Forgot your password?
typodupeerror
Security IT

2005 a Bad Year For Security 91

Posted by CowboyNeal
from the feels-good-to-be-gangsta dept.
Greyfox writes "According to CNN, 2005 was a record year for security breaches, with cybercrime netting an estimated $105 billion and the Department of Homeland Security getting its cybersecurity budget cut 7%, to $16 Million. Apparently the government, just like private industry, doesn't pay attention to security until something bad happens to it."
This discussion has been archived. No new comments can be posted.

2005 a Bad Year For Security

Comments Filter:
  • by majjj (644070) on Friday December 30, 2005 @04:25AM (#14363417) Journal
    2005 also saw the largest use of computers on the network... so as a result the crime-rate onthe internet too go up.
    • by oztiks (921504)
      This true but this also breads two things which are apparent these days, cybercrime is now a profitable business and the kids these days are getting smarter much younger age (contact to pcs is just so promienent).

      I dont know about weather or not cybercrime has become worse or better and i'm satisfied beliving it could be directly proportional to the increase of use of the internet in 05 but one thing i do know is that we arent teaching safe programming methods to freshly trained developers and as a directly
    • It may still go without saying, but the problems are still to be found with one particular vendors defects at the epicenter.
    • Stats...50% of the time they are boogus, 50% of the time the are made up.
  • Repost (Score:3, Interesting)

    by NBarnes (586109) on Friday December 30, 2005 @04:32AM (#14363430)
    Governments, Not paying attention to things until something bad happens; See also September 11, 2001
    • Re:Repost (Score:4, Insightful)

      by jc42 (318812) on Friday December 30, 2005 @10:12AM (#14364284) Homepage Journal
      Not paying attention to things until something bad happens; See also September 11, 2001

      Then taking fast, effective action, e.g. banning nail clippers on airplanes.

      Then, when it turns out that you had lots of information beforehand, but didn't have enough translators to handle it, you respond by harrassing the competent translators and forcing them out of government service. See also Sibyl Edmonds.

    • Re:Repost (Score:3, Insightful)

      by Thuktun (221615)
      Governments, Not paying attention to things until something bad happens; See also September 11, 2001

      This is not just security, this is everything. People tend to ignore possibilities that reason tells them can happen, but don't seem real because they haven't happened yet. Once something happens, then they react to it and take it seriously, at least until the urgency fades.

      This is basic human nature and shouldn't surprise anyone.
  • by antifoidulus (807088) on Friday December 30, 2005 @04:40AM (#14363450) Homepage Journal
    $105 billion is more than the trade deficit between the US and Japan, in other words a VERY significant chunk of change. How much of this damage was "real" as oppossed to existing in name only? How did they manage to calculate such a number, and what is the overall effect on the economy? Who are the real winners and losers in this battle?
  • Sorry Guys (Score:1, Funny)

    by Anonymous Coward
    Local mathematician here to update. We're still working on it. Sorry about the delay! We'll have security soon.
  • EVERY YEAR (Score:1, Redundant)

    by SecureTheNet (915798)
    is a record year for security incidents. I don't forsee this chaning next year, either.
  • Define "outgrown." (Score:2, Insightful)

    by Phariom (941580)
    "The Treasury Department says that cyber crime has now outgrown illegal drug sales in annual proceeds, netting an estimated $105 billion in 2004, the report said."

    Perhaps dollarwise, yes. Dangerwise, no. I don't think any Federal agents ever had to face off with any Columbian coderunners in some remote jungle on the ass end of the world. Illegal drugs aren't going to fall off the top of the charts anytime soon just because some douche in the Treasury Department says so.

    Furthermore, nine times out of ten

    • Or, they could just be a bit more specific. For example, they could say something like, "... in annual proceeds..." to make it more clear what they mean.
    • "The Treasury Department says that cyber crime has now outgrown illegal drug sales in annual proceeds, netting an estimated $105 billion in 2004, the report said." That sure is some big cybercrime! I wonder what fertilizer and hydro system they used?
    • Dangerwise, no. I don't think any Federal agents ever had to face off with any Columbian coderunners in some remote jungle on the ass end of the world

      Those same Federal Agents created the danger themselves by making 100% safe drugs like pot illegal. The Drug War is completely bogus and immoral.
    • If cybercrime got the money and attention some pot did, geeks would be in Abu Graib getting tortured by manish-looking women.
  • by Anonymous Coward
    The SLASHDOT effect!
  • by User 956 (568564) on Friday December 30, 2005 @05:20AM (#14363531) Homepage
    Apparently the government, just like private industry, doesn't pay attention to security until something bad happens to it. What do you expect? the way Congress works, nobody gets credit for *preventing* a problem. They only get attention for a fast response after everything all goes to hell.
    • Why do you blame this one on Congress?

