Cybercrime — an Epidemic?

ChelleChelle writes "'Cybercrime is pervasive, nondiscriminatory, and dramatically on the increase.' So states TEAM CYMRU, an altruistic group of researchers focused on making the Internet more secure. This article is a look into the root causes of Cybercrime, its participants, and their motivations, as well as suggestions on what we can do to stop this epidemic." From the article: "Many victims do not seem to draw the correlation between their losses and cybercrime; worse, they often view it as a crime that is impossible to investigate and prosecute. For cybercrime to be acknowledged as an important issue, the victims must report such incidents to a receptive law enforcement community with a well-informed judiciary. Attempts such as the president's National Strategy to Secure Cyberspace represent a significant first step in the right direction. To have the desired impact, however, the detailed provisions delineated as action/recommendations must be implemented."

My daddy always told me...

[Lumpy]

Where there is money, there will be thieves.

Simple as that, the internet has easy money and easy access. Coupled with the ability to steal from long distance and dramatically lowered possibility of getting caught...

It's a no brainer, of course the level of cybercrime is increasing.

Re:how do you know when it's cybercrime?

[b0s0z0ku]

It's probably not truly a crime, but it seems sleazy at best. Why would people be allowed to base their cold-calls on someone's posted ads?

You posted your number with the premise that you're selling a car. They're just trying to sell you a service based on that information. Now, if you would have put a disclaimer (like on Craigslist) saying something like "bona fide buyers only. No commercial services or solicitation," you might have been (in theory) entitled to recover civil damages.

-b.

Re:how do you know when it's cybercrime?

[Red+Flayer]

Google is your friend.
By the way, this is why you never post your cell number online. Set up a temp email address instead, or ask interested buyers to post their number, not yours.

Not just the victims, the police too.

[GoMMiX]

I've delt with cybercrime more than once. Doing the legwork and tracking the perpetrator down wasn't difficult for me - but had I not done it myself it would have never been done.

Until law enforcement steps up to the plate and carries over on their job, people are going to continue to feel this way. Even once I had tracked the perpetrator down I had to personally go into the local prosecuting attorney's office to re-explain the case because they didn't get it either.

People have a reason to feel like they are unprotected on the internet.

It's because for a greater portion of incidents, they are.

Then there is the FBI's fraud division they setup online - which seems to be there for the sole purpose of reducing phone calls they have to take, while yet ignoring the reports unless they are very large cases - something I have seen discussed here on slashdot more than once.

I'm sure there are people with victorious memories over online criminals, but those are surely trumped by the sheer volume of cases where the victim reports the crime and the responsible law enforcement authorities do absolutely nothing if for no other reason than they simply do not know how.

Cybercriminals do discriminate!

[konsole1981]

With my credit score, ID theifs will get nothing other that some collection bills...

Apparent lack of actions from Feds disappointing

[BeBoxer]

I don't think it's unreasonable to estimate that, in aggregate, spammers and the associated fraud is costing the country billions of dollars. I think it's a travesty that they don't seem to take the problem seriously. What I would do:

1) Stock pump scams. When one starts making the rounds (Cana Petrolium today judging by my mail), find out who made purchases of the stock in the previous week. Freeze their accounts until the individuals responsible can be dragged into an FBI office. If the FBI/SEC can't locate the individuals then it just means that the laws regulating the stock trade are jokes.

2) Phishing. Set up fake accounts with the banks being phished and submit them to the phishing sites. I'm sure the banks will be more than happy to help. As soon as anybody tries to transfer money in our out of the account, freeze the account on the other end.

3) Drug / Software scams. Same as #2. Set up fake accounts with Visa and MC. Submit them to the sites trying to 'sell' the stuff and wait for the account numbers to get re-used somewhere else (you didn't think any of these sites were doing anything other than harvesting CC numbers did you?). Follow the money.

If the Feds can't do these things, then I think it indicates that we may be at risk of a fairly catastrophic economic collapse. After all, if I can buy and sell stock illegally, take money out of bank accounts fraudulently and buy stuff with credit cards without authorization, and do it all anonymously, it's safe to say the criminals are going to win. If Bush would just declare these crooks to be 'cyberterrorists' and start subjecting them to extraordinary renditions and gitmo treatment, I bet his popularity would surge. And he would be doing something good for the country with his remaining two lame duck years.

Crime increases rampant as new laws are made up

[gd23ka]

This is a no-brainer, really. The more you criminalize people the more crime you get.
Take the internet, and take file-sharing and then just add the two together and
outlaw file sharing, you get an instant couple of million of additional criminals.

Nothing to see here, move along citizens. There's a whole "Enforcement Community" to be
built here on the net, much like the "War on Drugs" racket that criminalizes millions
of Americans already and is the cause for more than 70% of all incarceration in this country.

for stupidreason in Drugs War Terror; do
          echo "War on $stupidreason & profit"
done

But hey it's for the children and in order to keep them safe we have a billion dollar
          Corrections Industry (Corrections USA Inc. comes to mind)
          Three Letter Agencies that lap up your tax dollars
          Special Police Squads
          Drug Testing Laboratories (to test you at the workplace)
but that's so 20th century, now with "Cybercrime" we get
even more people in prison
even more Three Letter Agencies
even more Police Squads
even more Wiretapping and spying on your home computer
even more searches of your property at the airport (they already started copying harddrives at the AP). ...

If you're not dumb I think you get the picture: another artificial reason to criminalize, prosecute and
incarcerate in the making and bread and butter for thousands more of bureaucrats.

the way i see it ...

[chef_raekwon]

what truly constitutes cybercrime? really?
  - defacing webpages?
  - password sniffing?
  - phishing?

From my perspective, and my opinion may not always be correct -- the flood of 'cybercrime' by 'criminals' is a step in the right direction. They are forcing everyone to rethink our security models, and our plaintext connections. Far too often we neglect and abuse the passing of cleartext information ... a few will have to pay, for the rest of us to move up a few notches in security. Will you continue to use pop3 and imap over the internet? Will you continue to log into Slashdot without ssl?

for far too long, we have been using these insecure protocols -- its time to step up and improve our security. How hard is it to use TLS, SASL and SSL? how about setting up our webservers to have a plain text portion, and a security based portion, using SSL? When will we finally learn to look at the URL when we are providing banking information to some seemingly safe site?

I'll tell you, we will finally have learned, once people have been driven to the point where insecure is no longer acceptable as status quo. Just like Video Card manufacturers that sell their products with 'hdcp compliant' all over the packaging -- so will ISP's, banks, and whomever, about SSL TLS, and secured authentication, etc, on the internet.