Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Regrets "Flawed" Trillion Dollar Cyber Crime Claims

Posted by samzenpus on from the price-of-things dept.

Techy77 writes "McAfee's chief technology officer Mike Fey has admitted that he regrets his own company's estimates, which once pinned global losses from cyber crime at more than $1 trillion. From the article: 'A more recent report commissioned by the security company, and released last month, reduced those estimates to as low as $US300 billion globally, but specifically noted the difficulty of determining exactly how much companies, governments and individuals could lose if subject to an attack. “It’s very difficult to put a dollar figure on it,” Mr Fey said. “When you meet an engineer that has spent a good chunk of his life working on some innovation and it’s stolen overnight, you get a good feeling for what [intellectual property] loss means. It is the shift in a moment’s instance from an innovative company set strategically, to loss. It becomes difficult for that company to invest in innovation."'"

39 comments

  1. Wow, an article about McAfee Inc by Anonymous Coward · · Score: 2, Insightful

    Wow, an article about McAffee Inc and not McAfee the loon. Well done Slashdot!

    1. Re:Wow, an article about McAfee Inc by Anonymous Coward · · Score: 0

      But...

      John McAfee is my personal hero. ;_;

    2. Re:Wow, an article about McAfee Inc by lxs · · Score: 3, Interesting

      Yeah. I was disappointed as well. Turns out this guy is equally delusional.

    3. Re:Wow, an article about McAfee Inc by gl4ss · · Score: 1

      well mcafee isn't so loon to claim 1 trillion and then downgrade it to mere 300 billion(which in these units I suppose is 3/10th of trillion.

      as if that number was based on any reality any more! I mean, as a number it's right up there with the one trillion claim.

      --
      world was created 5 seconds before this post as it is.
    4. Re: Wow, an article about McAfee Inc by jd2112 · · Score: 2

      He has a Masters degree in mathematics from RIAA University.

      --
      Any insufficiently advanced magic is indistinguishable from technology.
    5. Re:Wow, an article about McAfee Inc by Anonymous Coward · · Score: 0

      Funny when a virus scan flagged McAfee anti-virus program as a virus. So then wouldn't the McAffee program then have commited cyber crime by being a computer virus costing wasted time to remove it?

    6. Re: Wow, an article about McAfee Inc by Samantha+Wright · · Score: 2

      Given that the RIAA and MPAA invented a bogus organization called the Federation Against Copyright Theft just so they could put "Source: FACT" in the fine print on their propaganda, I'm guessing their university would be called something like Teaching Ruthlessly that Understanding Theft Hurts.

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    7. Re: Wow, an article about McAfee Inc by Samantha+Wright · · Score: 1

      ...wait, wait, wait, don't stop reading; I've got like a hundred of these. "Trying Responsibly to Understand Technology is Hard," "Tarnished Relics Uselessly Transmitting Hubris," "Transportation Replication = Ugly Truth of Humanity," "Treacherous Republicans Unwisely Thwarted Heaven..."

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    8. Re: Wow, an article about McAfee Inc by Anonymous Coward · · Score: 0

      Completely Useless Non-Technical Scumbags?

    9. Re: Wow, an article about McAfee Inc by Samantha+Wright · · Score: 1

      That was probably in the run-off for the naming contest, yeah.

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
  2. real answer by slashmydots · · Score: 2

    Let me paraphrase: "Sorry, we were all sniffing really freaky McAfee-brand bath salts while we came up with that number"

    1. Re:real answer by bluefoxlucid · · Score: 1

      I particularly lied the part about intellectual property theft being so toxic. It's like saying: "When you meet a girl who has spent her whole life living to Christian values, and she in college when she's 23 gives an old school friend she's known for 15 years who has had an STD test in the past month and came up clean a blow job and immediately contracts HIV and her life is ruined overnight, you get a good feeling for what the dangers of STDs mean."

