Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Crime

Cybercrime — an Epidemic? 74

ChelleChelle writes "'Cybercrime is pervasive, nondiscriminatory, and dramatically on the increase.' So states TEAM CYMRU, an altruistic group of researchers focused on making the Internet more secure. This article is a look into the root causes of Cybercrime, its participants, and their motivations, as well as suggestions on what we can do to stop this epidemic." From the article: "Many victims do not seem to draw the correlation between their losses and cybercrime; worse, they often view it as a crime that is impossible to investigate and prosecute. For cybercrime to be acknowledged as an important issue, the victims must report such incidents to a receptive law enforcement community with a well-informed judiciary. Attempts such as the president's National Strategy to Secure Cyberspace represent a significant first step in the right direction. To have the desired impact, however, the detailed provisions delineated as action/recommendations must be implemented."
This discussion has been archived. No new comments can be posted.

Cybercrime — an Epidemic?

Comments Filter:
  • I recently (days ago) posted an on-line ad to sell my car. Within a day I found 5 missed calls all from the same number. Hmmm, better carry my cell phone with me until I sell this thing.

    Next time he called, he asked if the car was still for sale. Yes! Cool, maybe I can sell this thing.

    He asked if he could send someone out to take some pictures... I asked what exactly it was he wanted. He said they (autotrader magazine) was having a special and they wanted to run my car ad in their mag for the special on

    • by b0s0z0ku ( 752509 ) on Friday November 10, 2006 @12:32PM (#16795598)
      It's probably not truly a crime, but it seems sleazy at best. Why would people be allowed to base their cold-calls on someone's posted ads?

      You posted your number with the premise that you're selling a car. They're just trying to sell you a service based on that information. Now, if you would have put a disclaimer (like on Craigslist) saying something like "bona fide buyers only. No commercial services or solicitation," you might have been (in theory) entitled to recover civil damages.

      -b.

    • by Red Flayer ( 890720 ) on Friday November 10, 2006 @12:36PM (#16795662) Journal
      Google is your friend. [google.com]
      By the way, this is why you never post your cell number online. Set up a temp email address instead, or ask interested buyers to post their number, not yours.
    • For the record, if anyone's interested, the phone number from which they called is: 407 515-6094.

      Yep. That's autotrader. See this thread from rec.autos.misc [google.com] and this from ripoffreport.com [ripoffreport.com]

    • by IANAAC ( 692242 )

      I also got the first e-mail on that cell phone EVER from someone interested in buying my time share? WTF? I don't have a time share.

      I got one of those last week. I don't publish my cellphone to ANYBODY, other than my family and a few friends. Most of my friends don't even have my cell. I can only think that it is Cingular itself that has given up my number to others.

      And actually, I get no unwanted calls on my home line either, since it's a VOIP number given to me by Speakeasy.

      • According to Cingular, they never distribute cell phone numbers. I have cingular and have never received such a message.

        Phone prefixes (the three numbers after the area code) are general specific to a provider. If your number is 214-555-8752, then someone who is 214-555-9761 probably has the same carrier as you. What this means is that Everyone with 214-555 is a Cingular customer, thus all cell users. That's ten thousand known victims--I mean potential marks--I mean customers to text message.

        They're probabl
    • by kfg ( 145172 )
      Why would people be allowed to base their cold-calls on someone's posted ads?

      Because information wants to be free. Sorry, but every silver lining requires a dark cloud to line.

      The obits will be used for apartment hunting.

      KFG
    • by DrLov3 ( 1025033 )
      Simple, remove all laws involving a computer or data .... we'll know it's not a crime at that point :)

      That being said ....

      The article mentions reporting the incidents to a "receptive law enforcement community with a well-informed judiciary"

      Not happening!!! There is no such thing!
    • Most not all are scams. CarShopper, TimeShare ... other service offers to help sell property (Car, House ...).

      You pay for the service, lose your money, get ducked ..., but get only vapor-services. Thirty years ago it was all fraud, but now it is just SOS business for US.

      When you think and/or feel WTF (What...), then it is WTFU (Want To Fuck U), but you already know this ....

