent resources to capture cybercriminals ripping off their customers? They are not altruistic.
I have reported two incidents of cybercrime to the police (neither with me as the victim, fortunately). Both times, a crime report was filed and the ignored. I never heard anything. No evidence was gathered, no action was taken.
The police themselves have no interest in cybercrime. The resources required to solve it are far greater than those needed to solve real-world crimes (remember, Britian is the spying captial of the world so chances are it will be caught on CCTV).
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
This is not to say that there aren't extremely talented and technical miscreants in the underground, but their numbers have decreased as a percentage of the entire cybercrime universe.
They got a real job, got married, etc. It happens to the best of us.
Well, following the reasoning of Richard Pryor, all this means is that white kids are involved with cybercrime now, too.
The problem is there is simply no way you can stop cybercrime when even regular people become petty criminals, they simply overwhelm the available resources of the law enforcement agencies that attempt to put a stop to it.
I call it "zerging", a term from starcraft:
Zerging describes a tactic, originating in real-time strategy games but used in many different computer games that is analogous to the human wave attack in real-world ground warfare, in which overwhelming numbers of troops are sent at the enemy, disregarding tactics or casualties. It gets its name from the zergling rush tactic from Starcraft.
Most not all are scams. CarShopper, TimeShare ... other service offers to help sell property (Car, House ...).
..., but get only vapor-services. Thirty years ago it was all fraud, but now it is just SOS business for US.
....
... too many are now legally schooled in fraud, scams and crimes. It must be legal now, look at the diet-ade pill adds on TV 24/7 for all US as just one example. Show a tit, say fuck on TV it is a crime and fine, but scams are now perfectly legal the USA.
You pay for the service, lose your money, get ducked
When you think and/or feel WTF (What...), then it is WTFU (Want To Fuck U), but you already know this
USA politics, religion, business
We created the global televangelist who are just televised pick-pocket-preachers of the old folks, illiterate people, and simple minded fools and our government approves the thefts by televangelist as freedom of religion BS.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
If Bush would just declare these crooks to be 'cyberterrorists' and start subjecting them to extraordinary renditions and gitmo treatment, I bet his popularity would surge. And he would be doing something good for the country with his remaining two lame duck years.
Wow! I think you're actually serious. There are so many things wrong with this proposition it's scarey that a grown adult doesn't understand.
1) Confusing the issue with terrorism means you've misdiagnosed both problems. When you do that your solutions for either aren't likely to be effective or competent
2) You don't mind handing more power to a government that's demonstrated corruption.
3) Two wrongs don't make a right. Society isn't going to get BETTER if your local law enforcement throw out any semblance of propriety and misapply laws left right and centre. Society would get WORSE, as this leads to massive widescale corruption in law enforcement.
4) You're advocating gitmo - a place known for human rights violations, that if perpetrated on the US by any other government would warrant an invasion.
You suggest some great things - sting operations on cybercriminals and even have a very basic idea of how it might work. (It's not as simple as you'd suggest of course, but law enforcement may well overcome those barriers). Why not focus on those instead? Your aim is not to harm people but to protect yourself.
You're smart enough to avoid cybercriminals but so ignorant about politics and law enforcement that your ideas are dangerous. Thing is you can cure ignorance, but not stupidty. I hope that means there's hope for people like you.
These posts express my own personal views, not those of my employer
This is the tragedy of the commons, my friends. A small percentage of asshats ruin it for the rest of us. The law enforcement agencies are either unable or unwilling to help, so it's all up to us.
When you have 5 minutes, go help out groups like Phishtank, Akismet, SpamVampire, etc.
henry -- the human evolution news relay
Honeypots have their uses, but they won't prevent phishing as well as you suppose. The "account on the other end" is owned by some ordinary Joe Schmoe who has responded to a job ad as a "financial manager" for some overseas company. Such "money mules" are employed in substantial numbers, and act as a buffer between law enforcement and the organised crime gangs initiating the phishing. Usually the mules don't realise that they are engaging in illegal handling of stolen funds.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
You have to think though, with how obscure cybercrime is, there's got to be people who are adding their voices to the din just to explain away bad sales rather than admitting they sell crappy software/games that no one wants.