      These kinds of theft-to-ruination stories are so extremely rare we write every single one of them into the history books as monumental events. From the capacitor plans a Taiwanese company's strategic hacker stole (incomplete stabilizer, so they produce the caps that explode on motherboards) to Shitman of Bloodlust Software taking his ball and going home after his source code for NESticle was stolen and released, we've marked them all as major historical events.

      --
      Support my political activism on Patreon.
    2. Re:real answer by ackthpt · · Score: 1

      I regret their idiocy, too.

      How about you?

      --

      A feeling of having made the same mistake before: Deja Foobar
    3. Re:real answer by MightyMartian · · Score: 1

      "I kill for cybercriminals for fun, but for bath salts and hooch, I gonna carve him up real nice."

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:real answer by Anonymous Coward · · Score: 0

      "Major"? No.

  3. Wow ... by gstoddart · · Score: 1

    So, numbers reported about a threat were inflated by an entity who profits off the perception of that threat.

    Gee, I'm totally shocked at this. Nobody would ever put out alarmist numbers.

    Part of me suspects that someone knew at the time these numbers were crap, but decided they made for a good story and went with them.

    Assholes.

    --
    Lost at C:>. Found at C.
    1. Re:Wow ... by khasim · · Score: 1

      I'm sure that they knew the numbers were crap. Just like they're still going with the crap.

      From TFA:

      âoeWhen you meet an engineer that has spent a good chunk of his life working on some innovation and itâ(TM)s stolen overnight, you get a good feeling for what [intellectual property] loss means.

      And does Mr Fey have the name of that engineer so that others can "meet" him/her? And interview him/her?

      Or is that ANOTHER fiction created to help move product?

      ... but specifically noted the difficulty of determining exactly how much companies, governments and individuals could lose if subject to an attack.

      And why are "individuals" grouped together with governments and companies?

      Any cumulative losses, he said, would likely ignore data breaches that companies failed to disclose to the public, or those who did not know they had been breached, a problem in itself he said.

      So any losses calculated MAY not include losses that were not known to have been losses at the time of the calculation.

      âoeIf youâ(TM)re a Fortune 10,000 company, youâ(TM)ve been breached.â

      And if you're running McAfee software, you may not even know that you've been cracked. Although, to be fair, the same can be said of Norton and any of the other "anti-virus" software.

    2. Re:Wow ... by halcyon1234 · · Score: 1

      And does Mr Fey have the name of that engineer so that others can "meet" him/her? And interview him/her?

      Gabe?

      Yes yes yes that's an outlier, doesn't fit the term "stolen", blah blah blah. Continue on...

      --
      UTF-8: There and Back Again
  4. Personal Loss??? by SeNtM · · Score: 4, Insightful

    I have yet to meet an independent engineer who has had work stolen by someone who commits the type of cyber crime that McAfee claims to protect from.

    I have met individuals who claim to have had their life's work stolen by corporations, who subsequently patent it and then troll on the patent.

    Small companies and corporations seem like more likely targets of that claim, and the perpetrators are likely larger companies....imho.

    --
    "There ought to be limits to freedom." -George W. Bush
  5. An associated Law by labradorx · · Score: 1

    Since McAfee is an Intel subsidiary claims like this should have a law, the Moore or Less law.

    1. Re:An associated Law by gstoddart · · Score: 1

      Since McAfee is an Intel subsidiary claims like this should have a law, the Moore or Less law.

      I'm going to go with plain old common sense -- never trust the numbers about the scope of a problem from an entity which sells you a product to combat the problem. Because, predictably, those numbers are going to be bullshit.

      Similarly, TSA and the spying agencies ... also full of shit when the tell you how good of a job they're doing and all they've achieved.

      --
      Lost at C:>. Found at C.
    2. Re:An associated Law by Anonymous Coward · · Score: 0

      Whoooooshhhhhhh

    3. Re:An associated Law by Anonymous Coward · · Score: 0

      Just because someone doesn't acknowledge a stupid pun doesn't mean they didn't get the (alleged) joke.

  6. Easy solution by houghi · · Score: 0

    When you meet an engineer that has spent a good chunk of his life working on some innovation and itâ(TM)s stolen overnight, you get a good feeling for what [intellectual property] loss means.

