What Cybercrime Stats Have In Common With Sexual Braggadocio 69
An anonymous reader writes "Microsoft researchers have rubbished figures from cybercrime surveys, deeming them subject to the types of distortions that have long bedeviled sex surveys. All it takes is a few self-styled Don Juans to hopelessly distort the sex-survey figures. Similarly, cybercrime surveys tend to get dominated by a minority of responses, normally those who have or think they have lost a great deal as a result of hacking or malware attack, and are vocal about it. 'Cybercrime surveys are so compromised and biased that no faith whatever can be placed in their findings,' the researchers write."
outliers? (Score:2)
Re:outliers? (Score:5, Insightful)
Firstly: No. Outliers are part of a data set, and it's dishonest to simply dismiss data that does not fit with your expectations.
Secondly: The over-reporters aren't outliers. There is systematic error in asking people to self-report loss due to security breaches. People either fail to respond to polls due to internal security procedures, or they tend towards overestimating their own loss. It's not simply that there's one guy out there saying he lost $5 billion due to hackers; it's that people who respond to the poll tend to overestimate their real losses by some unknown percentage.
Re: (Score:1)
Much like Microsoft overestimates their losses from people using their software without paying them?
Re: (Score:2)
Much like Microsoft overestimates their losses from people using their software without paying them?
If Microsoft say that (made up numbers) a billion people are using pirated copies of Windows for which Microsoft would charge $50 each, then they can legitimately argue that they have lost $50 billion in revenue. It is up to people then to disprove the assumptions made.
Re: (Score:2)
If Microsoft say that (made up numbers) a billion people are using pirated copies of Windows for which Microsoft would charge $50 each, then they can legitimately argue that they have lost $50 billion in revenue. It is up to people then to disprove the assumptions made.
If Microsoft says that a billion people are using pirated copies of Windows that they would have otherwise paid $50 for, then they have $50B in losses. But if there are a billion people using pirated copies that never would have bought the product were it not free, it just means that there is software out there that Microsoft claims is worth $50B. That's a big distinction.
Re: (Score:3)
Re: (Score:1)
Secondly: The over-reporters aren't outliers.
You don't know that. The fact that soemone says he lost $1000 doesn't mean that he did. The paper actually opens with several examples of over-reporters who's data was shown to be incorrect.
Re: (Score:2)
Re: (Score:1)
I think we might have a difference in understanding in what "outlier" means. An outlier isn't a data point that is shown to be incorrect; it's a data point that is numerically distant from the rest of the points in a set. The difficulty with this data set is that it's not just the extraordinarily high values that are incorrect, but that the statistically-average values are under suspicion as well. There might very well be one large company who actually did lose $30 million due to a security breach, and 100 small companies who reported losing $25,000 when they actually lost something closer to $2000. The problem is that the incorrect values aren't outliers; there's a whole bunch of them, so they don't look statistically different from the rest of the data.
No, I think we're on the same page as to what constitutes outlier. The point the paper makes is that for some surveys 75% of the average comes from an outlier or two. This is exactly the case with the 2007 ID theft survey they mention in the intro: the answers from 2 people (in a survey of over 4000) made a 3x difference in the average (and were found to be fabricated). It's quite possible that some of the non-outlier answers were fabricated also, but they don't have the same influence on the estimate.
Re: (Score:2)
Secondly: The over-reporters aren't outliers. There is systematic error in asking people to self-report loss due to security breaches. People either fail to respond to polls due to internal security procedures, or they tend towards overestimating their own loss. It's not simply that there's one guy out there saying he lost $5 billion due to hackers; it's that people who respond to the poll tend to overestimate their real losses by some unknown percentage.
Well at least a sexual braggart knows (or should know) how many he's really slept with. How much business would we lose if we lost our customer data? We might get a decent figure of the people who'll instantly halt business with us. It might be one of the reasons people leave us later, but nobody really knows if it was the tipping point. Trying to guess what amount of new business we've lost is hopeless. Likewise if some competitor now is sitting on our data and stealing customers left and right. That is if
Re: (Score:2)
Well at least a sexual braggart knows (or should know) how many he's really slept with.
