Slashdot Mirror
Cybercrime — an Epidemic?
ChelleChelle writes "'Cybercrime is pervasive, nondiscriminatory, and dramatically on the increase.' So states TEAM CYMRU, an altruistic group of researchers focused on making the Internet more secure. This article is a look into the root causes of Cybercrime, its participants, and their motivations, as well as suggestions on what we can do to stop this epidemic." From the article: "Many victims do not seem to draw the correlation between their losses and cybercrime; worse, they often view it as a crime that is impossible to investigate and prosecute. For cybercrime to be acknowledged as an important issue, the victims must report such incidents to a receptive law enforcement community with a well-informed judiciary. Attempts such as the president's National Strategy to Secure Cyberspace represent a significant first step in the right direction. To have the desired impact, however, the detailed provisions delineated as action/recommendations must be implemented."
Where there is money, there will be thieves.
Simple as that, the internet has easy money and easy access. Coupled with the ability to steal from long distance and dramatically lowered possibility of getting caught...
It's a no brainer, of course the level of cybercrime is increasing.
Do not look at laser with remaining good eye.
You posted your number with the premise that you're selling a car. They're just trying to sell you a service based on that information. Now, if you would have put a disclaimer (like on Craigslist) saying something like "bona fide buyers only. No commercial services or solicitation," you might have been (in theory) entitled to recover civil damages.
-b.
Google is your friend.
By the way, this is why you never post your cell number online. Set up a temp email address instead, or ask interested buyers to post their number, not yours.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I've delt with cybercrime more than once. Doing the legwork and tracking the perpetrator down wasn't difficult for me - but had I not done it myself it would have never been done.
Until law enforcement steps up to the plate and carries over on their job, people are going to continue to feel this way. Even once I had tracked the perpetrator down I had to personally go into the local prosecuting attorney's office to re-explain the case because they didn't get it either.
People have a reason to feel like they are unprotected on the internet.
It's because for a greater portion of incidents, they are.
Then there is the FBI's fraud division they setup online - which seems to be there for the sole purpose of reducing phone calls they have to take, while yet ignoring the reports unless they are very large cases - something I have seen discussed here on slashdot more than once.
I'm sure there are people with victorious memories over online criminals, but those are surely trumped by the sheer volume of cases where the victim reports the crime and the responsible law enforcement authorities do absolutely nothing if for no other reason than they simply do not know how.
With my credit score, ID theifs will get nothing other that some collection bills...
If so, watch out: there's been a security leek!
And I mean, web-forms vandalism. From spammers to Wikipedia vandals. The reaction is always "clean up and forget". Or, when a particular page is too frequent a target — protect it to registered users only.
Not enough, IMO. The vandals should by sought out and prosecuted — {RI|MP}AA style — making a few high-profile prosecutions against (semi-)randomly picked abusers to "drive it home" to others, that one's being far away does not make them immune.
In Soviet Washington the swamp drains you.
Team Cymru: Securing people and sheep - online.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
an altruistic group of researchers
Just that statement is more than enough to a) scare the crap out of me and b) doubt their "research".
Seven puppies were harmed during the making of this post.
Problem w/ cybercrime is that it is unreported. People are either 1) afraid to report, or 2) don't know how to report. Concern #1 is legitimate - some businesses don't want to have everybody know that their security is weak. Concern #2 is awareness problem - users should know what to do in case something bad happens to them. So, to play my part in user education and awareness - some ways to report cybercrime.
I don't think it's unreasonable to estimate that, in aggregate, spammers and the associated fraud is costing the country billions of dollars. I think it's a travesty that they don't seem to take the problem seriously. What I would do:
1) Stock pump scams. When one starts making the rounds (Cana Petrolium today judging by my mail), find out who made purchases of the stock in the previous week. Freeze their accounts until the individuals responsible can be dragged into an FBI office. If the FBI/SEC can't locate the individuals then it just means that the laws regulating the stock trade are jokes.