    If you are worried about people stealing your intellectual property, don't have any intellectual property.
    There already is a solution for that AND it gives you the advantage of using the code of all those others that were working on innovations.

    Dear management: Next time you send us on some forced team building where we learn how a team is better then an individual: come with us and listen.
    Now apply this to other things as well, like multiple companies. Suddenly we are a team working on a solution.

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:Easy solution by Anonymous Coward · · Score: 2, Insightful

      If you are worried about people stealing your intellectual property, don't have any intellectual property.
      There already is a solution for that AND it gives you the advantage of using the code of all those others that were working on innovations.

      Dear management: Next time you send us on some forced team building where we learn how a team is better then an individual: come with us and listen.
      Now apply this to other things as well, like multiple companies. Suddenly we are a team working on a solution.

      Can I mod this +1 Incomprehensible?

    2. Re:Easy solution by Anonymous Coward · · Score: 0

      It's very straightforward, he's a cyber-hippy. The sort of person who thinks that "costs" and "revenue" are what's really getting in the way of progress on the internet. If we could all just get together and have a drum-midi token-ring network together, we could, like, solve everything that's going wrong, man, on the internet.

  7. chex by Impy+the+Impiuos+Imp · · Score: 4, Funny

    admitted that he regrets his own company's estimates, which once pinned global losses from cyber crime at more than $1 trillion

    "The real problem was due to the exchange rate," he said. "We actually estimated losses at over 25 Bitcoins."

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  8. Cry me a river by Anonymous Coward · · Score: 0

    It becomes difficult for that company to invest in innovation.

    So a company fears that their precious IP will be stolen so they stop "innovating," boohoo. Nobody cares, there are 5 billion of us and somebody somewhere will continue to invent and create. 100 years from now nobody will say "if only those thieves hadn't discouraged ZYX Inc. from innovating, we'll all have flying cars now."

  9. "Global" losses? by K.+S.+Kyosuke · · Score: 1

    When you meet an engineer that has spent a good chunk of his life working on some innovation and it’s stolen overnight...

    ...then someone else wins, reducing the global losses. Also, it's horrible to try to calculate "losses" from this reasoning. So Xerox executives getting outwitted by the Apple folks regarding GUI also counts as "a global loss"?

    --
    Ezekiel 23:20
    1. Re:"Global" losses? by DidgetMaster · · Score: 1

      So by your reasoning, if someone steals your car, phone, computer, money...it isn't a loss...because it was someone else's gain??? Even by your calculations, there are real global losses when individuals and companies figure out that their property rights are not protected and thus fail to produce something of value in the first place because the chance of it being stolen are so high.

    2. Re:"Global" losses? by gl4ss · · Score: 1

      that's actually only true if people were saving money because they had nothing else to buy.

      that is not true. so the global losses can't be that high, since there is not that big amount of money going to savings. of course you could try to argue that due to the cybeeeeerthreats resources aren't being utilized, but that claim seems a bit far fetched as well.

      what mcafee actually meant with the 1 trillion and now with the 300 billion number was quite simply the amount of money they estimate should (in their eyes) be paid to them.

      --
      world was created 5 seconds before this post as it is.
  10. It was a misprint by jennatalia · · Score: 0

    That's one hundred trillion dollars! (with Dr. Evil pinkie)

  11. The problem isn't the amount, it's the motive. by SomePoorSchmuck · · Score: 1

    but specifically noted the difficulty of determining exactly how much companies, governments and individuals could lose if subject to an attack. “It’s very difficult to put a dollar figure on it,” Mr Fey said.

    So... why put a dollar figure on it? If the number is 4 trillion or 90 billion, what would be the difference in strategies that consumers and organizations should pursue in each case? Fey's language is so obviously just more marketdroid conjuration babble -- "Look! look over here at my right hand! Nothing in it at all! ."

