Slashdot Mirror
Cybercrime Now Worth $105 Billion, Bypasses Drug Trade
Stony Stevenson writes "Citing recent highly publicized corporate data breaches that have beset major companies like Ameritrade, Citigroup, and Bank of America, McAfee CEO David DeWalt, said that cyber-crime has become a US$105 billion business that now surpasses the value of the illegal drug trade worldwide. Despite the increase in government compliance requirements and the proliferation of security tools, companies continue to underestimate the threat from phishing, data loss, and other cyber vulnerabilities, DeWalt said. 'Worldwide data losses now represent US$40 billion in losses to affected companies and individuals each year, DeWalt says. But law enforcement's ability to find, prosecute, and punish criminals in cyberspace has not kept up: "If you rob a 7-11 you'll get a much harsher punishment than if you stole millions online," DeWal remarked. "The cross-border sophistication in tracking and arresting cyber-criminals is just not there."'"
Considering the international nature of the Internet and the ability to hack from just about anywhere, including extradition-free countries, it seems like anyone could become a cybercriminal and make billions of dollars.
Does O'Reilly or Manning have a book on how to become a cybercriminal? Besides the Camel, I mean.
What an idiot.
How we know is more important than what we know.
Bypass: A means of circumvention.
Surpass: To be or go beyond, as in degree or quality; exceed.
...sounds like it was pulled out of someone's ass. I don't deny that there's a problem, but what concerns me is that this "number" could very well become another excuse for the government to pursue "solutions" that are even more invasive than our current crop of 9/11-related idiocy.
Legalize drugs for consenting adults, and put the crime-fighting resourses to use stopping cybercrime.
We're winning the drug war! That's the only way to explain such low numbers!
Maybe we'd better start a war on cyber crime too, seeing how the drug war has been so successful!
If you think about it, this makes perfect sense. Why risk getting 'capped' picking up ten bricks of heroin, risk getting snagged at some border transporting the bricks, and getting it home, just to get shot by your partner, when you could sit at some Starbucks, sipping a Venti White Chocolate Mocha and rake in tens of thousands of dollars.
Pushing ones and zeros are safer than pushing dope. No wonder organized crime has delved into the digital world.
"First things first, but not necessarily in that order."
- Doctor Who
I agree that cybercrime is a huge problem (although I don't buy that it's more of a problem than illegal drug trade). At the very least, it is a crime on a lesser level because no one is placed in danger of physical harm through it's effects.
Cybercrime, as well as other crimes, should be punished according to the level of damage caused.
With that in mind, the current US court systems cannot seem to wrap their heads around the tactics and ideas put forth in the discovery period of civil copyright cases. There is a common misunderstanding or complete lack of understanding on the part of most of society in the ways of computers and networking.
At this point, I doubt very seriously that most of the accused and prosecutors have the knowledge or ability to fairly fight a cybercrime court case.
In physical, there is always some level of evidence present to tie a suspect to the crime. In the land of computers, it's much more difficult to do so. Where a physical bank robber can wear a mask or clothing to conceal identifying aspects of his physical person. But there remains at the scene hairs, fibers, eyewitness accounts, surveillance tapes and other evidence that helps to narrow down the criminal.
With cybercrime, the 'break-in' can happen from thousands of miles away without the perpetrator ever setting foot, or having ever previously set foot on the premises. There is no physical description, no chemical or biological evidence left behind. The attack could come from a public terminal at a library, or even someone's open (or hijacked) wireless access point. Through the use of zombie computers, the attack could come from my mother's computer.
How can we expect to catch, let alone prosecute cybercriminals without special law enforcement and prosecution/defense attorneys and judges capable of fairly trying people like my mother or the guy who used her computer to break into the Bank of America system?
Message contains 1 attachment: spam.gif
I don't want to belittle the impact of cyber-crime, but this $105 Billion number is just fabricated to make the problem look large. On the other hand, the numbers for drug trade are basically an estimated amount of drug sales.
