Slashdot Mirror

← Back to Stories (view on slashdot.org)

The $1 Trillion Cybercrime Myth

Posted by Soulskill on from the 72%-of-statistics-are-made-up dept.

wiredmikey sends this excerpt from SecurityWeek: "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. ... The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, 'The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.' The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled 'Sex, Lies, and Cybercrime,' they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: 'Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.'"

18 of 94 comments (clear)

  1. these things... they happen by zlives · · Score: 2, Funny

    i once lost 1.21 jiggawatts in a time travel scam...

  2. Of course it's made up by Baloroth · · Score: 4, Insightful

    Obviously, the $1 trillion figure is made up. The real figure is more likely in the tens of millions, maybe a little higher, but probably even less than that. The thing is, and the reason people can get away with citing a number that ridiculous, is because it is so large. People simply have no concept of scale that large. You can't hold a number that large in your head, not insofar as it applies to something real. As a pure number, sure, but not as a number of something. The human brain can comprehend tens, even thousands: but trillions are simply too large for the mind to hold, which means that as a talking point, a couple billion is about the same as a trillion for your average human: it basically just ends up meaning "a really really really lot."

    If you approach rebuking the number as "well what should the number really be", you aren't countering the key point behind those figures, which is simply to express a massive quantity. If you respond by saying the number should really be in the millions, people will usually scoff at you ("no way McAfee could have been that wrong") or at best simply take the average of the two numbers, which still yields a massive number in their head. The point of such studies isn't to be scientific: it's to be rhetorical. So ultimately, to the people citing that number, it doesn't matter in the slightest if it is true, or how it was a arrived at. All it matters is they have a really big number to cite that they can say is "scientific" or "proof that we need to take action."

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    1. Re:Of course it's made up by Anonymous Coward · · Score: 5, Insightful

      I get suspicious when the number reaches a significant fraction of our discretionary spending on national security/military. I think that's about $750,000,000,000 for 2012.

      $1 Trillion USD is just beyond absurd. That's the same as stealing about 88% of all income tax collected from every person and company in the entire US for an entire year.

    2. Re:Of course it's made up by TuomasK · · Score: 3, Insightful

      Exactly! Lets think it in seconds: 1 million seconds was 12 days ago. 1 billion seconds ago it was the 1980's. 1 trillion seconds ago neanderthal's walked on earth.

      --
      The truth or interpretation..
    3. Re:Of course it's made up by PopeRatzo · · Score: 4, Interesting

      Obviously, the $1 trillion figure is made up. The real figure is more likely in the tens of millions, maybe a little higher, but probably even less than that.

      Wait a minute now. The derivatives market by itself, is close to $800Trillion. That's "trillion" with a "T" and represents a sum that equals many times more than the GDP of the entire world.

      The manipulation of Libor and stealing by simply timing the rate changes could easily have represented $1Trillion in crime.

      Add to that the investment banks using their position to do high-frequency trading, in effect "peeking" at their customer transactions to jump in front (yes, that's a crime) and all the rest of the straight up fraud and theft that is being perpetrated by the big banks thanks to their proximity to the Federal Reserve and we've left $1Trillion in cybercrime about five miles back.

      You make the mistake of thinking that "cybercrime" can only be Balkan hackers or credit card scammers - small time fraudsters. The real cybercrime is being perpetrated by our financial elite on a scale that makes them absolutely untouchable - out of the reach of any government. Hell, the medicare fraud by the company owned by the governor of Florida, Rick Scott, caused them to pay a fine of a billion dollars, which means the amount they stole using their computer medicare billing system is well over that amount. That's certainly cyber-crime.

      Then look at the $27trillion being held illegally off-shore by American citizens to evade taxes (also a crime and also made possible thanks to computers) and the figure of what could be called "cybercrime" adds up to more than the total GDP of the United States and Japan combined. To give you an idea of the impunity with which this illegal (as in crime) activity is engaged, one of the people who almost certainly took advantage of the 2009 amnesty by which these tax cheats could repatriate their money to the US without facing criminal prosecution is now running for president.

      --
      You are welcome on my lawn.
    4. Re:Of course it's made up by johnnyb · · Score: 3, Funny

      The real way to compute cybercrime numbers:

      1) number of copies of Norton sold * price
      2) number of copies of McAfee sold * price
      3) number of copies of Windows sold * price
      4) number of copies of MS Office sold * price

      Adding up 1-4 will give a good estimate of cybercrime. We should probably add in an additional $10 million to also cover phishing scams.