      USA politics, religion, business ... too many are now legally schooled in fraud, scams and crimes. It must be legal now, look at the di
  • by Lumpy ( 12016 ) on Friday November 10, 2006 @12:30PM (#16795582) Homepage
    Where there is money, there will be thieves.

    Simple as that, the internet has easy money and easy access. Coupled with the ability to steal from long distance and dramatically lowered possibility of getting caught...

    It's a no brainer, of course the level of cybercrime is increasing.
  • by GoMMiX ( 748510 ) on Friday November 10, 2006 @12:36PM (#16795668)
    I've delt with cybercrime more than once. Doing the legwork and tracking the perpetrator down wasn't difficult for me - but had I not done it myself it would have never been done.

    Until law enforcement steps up to the plate and carries over on their job, people are going to continue to feel this way. Even once I had tracked the perpetrator down I had to personally go into the local prosecuting attorney's office to re-explain the case because they didn't get it either.

    People have a reason to feel like they are unprotected on the internet.

    It's because for a greater portion of incidents, they are.

    Then there is the FBI's fraud division they setup online - which seems to be there for the sole purpose of reducing phone calls they have to take, while yet ignoring the reports unless they are very large cases - something I have seen discussed here on slashdot more than once.

    I'm sure there are people with victorious memories over online criminals, but those are surely trumped by the sheer volume of cases where the victim reports the crime and the responsible law enforcement authorities do absolutely nothing if for no other reason than they simply do not know how.
    • It's a hard problem for more than one reason. The first is the issue of jurisdiction. How exactly do you hold someone responsible for theft or fraud that is in a another state, or even better--another country? And how exactly are you sure that this is the perpetrator? People in the underground have been using botnets for years to do their bidding, I'm sure they couldn't hide their tracks by some sort of proxy... Not to mention the fact that the IP address used could be dynamically changed by the ISP. See RI
    • by GigsVT ( 208848 )
      You got it. My wife tried to report someone who charged some stuff to her card to the local police, they told her "the Internet isn't a place, so we can't investigate anything".

      It's not a question of lack of reporting, it's a question of no one being willing to listen to the reports and try to do anything about them.
    • by mcrbids ( 148650 )

      People have a reason to feel like they are unprotected on the internet.

      It's because for a greater portion of incidents, they are.


      To a certain extent, that's true for any kind of crime. Police do only the minimum amount of detective work to qualify for the term "investigation". They are inundated with things to investigate. If you want police to work for you, you have to dig for yourself, get all the evidence together, document, photograph, and substantiate everything, and hand over a case pre-cut and ready
  • by konsole1981 ( 899651 ) on Friday November 10, 2006 @12:37PM (#16795678)
    With my credit score, ID theifs will get nothing other that some collection bills...
  • Comment removed based on user account deletion
  • by tootingbec ( 561955 ) on Friday November 10, 2006 @12:51PM (#16795894)
    If so, watch out: there's been a security leek!
  • by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Friday November 10, 2006 @12:52PM (#16795910) Homepage Journal

    And I mean, web-forms vandalism. From spammers to Wikipedia vandals. The reaction is always "clean up and forget". Or, when a particular page is too frequent a target — protect it to registered users only.

    Not enough, IMO. The vandals should by sought out and prosecuted — {RI|MP}AA style — making a few high-profile prosecutions against (semi-)randomly picked abusers to "drive it home" to others, that one's being far away does not make them immune.

    • Re: (Score:3, Insightful)

      by LordSnooty ( 853791 )
      But just what is illegal about vandalising something like Wikipedia, where all the text is freely editable as per the GNU FDL? Ah, you were joking... right?

      Of course, the US government had a great opportunity to make spam a crime, but the opt-out nature of the legislation meant it was bit of a damp squib.
      • by ahodgson ( 74077 )
        Of course, the US government had a great opportunity to make spam a crime, but the opt-out nature of the legislation meant it was bit of a damp squib.

        The entire point of CAN-SPAM was to preempt state legislation that did in fact make spam a crime (or at least something individuals could sue for). The bill was basically authored by the Direct Marketing Association. The feds, for the most part, never had a single intention of making spam a crime.
      • by mi ( 197448 )

        But just what is illegal about vandalising something like Wikipedia, where all the text is freely editable as per the GNU FDL?

