Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercrime Is a Franchise Model That Scales

Posted by kdawson on from the maybe-it-pays-after-all dept.

Presto Vivace notes a report from the RSA conference on the cybercrime economy, and it's not an optimistic one. Part of the problem is that in many places cybercrime pays much better than legitimate work, including security research. "As the panelists explained, a single spam message might be tied to as many as 10 separate organizations and perhaps five suppliers. Every task in the criminal economy has become a separate specialty. Some people sell e-mail lists, others sell lists of compromised IP addresses, there are sellers of credit card numbers, and those who sell access to bot nets. Then there are those who handle product fulfillment for spammers, and those who specialize in laundering money."

8 of 100 comments (clear)

  1. Re:Office Space clearly had an impact by CogDissident · · Score: 4, Insightful

    Its not as hard as you think. If you can get the money off-shore (such as an offshore account in the pacific), and then throw it to a numbered account in a swiss bank, its basically done.

    The hard part is getting it out of the country of origin, without it being linked to you as having "left" from you.

  2. Cut of the source by pembo13 · · Score: 3, Insightful

    Kill all bot nets. Seriously. And have companies who sell operating system take some financial responsibility for future security.

    --
    "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
    1. Re:Cut of the source by moderatorrater · · Score: 5, Insightful

      Kill all bot nets. Seriously. Agreed, although botnets are a tool, not necessarily a source. They make computing power cheap for the underworld, but everyone here should know that computing power is already cheap. The diversified IP addresses is harder for them to mimic, but not impossible.

      And have companies who sell operating system take some financial responsibility for future security. Absolutely ridiculous. I've heard this before, and I think it makes as much sense as holding the door manufacturer responsible for home break ins. Microsoft has never claimed to be completely secure and they haven't made any contracts specifying that they should be. They allow other products to work on their platform, and these other products have threatened legal action if Microsoft makes their OS secure (although not in those exact words). It also patches on a regular cycle and it's ultimately a decently secure OS (when you take the patches into consideration).

      The ultimate responsibility for what happens on someone's computer is theirs. There's a lot of hatred for Microsoft floating around here, and for good reason, but holding them responsible because people can't protect their computers in the most rudimentary ways is wrong. It also opens the doors for holding any software responsible for any hacking that occurs on them, even if the user could have prevented it with negligible effort. Considering the state of security in the software industry, that would destroy pretty much every company in existence and set us back 10-20 years.
  3. Is pay really the reason? by mrroot · · Score: 4, Insightful

    Part of the problem is that in many places cybercrime pays much better than legitimate work, including security research.

    Crime almost always "pays better" than so-called legitimate work (is crime really considered a profession?) Well I guess you could say it is a part of the problem, but the OTHER part of the problem is the risk of getting caught is too low. It is a risk/reward model. There are other factors in play here too, for example people's morality. Even if there were little risk and great reward, some people have a moral system that would still prohibit them from undertaking a life of crime.

    --
    I Heart Sorting Networks
    1. Re:Is pay really the reason? by iamacat · · Score: 3, Insightful

      Even if there were little risk and great reward, some people have a moral system that would still prohibit them from undertaking a life of crime. But if you think about it, the highest moral system would actually push people into life of crime. There are lots of evil entities that need stealing from (nuclear weapons manufacturing, Bin Laden family in Saudi Arabia, Dick Cheney, Microsoft, RIAA, ...) and lots of hungry children in Africa. It's not immoral to steal from crooks!
    2. Re:Is pay really the reason? by mrroot · · Score: 4, Insightful

      But if you think about it, the highest moral system would actually push people into life of crime. There are lots of evil entities that need stealing from (nuclear weapons manufacturing, Bin Laden family in Saudi Arabia, Dick Cheney, Microsoft, RIAA, ...) and lots of hungry children in Africa. It's not immoral to steal from crooks!
      So who decides who is a crook and who is not? I guess you feel like you have a pretty good handle on that, or at least you just rattled off all the names you have been told are crooks. Congratulations, you have conformed.
      --
      I Heart Sorting Networks
  4. Another Part of The Problem by Bob9113 · · Score: 2, Insightful

    Part of the problem is that in many places cybercrime pays much better than legitimate work, including security research.

    Another part of the problem is that our cyber enforcement budget leans heavily toward pornography, gambling, and copyright.

    Yet another part is that corporations and politicians are unwilling to kill their fatted calf that is "legitimate" UCE.

    --
    Stop-Prism.org: Opt Out of Surveillance
  5. Not in your nature? Sure it is, but... by RexDevious · · Score: 2, Insightful
    it never developed because you happen to be naturally better at things which didn't require it.

    CASE STUDY: Matt Dillon

    My brother own's a bar frequented by Matt Dillion, the mult-millionaire, super-naturally gorgeous, very famous actor. And he's never seen anyone so utterly terrible at picking up girls. Why? Because he's never *had* to be good at chatting up girls, he's been a movie star since he hit puberty. If he'd needed to learn how to chat up girls, he'd have learned.

    You're bad at being dishonest for the same reason Matt Dillion is bad at picking up women.

    But, if you'd lack any natural ability to achieve goals honestly, you would have had no other option but to develop the talent to lie, cheat and steal your way to success.

    This is the same reason why beautiful girls seem dumb, and powerful people rarely have any other talent than gaining power.

    To me, this last bit is the most troubling. We've created a world in which utterly worthless people have no other choice than to figure out how to exploit the worth of others in order to get anywhere in life.

    Personally, I blame our "won't someone think of the children" policies. They keep dumb people alive long enough to develop the skill to exploit the intelligent people - who are completely unprepared to deal with dishonesty, cheating, and theft because they never needed to do the things that would have given them experience in those areas.

    It's like that sig which floats around slashdot a lot:

    "Never argue with a fool. They'll drag you down to their level, and then beat you with experience."