Slashdot Mirror
Cybercrime Now Worth $105 Billion, Bypasses Drug Trade
Stony Stevenson writes "Citing recent highly publicized corporate data breaches that have beset major companies like Ameritrade, Citigroup, and Bank of America, McAfee CEO David DeWalt, said that cyber-crime has become a US$105 billion business that now surpasses the value of the illegal drug trade worldwide. Despite the increase in government compliance requirements and the proliferation of security tools, companies continue to underestimate the threat from phishing, data loss, and other cyber vulnerabilities, DeWalt said. 'Worldwide data losses now represent US$40 billion in losses to affected companies and individuals each year, DeWalt says. But law enforcement's ability to find, prosecute, and punish criminals in cyberspace has not kept up: "If you rob a 7-11 you'll get a much harsher punishment than if you stole millions online," DeWal remarked. "The cross-border sophistication in tracking and arresting cyber-criminals is just not there."'"
Considering the international nature of the Internet and the ability to hack from just about anywhere, including extradition-free countries, it seems like anyone could become a cybercriminal and make billions of dollars.
Does O'Reilly or Manning have a book on how to become a cybercriminal? Besides the Camel, I mean.
The covert Government support of CyberCrime by "intelligence" agencies, and the monopoly of profits from this - just like the drug trade.
Too bad the CIA can't destroy the black urban population of America with phishing spam, like they did to the brothers ad sisters with drugs in the 70's and 80's.
"Flyin' in just a sweet place,
Never been known to fail..."
Maybe drug dealers are getting smarter.
Task Mangler
Oh yeah.
That Conrad Black will be facing a real "three strikes" kind of deal!
"Flyin' in just a sweet place,
Never been known to fail..."
What an idiot.
How we know is more important than what we know.
Bypass: A means of circumvention.
Surpass: To be or go beyond, as in degree or quality; exceed.
...sounds like it was pulled out of someone's ass. I don't deny that there's a problem, but what concerns me is that this "number" could very well become another excuse for the government to pursue "solutions" that are even more invasive than our current crop of 9/11-related idiocy.
Legalize drugs for consenting adults, and put the crime-fighting resourses to use stopping cybercrime.
We're winning the drug war! That's the only way to explain such low numbers!
Maybe we'd better start a war on cyber crime too, seeing how the drug war has been so successful!
If you think about it, this makes perfect sense. Why risk getting 'capped' picking up ten bricks of heroin, risk getting snagged at some border transporting the bricks, and getting it home, just to get shot by your partner, when you could sit at some Starbucks, sipping a Venti White Chocolate Mocha and rake in tens of thousands of dollars.
Pushing ones and zeros are safer than pushing dope. No wonder organized crime has delved into the digital world.
"First things first, but not necessarily in that order."
- Doctor Who
I agree that cybercrime is a huge problem (although I don't buy that it's more of a problem than illegal drug trade). At the very least, it is a crime on a lesser level because no one is placed in danger of physical harm through it's effects.
Cybercrime, as well as other crimes, should be punished according to the level of damage caused.
With that in mind, the current US court systems cannot seem to wrap their heads around the tactics and ideas put forth in the discovery period of civil copyright cases. There is a common misunderstanding or complete lack of understanding on the part of most of society in the ways of computers and networking.
At this point, I doubt very seriously that most of the accused and prosecutors have the knowledge or ability to fairly fight a cybercrime court case.
In physical, there is always some level of evidence present to tie a suspect to the crime. In the land of computers, it's much more difficult to do so. Where a physical bank robber can wear a mask or clothing to conceal identifying aspects of his physical person. But there remains at the scene hairs, fibers, eyewitness accounts, surveillance tapes and other evidence that helps to narrow down the criminal.
With cybercrime, the 'break-in' can happen from thousands of miles away without the perpetrator ever setting foot, or having ever previously set foot on the premises. There is no physical description, no chemical or biological evidence left behind. The attack could come from a public terminal at a library, or even someone's open (or hijacked) wireless access point. Through the use of zombie computers, the attack could come from my mother's computer.
