Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercrime Is a Franchise Model That Scales

Posted by kdawson on from the maybe-it-pays-after-all dept.

Presto Vivace notes a report from the RSA conference on the cybercrime economy, and it's not an optimistic one. Part of the problem is that in many places cybercrime pays much better than legitimate work, including security research. "As the panelists explained, a single spam message might be tied to as many as 10 separate organizations and perhaps five suppliers. Every task in the criminal economy has become a separate specialty. Some people sell e-mail lists, others sell lists of compromised IP addresses, there are sellers of credit card numbers, and those who sell access to bot nets. Then there are those who handle product fulfillment for spammers, and those who specialize in laundering money."

11 of 100 comments (clear)

  1. Office Space clearly had an impact by Anonymous Coward · · Score: 5, Funny

    One of the big problems the guys in Office Space faced was how to launder their money. They were computer programmers who had no knowledge of the intricacies of money laundering. It's good to see someone recognized the problem and is now providing solutions for those of us who don't know how to launder money ourselves.

    1. Re:Office Space clearly had an impact by CogDissident · · Score: 4, Insightful

      Its not as hard as you think. If you can get the money off-shore (such as an offshore account in the pacific), and then throw it to a numbered account in a swiss bank, its basically done.

      The hard part is getting it out of the country of origin, without it being linked to you as having "left" from you.

    2. Re:Office Space clearly had an impact by Anonymous Coward · · Score: 3, Funny

      So what you're saying is that it's easy, except for the hard part.

  2. Cut of the source by pembo13 · · Score: 3, Insightful

    Kill all bot nets. Seriously. And have companies who sell operating system take some financial responsibility for future security.

    --
    "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
    1. Re:Cut of the source by moderatorrater · · Score: 5, Insightful

      Kill all bot nets. Seriously. Agreed, although botnets are a tool, not necessarily a source. They make computing power cheap for the underworld, but everyone here should know that computing power is already cheap. The diversified IP addresses is harder for them to mimic, but not impossible.

      And have companies who sell operating system take some financial responsibility for future security. Absolutely ridiculous. I've heard this before, and I think it makes as much sense as holding the door manufacturer responsible for home break ins. Microsoft has never claimed to be completely secure and they haven't made any contracts specifying that they should be. They allow other products to work on their platform, and these other products have threatened legal action if Microsoft makes their OS secure (although not in those exact words). It also patches on a regular cycle and it's ultimately a decently secure OS (when you take the patches into consideration).

      The ultimate responsibility for what happens on someone's computer is theirs. There's a lot of hatred for Microsoft floating around here, and for good reason, but holding them responsible because people can't protect their computers in the most rudimentary ways is wrong. It also opens the doors for holding any software responsible for any hacking that occurs on them, even if the user could have prevented it with negligible effort. Considering the state of security in the software industry, that would destroy pretty much every company in existence and set us back 10-20 years.
    2. Re:Cut of the source by Dada+Vinci · · Score: 3, Interesting

      Not all botnets are the fault of insecure operating systems. People who exclaim "Oh, look, somebody I don't know emailed me a file called CutePuppies.exe! I think I'll click on it!" pretty well destroy any sort of security scheme. Vista tried to solve that by preventing users from running programs (under the guise of User Account Control) but that just led to rebellion because people don't want to have to explicitly grant access to every program that wants to read to disk or connect to the Internet. When I install the new Firefox I don't want to have to authorize each and every operation it performs (write to disk, read from disk, connect to Internet, etc).

  3. And my mother always said that by name*censored* · · Score: 4, Funny

    Crime doesn't pay. Pfft.

    BRB, watching to see if the kettle boils.

    --
    Commodore64_love: I don't comprehend people who're so frightened of death that they'll bankrupt themselves to stay alive
  4. Is pay really the reason? by mrroot · · Score: 4, Insightful

    Part of the problem is that in many places cybercrime pays much better than legitimate work, including security research.

    Crime almost always "pays better" than so-called legitimate work (is crime really considered a profession?) Well I guess you could say it is a part of the problem, but the OTHER part of the problem is the risk of getting caught is too low. It is a risk/reward model. There are other factors in play here too, for example people's morality. Even if there were little risk and great reward, some people have a moral system that would still prohibit them from undertaking a life of crime.

    --
    I Heart Sorting Networks
    1. Re:Is pay really the reason? by iamacat · · Score: 3, Insightful

      Even if there were little risk and great reward, some people have a moral system that would still prohibit them from undertaking a life of crime. But if you think about it, the highest moral system would actually push people into life of crime. There are lots of evil entities that need stealing from (nuclear weapons manufacturing, Bin Laden family in Saudi Arabia, Dick Cheney, Microsoft, RIAA, ...) and lots of hungry children in Africa. It's not immoral to steal from crooks!
    2. Re:Is pay really the reason? by mrroot · · Score: 4, Insightful

      But if you think about it, the highest moral system would actually push people into life of crime. There are lots of evil entities that need stealing from (nuclear weapons manufacturing, Bin Laden family in Saudi Arabia, Dick Cheney, Microsoft, RIAA, ...) and lots of hungry children in Africa. It's not immoral to steal from crooks!
      So who decides who is a crook and who is not? I guess you feel like you have a pretty good handle on that, or at least you just rattled off all the names you have been told are crooks. Congratulations, you have conformed.
      --
      I Heart Sorting Networks
  5. The problem: FBI Baltimore by Animats · · Score: 3, Interesting

    We need the FBI Baltimore office taken out of the business of distributing child porn and put on this problem. After ten years of work, they've arrested over 6,000 people.

    How many computer criminals have they arrested? The Department of Justice doesn't seem to provide useful statistics, but it looks like the number per year is in the 10-100 range.

    This is backwards, given the relative size of the problems.

    Part of the problem is that the FBI has a measurement bias against white-collar crime. See the FBI Crime Statistics page. Violent crimes are counted if they are reported; white collar crimes are only counted if there's an arrest.