    The fact is, Mr. Fey, that the danger of security flaws isn't in the direct dollar amount of damage done by any single incursion, nor in the aggregate sum total of attacks to date. The danger of unsecured machines/networks is cost-neutral, because an unsecured machine/network necessarily implies an infinite relative cost to you -- that is, it is the state of being unsecured which is untenable, not the potential monetary loss. If your neighbor one night digs a trench through your yard and buries an extension cord spliced into your house's electrical power, does it really matter to you whether he is only plugging in his mp3 player to charge it once a week, versus running all his refrigerators and washing machines?

    You cannot really put any dollar amount on someone else controlling part or all of your machine/network, because Access is not an object, it is a potentiality. A security hole is a hole is a hole. Patch it up regardless. If on September 10, 2001 some insurance actuary named Smith would have calculated the "loss" experienced in an airplane hijacking by determining the depreciated cost of the plane itself, any cargo it carried, the cost of compensatory marketing to restore consumer confidence, the earning potential of the passengers, etc. The next day, a bunch of black hat social engineering crackers capitalized on a long-unpatched security hole - Access to the cockpit - to pull off an exploit which had an eventual cost far exceeding our actuary's previous estimate by several factors of ten. (And that cost will continue to reverberate/multiply for decades to come.)

    The focus on dollar value is simply Mr. Fey's way of opening the haggling process over how much his company wants to charge you. He knows that whatever number "industry experts" give will be quoted and repeated by our infotainment media and by other businesses/consultants wanting to stake their own claim in the network security gold rush. Once the notion enters public consciousness, well what's a $25,000/year enterprise license for software and security services to an individual company when faced with the "common sense" understanding that we're talking about great googly moogly-illions of dollars in Crime. So now he's simply been caught overestimating the number, which is expected in ANY good haggle. Now he's here to tell us "Okay, okay, because you're such a good friend, I'm going to roll it down to $300 billion -- special just for you!"

    Don't constantly test and patch flaws because of some dollar amount reported by some "expert study" you read about. Constantly test and patch flaws because a good administrator takes care of business. The number is FUD, but your job is the same either way.

    --

    Hollywood, Television, has become the dream machine. We need to take that back; each of us is a Dream Machine
    1. Re:The problem isn't the amount, it's the motive. by tepples · · Score: 1

      Don't constantly test and patch flaws because of some dollar amount reported by some "expert study" you read about. Constantly test and patch flaws because a good administrator takes care of business.

      There's some disagreement about what is a "flaw". For at least five companies that I can name, it's a "flaw" if the owner of a computing device that the company manufactured can execute a program that he wrote on the device that he owns.

  12. McAfee costs 1 Trillion by EmperorOfCanada · · Score: 1

    As far as I'm concerned it is the bloated piled of McAfee that costs piles of money in lost productivity not to mention the number of embedded systems where the "Your subscription is running out" crap pops up on some jumbotron.

    Trialware installs of McAfee and Norton AV are the number one reason I long ago told people to stop buying PCs with Windows on them. I don't really mind windows but I got sick of every relative begging for my help to remove all the bloatware for AV, music services, game services, etc that came with their "blank" machines. My windows buddies all say that the Microsoft AV tool is great (and free) so Dell, HP, Toshiba, etc aren't providing a service when they "offer" any of this bloatware.

    I don't even like "removing" it as I don't feel that the result is a clean install. There are usually scars and grime left behind.

  13. McAffonomics by Anonymous Coward · · Score: 0

    From the article:

    Global chief technology officer Mike Fey told The Australian Financial Review that he regretted his own company’s estimates, which once pinned global losses from cybercrime at more than $US1 trillion, and that even recent, more conservative estimates were “hard for me to swallow”.

    “I wish we had never put a dollar figure on it,” Mr Fey said. “[It is] very scary to just latch onto the number.

    “People take that half-a-trillion number, and say ‘that’s what it’s worth’. What they forget is organisations are spending a very large amount of money to defer attacks today – so there’s an additive number that has to go on top of that. "

    So half the 1 Trillion figure is their own estimate of dollar income to themselves and their ilk...