        The license covers only what can and can not be done with the information outside of Wikipedia itself. And other sites suffering from web-form abuse may have totally different licensing/rule of conduct too — this is irrelevant.

        As to "just what is illegal" — IANAL, but the vandal's intent may have something to do with it.

        Ah, you were joking... right?

        No, I was not.

    • by jotok ( 728554 )
      The reaction is always "clean up and forget".

      This is because for IT types, the focus is on connectivity and uptime and nothing else.
      This is why many companies are starting to set up IT security departments independent of the IT support staff: You can barely count on the IT guys to install patches, much less track down customer complaints of fraud or compromised systems. To be charitable, most of them are overworked, but that only lends more support to setting up independent departments.

      I also find that IT
  • There's not a single meaningful statistic in there, just a few anecdotal IRC logs and lot of completely unsubtantiated assertions.

    By The Way #1: They seem to have found some atypically literate hax0rs. I see commas, apostrophes (used correctly!!!), mostly correct spelling.

    By The Way #2: I'm looking forward to all the hello_world.pl'ists ranting about how the ACM doesn't know what "hacker" properly means.

  • And their motto is: (Score:3, Informative)

    by A beautiful mind ( 821714 ) on Friday November 10, 2006 @01:05PM (#16796086)
    Team Cymru [wikipedia.org]: Securing people and sheep - online.
  • Altruistic? (Score:3, Insightful)

    by Dunbal ( 464142 ) on Friday November 10, 2006 @01:07PM (#16796112)
    an altruistic group of researchers

          Just that statement is more than enough to a) scare the crap out of me and b) doubt their "research".
  • Problem w/ cybercrime is that it is unreported. People are either 1) afraid to report, or 2) don't know how to report. Concern #1 is legitimate - some businesses don't want to have everybody know that their security is weak. Concern #2 is awareness problem - users should know what to do in case something bad happens to them. So, to play my part in user education and awareness - some ways to report cybercrime [cybercrimelaw.org].
    • Re: (Score:3, Interesting)

      by hurfy ( 735314 )
      And this will work better than reporting regular crimes how?

      If they are no bodies the cops don't care unless maybe you are a multichain store. The cops get no revenue from a lot of legwork, good luck. If there aren't drug profits or ticket revenue i wouldn't hold my breath.....

      An employee stole thousands in merchandise that was found in his garage and nothing happened. I have yet to have something bad happen to me or work (or the office or apt next door) that was actually solved except the one WE knew the a
  • by BeBoxer ( 14448 ) on Friday November 10, 2006 @01:17PM (#16796272)
    I don't think it's unreasonable to estimate that, in aggregate, spammers and the associated fraud is costing the country billions of dollars. I think it's a travesty that they don't seem to take the problem seriously. What I would do:

    1) Stock pump scams. When one starts making the rounds (Cana Petrolium today judging by my mail), find out who made purchases of the stock in the previous week. Freeze their accounts until the individuals responsible can be dragged into an FBI office. If the FBI/SEC can't locate the individuals then it just means that the laws regulating the stock trade are jokes.

    2) Phishing. Set up fake accounts with the banks being phished and submit them to the phishing sites. I'm sure the banks will be more than happy to help. As soon as anybody tries to transfer money in our out of the account, freeze the account on the other end.

    3) Drug / Software scams. Same as #2. Set up fake accounts with Visa and MC. Submit them to the sites trying to 'sell' the stuff and wait for the account numbers to get re-used somewhere else (you didn't think any of these sites were doing anything other than harvesting CC numbers did you?). Follow the money.