Drug numbers are *real* numbers. They still may not be accurate, but at least they represent the summation of finite transactions - like the global automobile trade, or the global whale oil trade. It is a sales number.
Cyber crime is a 'damages' number. Like the woman that spilled hot coffee on her leg and sued McDonalds for several million dollars in 'damages'... and at least she had a specific amount of damages ruled in her favor. The trumped up cyber-crime numbers... along with the RIAA numbers... are just manufactured because it is handy to provide very large numbers if you are on the side of the people producing the numbers.
What I would like to see is how many $$s were actually phished last year? How much did the Nigerians actually rake in by claiming to be my/your/her/his brother in law or trusted barrister?
You know what your hourly wage works out as any dealer not on top of the local pyramid? Check out Freakonomics, its an interesting case study. Using one gang's meticulously kept accounting records, they estimated the average dealer makes a bit more than minimum wage. Oh, and for that he has a 25% chance of death or imprisonment over an N month interval. (I can't remember what N was but, yikes, for 25% it wouldn't matter if it were 120!)
Compare this to cybercrime. I have been, at points in the past, a spam researcher. At the time, I lurked in spammer forums to get an idea of what the enemy is thinking. Ignoring the "I make a million a month and own a fleet of cars and a harem" boasting, and just focusing on the deals that were offered and consumated there, it is clear that cybercrime makes Serious Money especially by the standards of the locales where some criminals hang out. A single script to clean a spam mailing list, which is what, two or three hours of work, costs about a month worth of a legit Russian programmer's wages.
Or take a look at the opportunities for low-level criminals in the US, like "cashers". A casher is the guy at the end of the identity theft chain who gets the only risky job: turning the swiped data into money. (Phisher turns credentials over to casher, casher gets money, pays phisher.) He has a non-zero chance of his photo ending up on camera. For this, he gets perhaps 35% of the take from the scam. 35% of the banking account of say a lower-middle class family is easily thousands of dollars. No drugs in your pocket, no guns in your face, and no dedicated squad of police officers busting into your apartment at 1:00 in the morning if you get sold out by a buddy.
Why would you sell drugs if you weren't using, given these risk-vs-reward scenarios?
Help poke pirates in the eyepatch, arr.
"Thank you for your correspondence dated 17 May 2001, 22 January 2002, 8 July 2004, 14 March 2006, and 19 September 2007, requesting that the Federal Bureau of Investigation enforce existing wire fraud statutes with at least the same vigor with which we enforce non-violent drug posession statutes. Upon review, we regret to inform you that your requests to date were not of the form required by this authority.
"Please re-submit your request according to the traditionally established procedure. The most recent edition of this procedure may be obtained from the office of Senator Ted Stevens (R-AK). Your request may be filed at any Republican party field office. Please enclose with your request a cashier's check made payable to the Republican National Committee in the sum of no less than fifteen million (15,000,000) US dollars or equivalent sum in easily-convertible currency excepting Euros. Please do not enclose cash.
"We pride ourselves on providing our customers the best and most convenient law enforcement service possible, and look forward to receiving your request."
Editor, A1-AAA AmeriCaptions
No, this just means we're finally achieving victory in our War on Drugs!
There must be some creative accounting going on here.
They're including sales of Windows Vista. If releasing that thing to the market isn't a crime, I don't know what is.
(Ba dump bump.)
-- Alastair
The BBC has a nice write up on how open and inviting the world of cybercrime is. Tools are passed around and improved and auctioned along with the results, according to William Beer, of Symantec. The scene is booming, with almost double the number of new threats in the first six months of 2007 as in the last of 2006.
Arbor Networks is reporting the same boom from the ISP perspective, and thinks the infrastructure of the internet itself is in danger.
Darkreading details some of the sophistication of the attacks, from an IT perspective as reported by MessageLabs.
Hmmm. Symantec, MessageLabs, McAffe, all at once reporting the same thing. Not to downplay the threat, but is a new version of Windows out?
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.