How can we expect to catch, let alone prosecute cybercriminals without special law enforcement and prosecution/defense attorneys and judges capable of fairly trying people like my mother or the guy who used her computer to break into the Bank of America system?
Message contains 1 attachment: spam.gif
I don't want to belittle the impact of cyber-crime, but this $105 Billion number is just fabricated to make the problem look large. On the other hand, the numbers for drug trade are basically an estimated amount of drug sales.
Drug numbers are *real* numbers. They still may not be accurate, but at least they represent the summation of finite transactions - like the global automobile trade, or the global whale oil trade. It is a sales number.
Cyber crime is a 'damages' number. Like the woman that spilled hot coffee on her leg and sued McDonalds for several million dollars in 'damages'... and at least she had a specific amount of damages ruled in her favor. The trumped up cyber-crime numbers... along with the RIAA numbers... are just manufactured because it is handy to provide very large numbers if you are on the side of the people producing the numbers.
What I would like to see is how many $$s were actually phished last year? How much did the Nigerians actually rake in by claiming to be my/your/her/his brother in law or trusted barrister?
You know what your hourly wage works out as any dealer not on top of the local pyramid? Check out Freakonomics, its an interesting case study. Using one gang's meticulously kept accounting records, they estimated the average dealer makes a bit more than minimum wage. Oh, and for that he has a 25% chance of death or imprisonment over an N month interval. (I can't remember what N was but, yikes, for 25% it wouldn't matter if it were 120!)
Compare this to cybercrime. I have been, at points in the past, a spam researcher. At the time, I lurked in spammer forums to get an idea of what the enemy is thinking. Ignoring the "I make a million a month and own a fleet of cars and a harem" boasting, and just focusing on the deals that were offered and consumated there, it is clear that cybercrime makes Serious Money especially by the standards of the locales where some criminals hang out. A single script to clean a spam mailing list, which is what, two or three hours of work, costs about a month worth of a legit Russian programmer's wages.
Or take a look at the opportunities for low-level criminals in the US, like "cashers". A casher is the guy at the end of the identity theft chain who gets the only risky job: turning the swiped data into money. (Phisher turns credentials over to casher, casher gets money, pays phisher.) He has a non-zero chance of his photo ending up on camera. For this, he gets perhaps 35% of the take from the scam. 35% of the banking account of say a lower-middle class family is easily thousands of dollars. No drugs in your pocket, no guns in your face, and no dedicated squad of police officers busting into your apartment at 1:00 in the morning if you get sold out by a buddy.
Why would you sell drugs if you weren't using, given these risk-vs-reward scenarios?
Help poke pirates in the eyepatch, arr.
Cybercrime passes, or even surpasses drug trade but I don't know why you think cybercrime "goes around" drug trade.
Forgive me for being an English Nazi but jeez Louise, have they now outsourced Slashdot editing to people who don't speak English?
We don't see the world as it is, we see it as we are.
-- Anais Nin
"Thank you for your correspondence dated 17 May 2001, 22 January 2002, 8 July 2004, 14 March 2006, and 19 September 2007, requesting that the Federal Bureau of Investigation enforce existing wire fraud statutes with at least the same vigor with which we enforce non-violent drug posession statutes. Upon review, we regret to inform you that your requests to date were not of the form required by this authority.
"Please re-submit your request according to the traditionally established procedure. The most recent edition of this procedure may be obtained from the office of Senator Ted Stevens (R-AK). Your request may be filed at any Republican party field office. Please enclose with your request a cashier's check made payable to the Republican National Committee in the sum of no less than fifteen million (15,000,000) US dollars or equivalent sum in easily-convertible currency excepting Euros. Please do not enclose cash.
"We pride ourselves on providing our customers the best and most convenient law enforcement service possible, and look forward to receiving your request."
