Slashdot Mirror

← Back to Stories (view on slashdot.org)

The $1 Trillion Cybercrime Myth

Posted by Soulskill on from the 72%-of-statistics-are-made-up dept.

wiredmikey sends this excerpt from SecurityWeek: "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. ... The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, 'The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.' The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled 'Sex, Lies, and Cybercrime,' they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: 'Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.'"

8 of 94 comments (clear)

  1. Of course it's made up by Baloroth · · Score: 4, Insightful

    Obviously, the $1 trillion figure is made up. The real figure is more likely in the tens of millions, maybe a little higher, but probably even less than that. The thing is, and the reason people can get away with citing a number that ridiculous, is because it is so large. People simply have no concept of scale that large. You can't hold a number that large in your head, not insofar as it applies to something real. As a pure number, sure, but not as a number of something. The human brain can comprehend tens, even thousands: but trillions are simply too large for the mind to hold, which means that as a talking point, a couple billion is about the same as a trillion for your average human: it basically just ends up meaning "a really really really lot."

    If you approach rebuking the number as "well what should the number really be", you aren't countering the key point behind those figures, which is simply to express a massive quantity. If you respond by saying the number should really be in the millions, people will usually scoff at you ("no way McAfee could have been that wrong") or at best simply take the average of the two numbers, which still yields a massive number in their head. The point of such studies isn't to be scientific: it's to be rhetorical. So ultimately, to the people citing that number, it doesn't matter in the slightest if it is true, or how it was a arrived at. All it matters is they have a really big number to cite that they can say is "scientific" or "proof that we need to take action."

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    1. Re:Of course it's made up by Anonymous Coward · · Score: 5, Insightful

      I get suspicious when the number reaches a significant fraction of our discretionary spending on national security/military. I think that's about $750,000,000,000 for 2012.

      $1 Trillion USD is just beyond absurd. That's the same as stealing about 88% of all income tax collected from every person and company in the entire US for an entire year.

    2. Re:Of course it's made up by PopeRatzo · · Score: 4, Interesting

      Obviously, the $1 trillion figure is made up. The real figure is more likely in the tens of millions, maybe a little higher, but probably even less than that.

      Wait a minute now. The derivatives market by itself, is close to $800Trillion. That's "trillion" with a "T" and represents a sum that equals many times more than the GDP of the entire world.

      The manipulation of Libor and stealing by simply timing the rate changes could easily have represented $1Trillion in crime.

      Add to that the investment banks using their position to do high-frequency trading, in effect "peeking" at their customer transactions to jump in front (yes, that's a crime) and all the rest of the straight up fraud and theft that is being perpetrated by the big banks thanks to their proximity to the Federal Reserve and we've left $1Trillion in cybercrime about five miles back.

      You make the mistake of thinking that "cybercrime" can only be Balkan hackers or credit card scammers - small time fraudsters. The real cybercrime is being perpetrated by our financial elite on a scale that makes them absolutely untouchable - out of the reach of any government. Hell, the medicare fraud by the company owned by the governor of Florida, Rick Scott, caused them to pay a fine of a billion dollars, which means the amount they stole using their computer medicare billing system is well over that amount. That's certainly cyber-crime.

      Then look at the $27trillion being held illegally off-shore by American citizens to evade taxes (also a crime and also made possible thanks to computers) and the figure of what could be called "cybercrime" adds up to more than the total GDP of the United States and Japan combined. To give you an idea of the impunity with which this illegal (as in crime) activity is engaged, one of the people who almost certainly took advantage of the 2009 amnesty by which these tax cheats could repatriate their money to the US without facing criminal prosecution is now running for president.

      --
      You are welcome on my lawn.
  2. one in a thousand by RichMan · · Score: 4, Interesting

    Throw that one guy out as a strange "outlier" and the number is zero. That is more believeable.

    Lies, damn lies and statistics. Grarbage in garbage out.

    If it was only one person out of a full one thousand sample then the sample size is way to small to be statistically significant. Whoever did the statistical analysis should be fired. With that low a report rate you don't know it is 1/1e6 or 1/1e9 and you just got unlucky in the sample.

    1. Re:one in a thousand by SJester · · Score: 4, Insightful

      Whoever did the statistical analysis should be fired.

      Why should they be fired? Their job is public relations, not honesty.

  3. the same type of math the RIAA and MPAA use... by logicassasin · · Score: 4, Informative

    The RIAA and MPAA both use similar voodoo-comic book math techniques to justify their "losses" to cybercrime (illegal downloads).

    --
    Fifty watts per channel, baby cakes.
  4. Symatec source citations by sl4shd0rk · · Score: 4, Funny

    "Up to $1 Trillion in losses[1] and "$388 million in IP losses[2]"

    [1] - someguysblog.com
    [2] - foxnews.com

    --
    Join the Slashcott! Feb 10 thru Feb 17!
  5. Re:We trust Microsoft now? by wild_quinine · · Score: 4, Funny

    Well, in this case, it is basically Microsoft defending itself against the FUD from Norton, because the only reason you should need Norton is if Microsoft Windows sucks.

    Which is ironic, because Norton sucks like a black hole with daddy issues.