Once you get past a couple of hundred, you sort of lose count. Apparently.
Re: (Score:1)
Cant you just exclude the outliers from the analysis?
It depends on whether the outlier data is correct. If you're surveying wealth and some guy claims to be worth $50 billion, you need to figure out if he's telling the truth or not. Outliers have a huge effect on the average, that's the point of the sex-survey. The average number of partners reported by men is 5x higher than reported by women. But if you throw out the outliers among the men the averages are almost the same. Point of the paper is that in cyber-crime surveys they never even examine outlier res
Re: (Score:2)
The average number of sex partners by one sex (assuming hetero sex only and a closed population) is going to differ from the average number of sex partners by the other sex in a way that depends only on their relative numbers. To calculate, you sum the number of distinct pairs of people who engaged in sex, and divide either by the number of people of that sex in the population. Therefore, under realistic conditions, the averages should be almost the same. (The distributions may be different, and the ave
Press releases, on the other hand... (Score:2)
Re: (Score:3)
Cybercrime victim here! (Score:5, Informative)
Hackers emailed me a grenade that blew up my PC! [theregister.co.uk]
It's true!
Re: (Score:2)
You know, there are females out there with good asses.
Those darn "hackers"!!! (Score:4, Interesting)
Everyone exaggerates (Score:3)
Everyone exaggerates how many systems they've penetrated.
Re: (Score:2)
Re: (Score:1)
I have penetrated many beautiful systems in my day.
Oh, you were talking about hacking computers?
Re: (Score:2)
Yes, I have hacked many beautiful women (Score:2)
You mean the guy down the hall in my apartment building with the mustard stains on his shirt *may* be exaggerating when he tells everyone he's the world's greatest hacker and that his "I could be a millionaire if I wanted to be, but I don't hack for money, so that's why I live here" claim could *possibly* be bullshit?
English. (Score:2)
Do the folks at Microsoft speak it?
Verbing weirds language.
Re: (Score:2)
I'm pretty sure that it wasn't Microsoft who wrote the summary.
Same for piracy and BSA stats ... (Score:5, Insightful)
Unfortunately, this is also how Microsoft comes up with numbers for piracy ... they pull them out of their ass, and build guesstimates to suggest they've lost eleventy trillion dollars to piracy. Same goes for the RIAA/MPAA and the BSA. They have no objective numbers.
Microsoft just doesn't like these ones because their OS is at the heart of much of it.
You can't go dissing the methodology when you don't want them to be true, and using the methodology when it suits you. Although, corporations don't seem concerned by such things as logical inconsistencies.
Re: (Score:2)
You can use more accurate numbers to estimate the rate of piracy because they don't rely on self reported surveys. If you can determine how many licenses that Microsoft issued in the region and compare it to computers that are running windows update, you can get fairly accurate statistics.
The amount of profits lost are subject to more debate because you don't know what percentage of sales are lost as a result of piracy. Microsoft will likely overstate this effect while pirates will understate this effect.
Re: (Score:2)
Agreed. If you can know with reasonable accuracy how many copies of Windows was sold, and how many was installed - then you can make a reasonably good estimate of piracy.
But it's -real- tricky to estimate economic losses. The maximum is easy, that's just the standard retail price times the count of pirated copies.
The minimum however, is negative. It's entirely possible that if everyone had to pay full price, the result would be that Windows lost it's dominant position as an OS, and thus that sales would be
There's a difference (Score:2)
Sex surveys can use a large number of samples (up to the entire population if funding permits) which will eliminate the outlier bias problem. Victims of cyber crime are a smaller population from which to sample. And those victims are not representative of the Internet community. They are either attractive targets or too stupid to secure their systems. Its like asking blonds with big tits how many partners they've had and extrapolating.
From TFA:
It's well enough established that men claim to have more female sexual partners in sex surveys than women claim male partners, a discrepancy that can't be explained by sampling error alone.
That can be explained by a few women I know. They can take on t
Re: (Score:1)
The BBC did a study during one of it's sex ed type shows (don't remember which one). They asked males and females about their sexual partners then asked them the same questions under a lie detector. The males tended to over state a little bit (to impress people) while the females understated more (to not seem like sluts).