2) Phishing. Set up fake accounts with the banks being phished and submit them to the phishing sites. I'm sure the banks will be more than happy to help. As soon as anybody tries to transfer money in our out of the account, freeze the account on the other end.
3) Drug / Software scams. Same as #2. Set up fake accounts with Visa and MC. Submit them to the sites trying to 'sell' the stuff and wait for the account numbers to get re-used somewhere else (you didn't think any of these sites were doing anything other than harvesting CC numbers did you?). Follow the money.
If the Feds can't do these things, then I think it indicates that we may be at risk of a fairly catastrophic economic collapse. After all, if I can buy and sell stock illegally, take money out of bank accounts fraudulently and buy stuff with credit cards without authorization, and do it all anonymously, it's safe to say the criminals are going to win. If Bush would just declare these crooks to be 'cyberterrorists' and start subjecting them to extraordinary renditions and gitmo treatment, I bet his popularity would surge. And he would be doing something good for the country with his remaining two lame duck years.
This is a no-brainer, really. The more you criminalize people the more crime you get.
...
Take the internet, and take file-sharing and then just add the two together and
outlaw file sharing, you get an instant couple of million of additional criminals.
Nothing to see here, move along citizens. There's a whole "Enforcement Community" to be
built here on the net, much like the "War on Drugs" racket that criminalizes millions
of Americans already and is the cause for more than 70% of all incarceration in this country.
for stupidreason in Drugs War Terror; do
echo "War on $stupidreason & profit"
done
But hey it's for the children and in order to keep them safe we have a billion dollar
Corrections Industry (Corrections USA Inc. comes to mind)
Three Letter Agencies that lap up your tax dollars
Special Police Squads
Drug Testing Laboratories (to test you at the workplace)
but that's so 20th century, now with "Cybercrime" we get
even more people in prison
even more Three Letter Agencies
even more Police Squads
even more Wiretapping and spying on your home computer
even more searches of your property at the airport (they already started copying harddrives at the AP).
If you're not dumb I think you get the picture: another artificial reason to criminalize, prosecute and
incarcerate in the making and bread and butter for thousands more of bureaucrats.
what truly constitutes cybercrime? really?
... a few will have to pay, for the rest of us to move up a few notches in security. Will you continue to use pop3 and imap over the internet? Will you continue to log into Slashdot without ssl?
- defacing webpages?
- password sniffing?
- phishing?
From my perspective, and my opinion may not always be correct -- the flood of 'cybercrime' by 'criminals' is a step in the right direction. They are forcing everyone to rethink our security models, and our plaintext connections. Far too often we neglect and abuse the passing of cleartext information
for far too long, we have been using these insecure protocols -- its time to step up and improve our security. How hard is it to use TLS, SASL and SSL? how about setting up our webservers to have a plain text portion, and a security based portion, using SSL? When will we finally learn to look at the URL when we are providing banking information to some seemingly safe site?
I'll tell you, we will finally have learned, once people have been driven to the point where insecure is no longer acceptable as status quo. Just like Video Card manufacturers that sell their products with 'hdcp compliant' all over the packaging -- so will ISP's, banks, and whomever, about SSL TLS, and secured authentication, etc, on the internet.
We're like rats, in some experiment! -- George Costanza
Crime history depicts both the advancement in technology developed to commit crime and that developed to prevent it.
Ignorance toward preventative measures usually results in victimization or a greater likelihood of it. There is no epidemic here. Crime will occur on every medium available-one must simply defend themselves from it. Given, a criminal can be smart enough (or determined enough) to commit an illegal act and this is bound to happen. That is why we have executive and judicial branches of the government-to apprehend and serve justice to those who succeed in breaking the law.
The internet is in its nascent form (and I dare say almost anarchistic), but it is no less a system effected by (human?-)entropy.
Anything can, could, and will happen.
I guess I still think of hacking as the old definition that was not nefarious, rather than a cracker or cybercriminal. Now the mere suggestion that a hacker is not a criminal gets you labeled as a troll. Curious how far the PC police have taken over the Slashdot board.