      From what I see, just about everyone works that way, especially corporations. I wouldn't single out Congress on this one.
      • Why do you blame this one on Congress?

        Well, pretty much because they're the ones setting the budget for Homeland Security, as discussed in the article. I know it sounds like wild-assed scapegoating, but there you have it.

        If your point was that it's the corporations/individuals fault for not preventing the crime, well, that's like blaming your neighbor when his car gets broken into, isn't it?

        "Cybercrime" is a problem because the level of the enforcement of the law makes it profitable. (People spee
        • I wasn't talking specifically about Homeland Security, I was talking about the behavior. Neglecting prevention is Congress' fault in this situation, but they are by no means the only ones guilty of it. IMHO, businesses are even more guilty of neglecting prevention, because it frequently fails cost analysis, and because we're so bad at doing a good job at factoring risk. If we were good at cost/risk analysis, prevention would get much better play.
    • Not only that, but I'm tired of knee-jerk know-nothings who always spout off "Budget cuts in <insert bloated spending program> means that government doesn't care about <insert contentious issue>".

      Equating the spending of taxpayer dollars with a personal sense of caring and repsonsibility is how this country is trillions of dollars in debt.
      • Equating the spending of taxpayer dollars with a personal sense of caring and repsonsibility is how this country is trillions of dollars in debt.

        No, I think the cost of "defense" is the reason the country is trillions of dollars in debt. Bombs and missiles and tanks and planes and nuclear warheads and biological and chemical weapons are expensive. Storing them all... also expensive. Expensive enough that it caused the USSR to collapse.

        An extra $1.2 million here and there does not $10 trillion make
  • by Parallax Blue (836836) on Friday December 30, 2005 @05:20AM (#14363532)
    I'm not surprised. From what I hear, viruses/trojans/cyber attacks are increasingly done for profit only and not fame. And boy, money does talk... in this case, it's 105 billion doing the talking. And t3h h4x0rz are listening.

    Meanwhile, a 7% drop in budget for cybersecurity under the dept. of Homeland Security! To how much? A billion, you say? Nope... 16 million. Ouch. I don't think that's nearly enough money... not by a longshot. And what about terrorist attacks on our nations internet infrastructure? I'm sure that's been considered by the terrorists.

    Doesn't sound like a good situation to me, not at all..

    -PlxBlu
    • cybersecurity under the dept. of Homeland Security! To how much? A billion, you say? Nope... 16 million. Ouch. I don't think that's nearly enough money

      I don't know - that will pay for quite a few horse judges in the uber department and is a huge budget for "cyberterrorism", but if you are going to consider actual computer crime like fraud and various attacks then a group that actually takes it seriously (and doesn't give it a name that sounds like a robot with a bomb) is probably far better suited to handli

  • by NZheretic (23872) on Friday December 30, 2005 @05:25AM (#14363539) Homepage Journal
    From Twelve Step TrustABLE IT : VLSBs in VDNZs From TBAs [blogspot.com]
    [12] Governments, organizations and individuals are becoming increasingly concerned about software compatibility, conflicts and the possible existance of spyware in the software applications they use. If you have access to the source code, then you can check it and compile it for yourself. This is not an option for closed source proprietary applications, and not everyone has the resources to check each line of source code. One solution for these issues is to employ a trusted third party, separate from the application developer, who is tasked with maintaining a trusted build environment, to build the binaries from source code. The Trusted Build Agent (TBA) would hold the source to each build in escrow, releasing the source code for only open source licensed code. Competing businesses providing a TBA service in a free market would compete with each other in not only price and level of certification, but also on the ability to detect hostile, vulnerable, incompatible or just plain buggy source code. You could request a trusted build from multiple TBAs test the ability to detect defects. Defects would be reported back to the application developers, along with any patches and suggestions that provide a fix. To a lesser extent, most Linux distributions and other operating system vendors that build and redistribute open source licensed code already provide this role.
  • Lol eh what (Score:5, Insightful)