The lie detector checked results came out with males and females having the same amount of partners.
Re: (Score:2)
Not an anonymous survey? Of course people will exaggerate.
The Kinsey Reports [wikipedia.org], based on anonymized data are remarkably accurate. Consider that their figures for male homosexuality were collected at a time (1948) when such behavior was not socially acceptable, let alone the basis for bragging.
Re: (Score:2)
So, a typical woman may have fewer partners than a typical man, even while it all balances out, due to those wonderful girls at the far end of the spectrum.
Re: (Score:1)
It peaks at four? (????)
I'm either a manslut, or you're a priest.
OK, so I do live in Brazil, we're a more open society etc etc etc but ARE YOU A FUCKING AMISH?
I'm well past four and I don't even think I'm at MY peak yet.
Re: (Score:2)
It peaks at four? (????)
I'm either a manslut, or you're a priest.
Remember, this is Slashdot. Where everyone's girlfreind's last name is JPEG.
I'm well past four and I don't even think I'm at MY peak yet.
I hit four when I went to band camp in high school.
Re: (Score:2)
It peaks at four? (????)
I'm either a manslut, or you're a priest.
OK, so I do live in Brazil, we're a more open society etc etc etc but ARE YOU A FUCKING AMISH?
I'm well past four and I don't even think I'm at MY peak yet.
For most slashdotters it peaks at one, if they've got a sister who needs help with her maths homework on a regular basis..
Re: (Score:1)
Re: (Score:1)
It's well enough established that men claim to have more female sexual partners in sex surveys than women claim male partners, a discrepancy that can't be explained by sampling error alone.
That can be explained by a few women I know. They can take on three men at a time. So unless you correct the survey for them, the numbers won't match.
No, it can't. Suppose one woman sleeps with 100 guys. One woman increased her count by 100, and 100 guys increased their count by 1 each. The average number of heterosexual sex-partners that men and women have had is the same. Do you need me to draw you a diagram?
Re: (Score:2)
Now, think about what happens to a statistical sample if you miss that one woman.
Re: (Score:2)
That might make sense if we were talking about a single study but the data is consistently out, in the same manner, across hundreds of studies over several decades. You can't just accidentally miss the really promiscous women every single time (well you could but it is statistically improbable).
The only two viable explanations I've ever heard (and I use the term loosely for the second) is that either there is consistent incorrect self reporting or extremely promiscous women have such a higher rate of death
Re: (Score:1)
Definition of Crime (Score:2, Insightful)
oh, this is victim's survey (Score:2)
Re: (Score:2)
Ony two? (Score:2)
And three hacks?
Dude! Everyone knows that it's one babe per hack. By accepting such low standards you're screwing up the surveys.
Re: (Score:2)
So this applies to the RIAA/MPAA as well? (Score:1)
So this 'over reporting' and overstating and exaggeration of loss applies to the MPAA/RIAA too right? After all, just two months ago they claimed losses in the trillions of US dollars, and yet the sum they quoted was many times more than their entire industries made -adjusted for inflation- worldwide for the entire time of their existence. Yet draconian laws created by them and enacted by bribed corrupt politicians and enforced by punishment-does-in-no-way-fit-the-crime law enforcement agencies happens at
Re: (Score:1)
Speaking of growing crises and sex... (Score:2)
I'm going to the bar to get laid and stop discussing people that are vain idiots...
Re: (Score:2)
Does anyone REALLY use bedevilled in a negative context these days? It means to de vile or to remove vile people. Just to correct your paranoid lies there ...
No, bedevil means to torment or annoy. The root is be-devil not de-vile.
Re: (Score:2)
Dateless nerds assume no one is really getting any (Score:2)
Sorry nerds, some of us really are sexual tyrannosaurs.
Re: (Score:1)
Sorry nerds, some of us really are sexual tyrannosaurs.
Sorry, I'm not getting your metaphor. Does that mean you haven't had a chance to reproduce in millions of years, or that you have stubby almost useless appendages?
I see another connection here... (Score:2)
Maybe the people complaining about cybercrime just need to get laid.