      --
      Engineering and the Ultimate
    5. Re:Of course it's made up by Hatta · · Score: 2

      If you work with very large and very small numbers on a regular basis, you can indeed hold a number that large in your head. Exponents are not that abstract.

      --
      Give me Classic Slashdot or give me death!
  3. one in a thousand by RichMan · · Score: 4, Interesting

    Throw that one guy out as a strange "outlier" and the number is zero. That is more believeable.

    Lies, damn lies and statistics. Grarbage in garbage out.

    If it was only one person out of a full one thousand sample then the sample size is way to small to be statistically significant. Whoever did the statistical analysis should be fired. With that low a report rate you don't know it is 1/1e6 or 1/1e9 and you just got unlucky in the sample.

    1. Re:one in a thousand by SJester · · Score: 4, Insightful

      Whoever did the statistical analysis should be fired.

      Why should they be fired? Their job is public relations, not honesty.

  4. 1 Trillion is over 6% of GDP by udachny · · Score: 2, Interesting

    It is not only cyber-crime estimates that are coming from one or two self-reported unverified people. All the economy related numbers are made up, reverse engineered, adjusted to fit the narrative of the political power.

    1 Trillion USD losses to cyber-crime? So taking the 15 Trillion GDP figure at face value (which you must not make mistake of doing), it means that over 6% of the GDP is lost due to all this 'cyber-crime'. 6%. The entire USA agriculture sector is 4% of the reported GDP.

    --
    MY OTHER COMMENTS
  5. the same type of math the RIAA and MPAA use... by logicassasin · · Score: 4, Informative

    The RIAA and MPAA both use similar voodoo-comic book math techniques to justify their "losses" to cybercrime (illegal downloads).

    --
    Fifty watts per channel, baby cakes.
    1. Re:the same type of math the RIAA and MPAA use... by haruchai · · Score: 3, Informative

      A speaker at TED demonstrated this was due to rampant ringtone piracy.

      --
      Pain is merely failure leaving the body
  6. Symatec source citations by sl4shd0rk · · Score: 4, Funny

    "Up to $1 Trillion in losses[1] and "$388 million in IP losses[2]"

    [1] - someguysblog.com
    [2] - foxnews.com

    --
    Join the Slashcott! Feb 10 thru Feb 17!
  7. Re:We trust Microsoft now? by wild_quinine · · Score: 3, Insightful

    When you're calling in Microsoft to help expose the FUD, you are dealing with some military grade bullshit.

  8. Re:We trust Microsoft now? by wild_quinine · · Score: 4, Funny

    Well, in this case, it is basically Microsoft defending itself against the FUD from Norton, because the only reason you should need Norton is if Microsoft Windows sucks.

    Which is ironic, because Norton sucks like a black hole with daddy issues.

  9. Re:billions - millions by nedlohs · · Score: 2

    Wow, you aren't very smart are you?

  10. Pffft 1 Trillion? That's nothing! by DarthVain · · Score: 2

    RIAA have this science down pat. I mean they sued Limewire for 51$ Trillion dollars! (insert pinky)

    All these companies come up with BS numbers to push their own agenda. Oh and you can bet every study done by the MPAA and RIAA, were all done by "independent" sources... I mean I recall a number used for piracy being used in Canadian lobby, that was so self refreential it was neigh impossible to figure out where it came from. When they finally did, it was an unsourced, no details presentation, done by RIAA themselves, pass on from them to others, to studies, etc...

    Just like the Academy of Tobacco Studies, the Moderation Council, and SAFTY were all unassoicated with their terrible industry overlords...

  11. raping a company for 20 years is still rape by logicassasin · · Score: 2

    ... no matter what you say, or how you try to justify it, you're still giving it to them with no Vaseline or even so much as a reach around or peck on the cheek. The only reason you're still in business is because you found a sucker of a company and are milking them to make your BMW payments.

    One can get an H1B Indian consultant to stand up an SAP BobJ instance on SUSE 10 for around $160/hr right now and he/she will sit in your office to do the job, you can get them for that much to do a wide range of things from writing your in-house applications to supporting and securing your networks. Companies like Robert Half, Modis, or Experis don't even bill remotely that much for a windows guy to come onsite for basic PC tech work (which is precisely what you're doing), I'll say $50-$60/hr where the consultant doing the work MIGHT get $20/hr of that.

    Nope, you're pretty much a sheister that makes honest consultants look bad.

    --
    Fifty watts per channel, baby cakes.