Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercrime Is a Franchise Model That Scales

Posted by kdawson on from the maybe-it-pays-after-all dept.

Presto Vivace notes a report from the RSA conference on the cybercrime economy, and it's not an optimistic one. Part of the problem is that in many places cybercrime pays much better than legitimate work, including security research. "As the panelists explained, a single spam message might be tied to as many as 10 separate organizations and perhaps five suppliers. Every task in the criminal economy has become a separate specialty. Some people sell e-mail lists, others sell lists of compromised IP addresses, there are sellers of credit card numbers, and those who sell access to bot nets. Then there are those who handle product fulfillment for spammers, and those who specialize in laundering money."

6 of 100 comments (clear)

  1. Office Space clearly had an impact by Anonymous Coward · · Score: 5, Funny

    One of the big problems the guys in Office Space faced was how to launder their money. They were computer programmers who had no knowledge of the intricacies of money laundering. It's good to see someone recognized the problem and is now providing solutions for those of us who don't know how to launder money ourselves.

    1. Re:Office Space clearly had an impact by CogDissident · · Score: 4, Insightful

      Its not as hard as you think. If you can get the money off-shore (such as an offshore account in the pacific), and then throw it to a numbered account in a swiss bank, its basically done.

      The hard part is getting it out of the country of origin, without it being linked to you as having "left" from you.

  2. And my mother always said that by name*censored* · · Score: 4, Funny

    Crime doesn't pay. Pfft.

    BRB, watching to see if the kettle boils.

    --
    Commodore64_love: I don't comprehend people who're so frightened of death that they'll bankrupt themselves to stay alive
  3. Is pay really the reason? by mrroot · · Score: 4, Insightful

    Part of the problem is that in many places cybercrime pays much better than legitimate work, including security research.

    Crime almost always "pays better" than so-called legitimate work (is crime really considered a profession?) Well I guess you could say it is a part of the problem, but the OTHER part of the problem is the risk of getting caught is too low. It is a risk/reward model. There are other factors in play here too, for example people's morality. Even if there were little risk and great reward, some people have a moral system that would still prohibit them from undertaking a life of crime.

    --
    I Heart Sorting Networks
    1. Re:Is pay really the reason? by mrroot · · Score: 4, Insightful

      But if you think about it, the highest moral system would actually push people into life of crime. There are lots of evil entities that need stealing from (nuclear weapons manufacturing, Bin Laden family in Saudi Arabia, Dick Cheney, Microsoft, RIAA, ...) and lots of hungry children in Africa. It's not immoral to steal from crooks!
      So who decides who is a crook and who is not? I guess you feel like you have a pretty good handle on that, or at least you just rattled off all the names you have been told are crooks. Congratulations, you have conformed.
      --
      I Heart Sorting Networks
  4. Re:Cut of the source by moderatorrater · · Score: 5, Insightful

    Kill all bot nets. Seriously. Agreed, although botnets are a tool, not necessarily a source. They make computing power cheap for the underworld, but everyone here should know that computing power is already cheap. The diversified IP addresses is harder for them to mimic, but not impossible.

    And have companies who sell operating system take some financial responsibility for future security. Absolutely ridiculous. I've heard this before, and I think it makes as much sense as holding the door manufacturer responsible for home break ins. Microsoft has never claimed to be completely secure and they haven't made any contracts specifying that they should be. They allow other products to work on their platform, and these other products have threatened legal action if Microsoft makes their OS secure (although not in those exact words). It also patches on a regular cycle and it's ultimately a decently secure OS (when you take the patches into consideration).

    The ultimate responsibility for what happens on someone's computer is theirs. There's a lot of hatred for Microsoft floating around here, and for good reason, but holding them responsible because people can't protect their computers in the most rudimentary ways is wrong. It also opens the doors for holding any software responsible for any hacking that occurs on them, even if the user could have prevented it with negligible effort. Considering the state of security in the software industry, that would destroy pretty much every company in existence and set us back 10-20 years.