    by SmallFurryCreature (593017) on Friday December 30, 2005 @05:51AM (#14363597) Journal
    Even for a CNN article this is kinda, ehm, short? They quote figures but with absolutly no basis. 105 billion? WOW that is a huge wad of cash. But globally? Restricted to the US? 55 million americans affected that is what like 1 in 5? Again WOW.

    As for the department of Homeland Security getting a budget cut. Well is it even its task? Isn't credit card fraud something for the FBI to tackle? And social security number fraud would probably fall under either your social security agency or the IRS.

    The securing of military IT would be a task for the military and I think the NSA does something with it as well. The US seems to have so many agencies to keep it secure that I cannot remember them all.

    So is that 16 million perhaps the budget for the departments of homeland security OWN security? Do they really have to keep the entire US of A safe with that money or just their own network.

    I like a panic story as much as the next guy but at least give me some basis and do not just trow some random numbers around.

    What exactly is lumped into that 105 billion dollar figure. Every bad check? Counterfit credit cards? Stolen Half-Life keys? And whose job is it to keep us safe? Army? NSA? CIA? FBI? Local police? Department of Homeland Security? Or more likely, all of them for different parts of it?

    • Re:Lol eh what (Score:3, Insightful)

      by kesuki (321456)
      clearly to come to that number they're calculating $1 for every mp3 traded over kazza, emule etc... and $20 for every movie over said p2p services...

      i can't imagine a better way to 'inflate' the dollar value of 'cybercrime' than to include the 'data sharing' crimes, which steal only 'potential' earnings, mostly from people who would have sacraficed on other manufactured goods etc if they had bought said material.

      you might as well take netflix profit, inflate it by 20, and say that's what netflix has cost th
    • "And whose job is it to keep us safe? Army? NSA? CIA? FBI? Local police? Department of Homeland Security?"

      Its YOUR job. Not the government's.

  • We've still got overall internet usage increasing quite a bit every year, so just like everyone else, more criminals are getting online. There are so many aspects of the internet which have yet to be discovered by organized crime factions that find flaws in social systems to make money all the time, and it would be natural to assume that they will be discovering new criminal ways to make money on the internet over the next 5-6 years at least.

    Not until we reach some sort of plateau in internet usage growth
  • My information got compromised twice. The first incident was with eCheck (used at the time by Scottrade), which got hacked into. The other incident was with Colorado Technical University, in which an employee inadvertently mailed out an attachment with a roster of students. This roster included my whole life basically. Perhaps until there is some general law of accountability e.g. SOX, GLBA, or HIPAA companies and institutions will take protecting information more seriously? Perhaps when the cost of securit
  • While I'm not sure how they are able to come up with such numbers, it's fairly obvious that internet-related crime has increased. After all, with each year more people sign on, more options are available, new technology, and new ways to trick others pop up.

    I've seen first hand an increase in phishing attempts this year because I've had to fix - mostly clean - more relatives' computers. More spyware too. I'd say that most of us would agree. It's a shame, really. But I'll also be the first to admit that I've

  • by Anonymous Coward
    For Christ's sake, this kind of bitching is the exact reason you guys have ended up with that Patriot Act mess. For a start, rejoice that they've scaled Homeland Security back. It means that they're actually admitting that there's less terrorist threat than before, and that they're not trying to maintain the police state indefinitely.

    As for the government not taking security seriously until something bad happens to it... all I can say to that is a big loud fart, since for the last five years of my life, whi
    • They probably cut the homeland security budget because most of Bush's buddies have been removed from that office. Whatever section they now inhabit probably saw an increase. Let's see what part of government his old drinking buddies can screw up next!
    • Could it be that the government has always been obsessed with security? Only recently (past 5 years) has instant communication really taken hold for the common person.

      Technology has grown so fast that we have had to throw out the book on traditional security models and reinvent the wheel behind the technology curve.