Editor, A1-AAA AmeriCaptions
The value of the global illegal drug trade is upwards of $300-500 billion by most estimates (and at least 150-200 by almost all others); of which the US market makes up about $60-100bn. Why is fact checking virtually non-existent with anything related to drug prohibition? And the other tactic, deceptive use of statistics, such as implying the $90bn maximum value of the trade is the entire value based and neglecting to mention that's only the wholesale market, is equally acceptable in even the most reputable publications. Why? Oh yeah, because virtually every actual fact contradicts the political consensus that prohibition is the best way to deal with the harms drugs create.
Divide 105 B$ between these kinds of cyber-crime:
x B$ stolen from e-mail users who have to work through deluges of spam
x B$ stolen from drug companies by thieves who sell illegal generics online
x B$ stolen from software vendors by digital-high-seas pirates
x B$ stolen from the RIAA and the MPAA by the common man who won't pay retail price
x B$ stolen from bookstores by project Gutenberg
x B$ stolen from encyclopedia makers by Wikipedia users
x B$ stolen from McAfee and other security vendors by Linux and OS X users
x B$ stolen from buggy-whip makers by car drivers
McAfee is here to help: your computer will be safe from all these cyber-crime enablers.
There must be some creative accounting going on here.
They're including sales of Windows Vista. If releasing that thing to the market isn't a crime, I don't know what is.
(Ba dump bump.)
-- Alastair
The BBC has a nice write up on how open and inviting the world of cybercrime is. Tools are passed around and improved and auctioned along with the results, according to William Beer, of Symantec. The scene is booming, with almost double the number of new threats in the first six months of 2007 as in the last of 2006.
Arbor Networks is reporting the same boom from the ISP perspective, and thinks the infrastructure of the internet itself is in danger.
Darkreading details some of the sophistication of the attacks, from an IT perspective as reported by MessageLabs.
Hmmm. Symantec, MessageLabs, McAffe, all at once reporting the same thing. Not to downplay the threat, but is a new version of Windows out?
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Yes, thankfully. It's been out for 8 months, it has twice the market share of Linux and OS X combined, and it's much more secure than the one it's replacing.
BTW, I think it's funny that you'd give so much weight to companies that you've referred to in the past as "snake oil vendors".
Given the fact that the vast majority of computers on botnets are there because of user action instead of exploited vulnerabilities, I fail to see what a new version of Windows has to do with this or not. People will infect a mainframe if the given the chance and someone can be bothered to write the malware for it. Hmmm. BonzyBuddy for OS/390 must be quite an experience. I wonder if it runs on InfoMan...
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Cybercrime alarmists have been saying this for two years, but it's simply not true. The United Nations drug statistics indicate that the global market for illicit substances is approximately $322 billion. More information here: http://arstechnica.com/news.ars/post/20051129-5648.html
The drug dealers just need to move their whole business online, then they'll be on top again!
/me is ready to meet in the alley behind the liquor store
Imagine IRC channels dedicated to the drug trade!
Just go back two articles and we see that the industry lied blatantly about the $40 billion losses of piracy in Canada, and that such numbers are hard or impossible to obtain. And in other news "cyber-crime has become a US$105 billion business"...
Do we ever learn?
I see it coming... We had a war on drugs, a war on terror and soon we'll have a war on cybercrime. What country must be invaded this time?
It sounds impresive, but i don't think cybercrime
really surpasses the drug trade in profits, except on paper.
Corporations routinely exaggerate losses to a
ridiculous degree. I read that the average cost
to a company for a lost or stolen laptop is
considered to be $85,000 (due to loss of time
and proprietary data.)
Another example:
A company's server is hacked by a friendly hacker.
The hacker just wanted a challenge and didn't
distribute any data. He's caught and the company
then claims $5 million dollars in damages.
CyberCrime figures look good on paper and make for
great insurance and tax write-offs. But they are
probably largely imaginary.
Many private citizens are victims of identity theft
and fraud, but I don't think those cases make up the
bulk of the CyberCrime dollar claim.