    If the Feds can't do these things, then I think it indicates that we may be at risk of a fairly catastrophic economic collapse. After all, if I can buy and sell stock illegally, take money out of bank accounts fraudulently and buy stuff with credit cards without authorization, and do it all anonymously, it's safe to say the criminals are going to win. If Bush would just declare these crooks to be 'cyberterrorists' and start subjecting them to extraordinary renditions and gitmo treatment, I bet his popularity would surge. And he would be doing something good for the country with his remaining two lame duck years.
    • Dear BeBoxer, We called it yesterday and now it's up 100%! Brand new issue, Cana Petroleum, heading straight up! VERY tightly held, in a booming business sector, with a huge publicity campaign starting up, Cana Petroleum (CNPM) is already bringing our readers huge gains. We advise you to get in on this one as well and ride it to the top! Symbol: CNPM Current Price: 5.87 Projected Price: $15.40
    • by Apotsy ( 84148 )
      1) Stock pump scams. When one starts making the rounds (Cana Petrolium today judging by my mail), find out who made purchases of the stock in the previous week. Freeze their accounts until the individuals responsible can be dragged into an FBI office. If the FBI/SEC can't locate the individuals then it just means that the laws regulating the stock trade are jokes.

      If they truly want to stop stock pump scams, they should start by shutting down all the financial new channels. Then they could bust all the fly

      • Forget about the fly-by-night CEOs. Consider taking out the long-term criminal ones. Jeffrey Immelt of GE is a filthy hypocritical liar, and one of his cronies, John Bucci, is rising higher and higher in the company by lying to his employees and customers, in order to cheat them.

        Then there's Sony, trying to screw customers in order to pump up the short-term stock options of the execs. These are all people who should be placed carefully in sealed plastic bags.

        It's not just one company or a few, though. Once

    • Your suggestion of honey pot accounts (for Banks, Visa, and MC) will never happen. Because the ones losing money are not the Banks, Visa or MC. If they have loses, it's a small fraction of a percent of their profits.

      Why should they spent resources to capture cybercriminals ripping off their customers? They are not altruistic.

    • The problem is there is simply no way you can stop cybercrime when even regular people become petty criminals, they simply overwhelm the available resources of the law enforcement agencies that attempt to put a stop to it.

      I call it "zerging", a term from starcraft:

      Zerging describes a tactic, originating in real-time strategy games but used in many different computer games that is analogous to the human wave attack in real-world ground warfare, in which overwhelming numbers of troops are sent at the enemy, d
    • If Bush would just declare these crooks to be 'cyberterrorists' and start subjecting them to extraordinary renditions and gitmo treatment, I bet his popularity would surge. And he would be doing something good for the country with his remaining two lame duck years.

      Wow! I think you're actually serious. There are so many things wrong with this proposition it's scarey that a grown adult doesn't understand.

      1) Confusing the issue with terrorism means you've misdiagnosed both problems. When you do that your solut
    • Phishing. Set up fake accounts with the banks being phished and submit them to the phishing sites. I'm sure the banks will be more than happy to help. As soon as anybody tries to transfer money in our out of the account, freeze the account on the other end.

      Honeypots have their uses, but they won't prevent phishing as well as you suppose. The "account on the other end" is owned by some ordinary Joe Schmoe who has responded to a job ad as a "financial manager" for some overseas company. Such "money mules" ar

  • Why there is more cybercrime? Because there is more cyberusers. People make Crime, so if number of people in an ecosystem increases, so do crime.
  • by gd23ka ( 324741 ) on Friday November 10, 2006 @01:39PM (#16796542) Homepage
    This is a no-brainer, really. The more you criminalize people the more crime you get.
    Take the internet, and take file-sharing and then just add the two together and
    outlaw file sharing, you get an instant couple of million of additional criminals.

    Nothing to see here, move along citizens. There's a whole "Enforcement Community" to be
    built here on the net, much like the "War on Drugs" racket that criminalizes millions
    of Americans already and is the cause for more than 70% of all incarceration in this country.

    for stupidreason in Drugs War Terror; do
              echo "War on $stupidreason & profit"
    done

    But hey it's for the children and in order to keep them safe we have a billion dollar
              Corrections Industry (Corrections USA Inc. comes to mind)
              Three Letter Agencies that lap up your tax dollars
              Special Police Squads
              Drug Testing Laboratories (to test you at the workplace)
    but that's so 20th century, now with "Cybercrime" we get
    even more people in prison
    even more Three Letter Agencies
    even more Police Squads
    even more Wiretapping and spying on your home computer
    even more searches of your property at the airport (they already started copying harddrives at the AP). ...