      Add in that we do not really know what is going on behind the government curtain and the Dept. of Homeland Security is quite possibly just a PR stunt to make the sheeple feel comfortable.
  • http://news.yahoo.com/s/ap/20051230/ap_on_hi_te/w h ite_house_bug [yahoo.com]:

    "Cookies from the White House site are not generated simply by visiting it, according to analyses by the AP and by Richard M. Smith, a security consultant in Cambridge, Mass., who first noticed the Web bug this week.

    Rather, WebTrends cookies are sometimes created when visiting other WebTrends clients. Smith said his analysis of network traffic shows such preexisting cookies have then been used when visiting the White House site."

    Hmmm... Seems
  • by FishandChips (695645) on Friday December 30, 2005 @08:19AM (#14363902) Journal
    It's hard to think of any other industry that costs society $105 billion a year but which goes unscathed, largely unregulated, the darling of the stock market and haven for some of the finest minds around, etc., etc. No the least of the difficulties with cybersecurity is that it's a world of smoke and mirrors in which nearly all the statistics are bogus and all the players claim it's the next guy's problem, not theirs.

    A good example of this is the British guy who recently won a court case against a spammer, thereby setting a legal precedent (as reported on Slashdot yesterday). He managed what platoons of highly paid IT experts and IT lawyers totally failed to do. No one seemed to have asked why the finest minds of our time, blah blah, were unable to find $20 to fund a suit in the UK small claims court.

    Even if the true cost is a fraction of that quoted, this is still a serious matter since it is replicated in every country where there is a worthwhile IT presence. Since the IT industry seems unwilling or unable to reform itself, perhaps governments should step in with a special tax on large IT outfits in order to fund the fighting of computer crime and a severe crackdown on ISPs who happily tolerate bot farms or software houses who knock out software full of holes. Bot/zombie farms, in particular, are the oxygen of online criminals since without them their job is a lot harder. It is almost incredible that so little has been done to choke them off.
    • A good example of this is the British guy who recently won a court case against a spammer, thereby setting a legal precedent (as reported on Slashdot yesterday). He managed what platoons of highly paid IT experts and IT lawyers totally failed to do. No one seemed to have asked why the finest minds of our time, blah blah, were unable to find $20 to fund a suit in the UK small claims court.
      This may work for domestic spammers. The only effect it will have is to drive spamming overseas.

      Even if you can sue some
  • The Garden of Ahhah (hahahahahahahaha) "It was a pretty big year for crashin' A lousy year for Cisco and vole The people gave their paychecks to crimes of phishin' It was a dark, dark night for the collection bowl."
  • I'm an admin-type who has to deal with the aftermath of these security problems, but I;ve always wondered who actually has the time on their hands to discover them. This is especially true for some of the incredibly obscure holes that have popped up in Windows recently.

    Half-jokingly, do malevolent organizations pay a legion of nerds full-time salaries and all the Jolt they can drink to hack on code all day? Or is it lone crackers who just want to be first with a new exploit?

    Even if I wasn't married or had a
  • Apparently the government, just like private industry, doesn't pay attention to security until something bad happens to it.

    Sure, they pay attention. They make sure they've got plenty of meaningless but showy actions and PR releases in place to convince the public that they're doing something. Just like private industry, if you think about it.

    Then, when something bad happens, it's more of the same.

    Meanwhile, if someone points out a real, specific problem that could be fixed, the usual response of both publ
  • by camperslo (704715) on Friday December 30, 2005 @10:22AM (#14364343)
    They're talking about tech (data) security overall, not just the net. The losses result from a variety of problems. Identity theft is high on the list I'm sure. While the online side of this is the first thing we tend to think of, it is also occuring at the retail/mailbox/trashcan/employee level. I read a recent article which pointed out that law enforcement was only fairly recently catching on to the motivation behind one large segment of identity theft. An increasing number of meth addicts are turning to identity theft in addition to more traditional crime to finance drug purchases. An deep understanding of what is happening is essential to dealing with our problems. While efforts to go after criminals after the fact are very important, we need to go beyond that and work at many types of prevention. Education of the public, data handlers, and other areas of law enforcement are essential. Some businesses need some major changes to improve security, and they have been too slow in coming. When companies focus on profits while neglecting the public good, regulation has failed. It's partly the fault of laws limiting liability that Windows continues to be so insecure. Credit card companies seem to be too busy ripping of their customers through obscenely high interest rates and fees generated through unethical behaviours including unethical promotions, contract terms, and business practices. If the credit industry were properly regulated and having to function on more reasonable rates, they'd have more incentive to protect those profits by improving the security of the system. As it is, as long as we're healthy enough for them to feed on, they're happy. (Sounds like the Wraith??)

