Slashdot Mirror

← Back to Stories (view on slashdot.org)

Following the Money In Cybercrime

Posted by timothy on from the prevailing-wages dept.

jbrodkin writes "Five dollars for control over 1,000 compromised email accounts. Eight dollars for a distributed denial-of-service attack that takes down a website for an hour. And just a buck to solve 1,000 captchas. Those are the going rates of cybercrime, the amounts criminals pay other criminals for the technical services necessary to launch attacks. This criminal underground was detailed Wednesday in a highly entertaining talk given by researcher Stefan Savage at the annual Usenix technical conference in Portland, Ore. Savage's research into the economics of cybercrime began as lip service to satisfy the terms of a government grant, but it turned out to be the key to stopping computer attacks. Targeted methods — such as using CAPTCHAs — don't stop criminals, but they add to the cost burden and put the inefficient criminal organizations out of business, letting security researchers focus only on the ones that survive."

8 of 107 comments (clear)

  1. Cheap Enough, But ... by WrongSizeGlass · · Score: 4, Insightful

    But how do you pay these "companies" when you want to purchase their services? I'm sure not going to give them credit card, or an electronic bank transfer. Do they accept BitCoins? ;-)

  2. Economics by SniperJoe · · Score: 5, Insightful

    I am beginning to think that everyone should be forced to take an economics course in their lifetime. So much of the world is driven by economics that I think you'll understand the world quite a bit better if you understand the dollars and cents behind it. Perhaps its a case of "the more economics you know, the more economics you see."

    1. Re:Economics by JustSomeProgrammer · · Score: 4, Insightful

      My world history class in college was centered on the history of trade since people always migrated along those paths and society developed along those paths. It was really interesting and taught me that yes, money really does make the world go round.

    2. Re:Economics by operagost · · Score: 4, Insightful

      If our students understood economics, there would be fewer of them going to college with the false expectation that a degree will guarantee them a secure job, and even fewer who believe politicians who promise "free" anything.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    3. Re:Economics by gstoddart · · Score: 5, Insightful

      I am beginning to think that everyone should be forced to take an economics course in their lifetime.

      The problem is ... which version of 'economics'?

      It seems there's the broad, general sense of economics which attempts to explain how things work as an interconnected system. And, then there's the economics which is almost dogmatic ... it's a belief that under certain circumstances, and given a set of assumptions, a given outcome would naturally occur. Those, I'm not convinced are supported by anything more than a desire for it to be true.

      I, for instance, have yet to be convinced that "trickle down economics" actually accomplishes what its proponents claim it will. I also, am completely unconvinced by things that the rampant socialists say would happen if we listened to them since their numbers are equally imaginary. They both amount to wishful thinking.

      At a certain point, economics devolves into ideology and philosophy. And your belief in what works ceases to be empirical, and more focused on how you think the world should operate if you could rewrite reality to suit your own needs (or, force everyone to adopt your theories long enough for them to be proven true/fail utterly).

      I agree that some understanding of economics is valuable ... but then it breaks down to become a belief system, and goes all to hell. Modern economics is like the Emperor's New Clothes ... as long as we all keep deluding ourselves that it works, everyone is happy. Occasionally, a glaring counter example comes along that people chalk up as being an anomaly.

      It seems that goes for both ends of how people believe economics works.

      --
      Lost at C:>. Found at C.
  3. Freakonomics by Lifyre · · Score: 4, Insightful

    I don't know if you've read Freakonomics or not but that is basically the premise of the entire book(s). There are economics in everything, people respond to incentives and if you set up your incentives properly you'll get the result you desire. Fail to properly incentivize people and you can get all sorts of interesting results. I particularly like the Israeli Day Care example.

    --
    I'll meet you at the intersection of "Should be" and "Reality"
  4. Busting CAPTCHAs is not a crime. by Jane+Q.+Public · · Score: 5, Insightful

    Busting CAPTCHAs is not a crime. Not usually, anyway. Sure, it may violate a website's terms of service, but US courts so far (quite correctly) say that's not a crime, unless you're "stealing" a for-pay service. And maybe not even then.

    It is not valid to label something a "crime" just because it's inconvenient for some people. The lesson to be learned here is that CAPTCHAs are a lazy (and often lousy) way to prevent "unauthorized" access.

    Also, while most CAPTCHAs today can be busted with automated tools, as OP says it's often more economical to just hire teams of people from Pakistan or India to do it manually. The going rate on freelancer sites is about $1 per 1000, but sometimes it's even less.

  5. Re:Like antibiotics by icebike · · Score: 4, Insightful

    However what could happen with all the small guys going away there is less competition for the big ones and then they can monopolize the market...

    Do these guys really compete at all?

    I've never seen shoplifters or bunglers compete. There are simply too many soft targets out there.

    But the rest of your analysis is otherwise pretty good, and the reduction of organizations might be mostly in the script kiddie market, with the few really good (bad) organizations being pretty much unaffected.

    When the truth emerges about the current deluge of hackers it will probably be a huge mob of semi-literate kiddies running scripts and purchased hacks, mostly for harassment and diversion of government resources while the big boys break into money pits or marketable secretinformation sites.

    While the harassment and dossing have been with us for some time, the tempo has been ramped up. Why are these people concentrating on government agencies like the FBI? My guess is they are being organized to act as a diversion by other governmental agencies or those guys after the big bucks. Maybe Iran is getting back at the west for wrecking their centrifuges. Who knows.

    Personally I suspect its the same organizations helping themselves to the money and their government employers to the secrets.

    --
    Sig Battery depleted. Reverting to safe mode.