Bruce Schneier comments on an NYT report on cybercrime that shows that there's just not much money to be had in being a ripoff artist. Dinei Florêncio and Cormac Herley wrote:
A cybercrime where profits are slim and competition is ruthless also offers simple explanations of facts that are otherwise puzzling. Credentials and stolen credit-card numbers are offered for sale at pennies on the dollar for the simple reason that they are hard to monetize. Cybercrime billionaires are hard to locate because there aren’t any. Few people know anyone who has lost substantial money because victims are far rarer than the exaggerated estimates would imply.
The authors frame cybercrime as a "tragedy of the commons," where the overfishing (overphishing) by crooks has reduced everyone's margins to nothing, making it hard graft indeed. Meanwhile, cybercrime estimates are subject to the same lobbynomics used to calculate losses from music downloading and profits from drug seizures:
Suppose we asked 5,000 people to report their cybercrime losses, which we will then extrapolate over a population of 200 million. Every dollar claimed gets multiplied by 40,000. A single individual who falsely claims $25,000 in losses adds a spurious $1 billion to the estimate. And since no one can claim negative losses, the error can't be canceled.
Cybercrime as a Tragedy of the Commons
report this ad
The Shadow Brokers, a previously unknown hacker group, has announced that it has stolen a trove of ready-to-use cyber weapons from The Equation Group (previously), an advanced cyberweapons dealer believed to be operating on behalf of, or within, the NSA.
The trademark was granted to discount eyewear company Specsavers, whose slogan is “should’ve gone to Specsavers.” If you object, you have until October 12 to file with the IPO.
We’ve been following the trade in remote kill-switches for cars sold to subprime borrowers since 2009, and watched in dismay as they got worse and worse: though John Oliver’s report on the billions inflating the subprime auto-lending bubble touches on these, he focuses on the economic factors — sleaze, corruption, moral hazard — driving the […]
Mophie’s gadgets are reliable, minimalist, and stacked with all the right features. We use these two gadgets to keep our phones, tablets, e-readers, and other electronics charged.Recharge on-the-go with the Mophie Powerstation XL External BatteryThe Mophie Powerstation XL ($39.95) packs enough power to re-charge your phone eight times over. It has three levels of charging, so […]
Earlier this spring, Salesforce announced that Amazon Web Services (AWS) would be its preferred public cloud infrastructure provider. Salesforce developers and AWS developers are already in-demand and paid very well for their expertise, but this partnership opens up the opportunity to become an extremely valuable asset by mastering both. Below are two in-depth courses to help you start or progress […]
Whether you’re trying to start a quirky news blog, open a local Irish pub, or sell handmade furniture out of your garage, one thing’s for sure: your business is not going to succeed if you don’t build it a professional-looking website. That’s why we’re excited to share the WordPress Wizard Bundle.This is a bundle that includes 12 courses about […]
report this ad
It wouldn’t surprise me if the figures are over inflated. But choosing a random sample and then extrapolating is an accepted statistical technique for estimation. Choosing a representative sample and asking the right questions is difficult but the approach is sound.
Also this quote, “… since no one can claim negative losses, the error can’t be canceled.” People can (and probably do) underreport or fail to report losses.
Certainly we should be as worried about these phishers as our elders were of dippers, flimps, and mutchers.