    It is very misleading to measure what's going on here by the amount of funding to one agency. The roots of our problems go far deeper than that. What we're needing is increased insight, reform, caring, and honesty in all levels of government and throughout society. Much of what government has done through improper regulation, especially at the federal level, has permitted us to be ripped off from all directions.
    The banking deregulation act of 1980 let banks profit while the public was ripped off. It cost us over $1300 PER HOUSEHOLD. The picture grows larger. Some of the bad regulation and enforcement is from political corruption. Still other regulations encourage that. The F.C.C., who has left us ripe for feeding the cable/ISP/cellular/phone companies, has also undermined a core part of our society by changing regulations in a way where commercial broadcasters have strayed far from being responsible trustees of the public interest. We ought to have locally owned licensees (living in the coverage area of stations they own). Instead we've got the broadcast counterpart of Wal-Mart. They're masking much news that matters, and pushing many bad products and behaviours. As a start, if broadcasters had to provide fair and equal political information for free (NO PAID POLITICAL ADS), we'd have far less trouble with politicians needing to sell their souls to fund their campaigns. The media is also more directly connected to some of the lower-tech scams. Has anyone else noticed all of the scammers on info-mercials? Most are not high-tech, although some hide behind satellite phones.
    Changing the rules relating to advertising brought us infomercials, drug ads, and attorney ads. If station ownership was far more diverse, we'd have fewer bad regulations sneaking though while the media acts like one giant eye focusing on one thing excessively while something much worse is happening.
    I think many of our problems, including financial security, are more effectively tackled through good policy than brute-force spending.

    "Good God Katie! This is supposed to be a news show!" - Jim Carrey on the Today Show, as Katie goes into the usual fluff in spite of the people of New York struggling with freezing temperatures outside while having no pubic transportation.
  • Where the hell is Tom Clancy and his NetForce when you need this shit? along with Team RAINBOW and Jack Ryan....
  • I'm sure most of that figure is made up by the **AA in terms of 'pirated intellectual property' and has nothing directly to do with security at all.
  • I call shenanigans on this article.

    Those numbers appear to be made of PURE foo foo dust.

          td
  • "cyber crime has now outgrown illegal drug sales in annual proceeds, netting an estimated $105 billion in 2004, the report said."


    . . . how do they know how much money drug lords make? Are they somehow monitoring ALL the drug deals and not making a move to stop drug deals that they KNOW ABOUT?


    How do they know how many drugs are sold - surely not every drug user or dealer gets busted. . .

    • . . . how do they know how much money drug lords make? Are they somehow monitoring ALL the drug deals and not making a move to stop drug deals that they KNOW ABOUT?

      That's a really good question. In terms of volume (the measurement, not the quantity), the amount of cocaine alone flowing across the borders to the streets defies lack of detection. Something on the order of a skyscraper on a daily basis, I suspect. A big one. How does one accomplish that? Hmmm....

      • It's pretty lame to reply to your own post, I know, but it's worth noting that all the cocaine in the world is grown in a region of Central America roughly the size of Iraq. With the same troop deployment and budget currently being spent in the Middle East, we could have eradicated cocaine crops from the face of the earth, saved countless lives and families, reduced the crime rate in this country by 50% immediately, kept kids alive and out of jail and destroyed the business of the most powerful criminals a
  • This isn't going to get better, it is going to get worse. Look at human beings...extremely complex and complete with a operating system that is CONSCIOUS. Man it can actually tell you when something is wrong. But even a conscious operating system sometimes misses low level hacks until it is too late. Then you have to call in the network admins to try to do some selective reboots which are not always successful.

    Computer systems are very complex, not as complex as humans yet but pretty complex. Their

There is no distinction between any AI program and some existent game.

Working...