    If you're not dumb I think you get the picture: another artificial reason to criminalize, prosecute and
    incarcerate in the making and bread and butter for thousands more of bureaucrats.
    • by jafiwam ( 310805 )
      Uhm, the article mentions "cybercrime" as "commiting a crime while on the Internet" pretty much means there are existing laws and existing crimes, just that the "Internet" part seems to confound and be totally beyond law enforcement abilities.

      And for the most part, the posters are right. When it comes to tech and the Internet, the cops have no clue.

      But of course, a stupid bible thumping shitbag like yourself will miss all the finer points of the details on pretty much everything anyway unless it helps prop
      • by gd23ka ( 324741 )
        Looks like youre unsaved or you would know about Landover Baptist (where only the saved are welcome).

        Lets see... you just called me

        stupid -- debatable
        bible thumping -- Yeah! Amen Brother! Go and visit my church at http://www.landoverbaptist.org/ [landoverbaptist.org]
        neo-fascist -- I thought we just established I am NOT on your team?
        *ian, *ist etc. -- Im not much of a joiner so organized religion is nothing for me.

        a shitbag -- ask my ex out, youre a perfect match for her.

        Here... let me try my hand at a downright mean insult:

        I t
    • If someone hacks into my bank's website and steals the money from my account, it's not actually a crime?

      Thanks for clearing that up for me!
  • by chef_raekwon ( 411401 ) on Friday November 10, 2006 @01:55PM (#16796770) Homepage
    what truly constitutes cybercrime? really?
      - defacing webpages?
      - password sniffing?
      - phishing?

    From my perspective, and my opinion may not always be correct -- the flood of 'cybercrime' by 'criminals' is a step in the right direction. They are forcing everyone to rethink our security models, and our plaintext connections. Far too often we neglect and abuse the passing of cleartext information ... a few will have to pay, for the rest of us to move up a few notches in security. Will you continue to use pop3 and imap over the internet? Will you continue to log into Slashdot without ssl?

    for far too long, we have been using these insecure protocols -- its time to step up and improve our security. How hard is it to use TLS, SASL and SSL? how about setting up our webservers to have a plain text portion, and a security based portion, using SSL? When will we finally learn to look at the URL when we are providing banking information to some seemingly safe site?

    I'll tell you, we will finally have learned, once people have been driven to the point where insecure is no longer acceptable as status quo. Just like Video Card manufacturers that sell their products with 'hdcp compliant' all over the packaging -- so will ISP's, banks, and whomever, about SSL TLS, and secured authentication, etc, on the internet.
  • by hypoxide ( 993092 ) on Friday November 10, 2006 @03:09PM (#16797872)
    Crime history depicts both the advancement in technology developed to commit crime and that developed to prevent it.

    Ignorance toward preventative measures usually results in victimization or a greater likelihood of it. There is no epidemic here. Crime will occur on every medium available-one must simply defend themselves from it. Given, a criminal can be smart enough (or determined enough) to commit an illegal act and this is bound to happen. That is why we have executive and judicial branches of the government-to apprehend and serve justice to those who succeed in breaking the law.

    The internet is in its nascent form (and I dare say almost anarchistic), but it is no less a system effected by (human?-)entropy.
  • I have reported two incidents of cybercrime to the police (neither with me as the victim, fortunately). Both times, a crime report was filed and the ignored. I never heard anything. No evidence was gathered, no action was taken.

    The police themselves have no interest in cybercrime. The resources required to solve it are far greater than those needed to solve real-world crimes (remember, Britian is the spying captial of the world so chances are it will be caught on CCTV).
  • This is not to say that there aren't extremely talented and technical miscreants in the underground, but their numbers have decreased as a percentage of the entire cybercrime universe.

    They got a real job, got married, etc. It happens to the best of us.
  • This is the tragedy of the commons, my friends. A small percentage of asshats ruin it for the rest of us. The law enforcement agencies are either unable or unwilling to help, so it's all up to us.

    When you have 5 minutes, go help out groups like Phishtank [phishtank.org], Akismet [akismet.org], SpamVampire [thescambaiter.com], etc.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...