Forgot your password?
typodupeerror
Security Math Stats The Almighty Buck

McAfee Exaggerated Cost of Hacking, Perhaps For Profit 105

Posted by Soulskill
from the exaggeration-is-a-great-capitalist-tradition dept.
coolnumbr12 writes "A 2009 study (PDF) by the McAfee estimated that hacking costs the global economy $1 trillion. It turns out that number was a massive exaggeration by McAfee, a software security branch of Intel that works closely with the U.S. government at the local, state and federal level. A new estimate by the Center for Strategic and International Studies (and underwritten by McAfee) suggests the number is closer to closer to $300 billion (PDF), but even that much is uncertain. One of McAfee's clients, the Department of Defense, has used the $1 trillion estimate to argue for an expansion of cybersecurity, including 13 new teams dedicated to cyberwarfare. Despite the new data, Reuters said McAfee is still trying to exaggerate the numbers." The $1 trillion study has seen other criticism as well, so the new data is a step in the right direction.
This discussion has been archived. No new comments can be posted.

McAfee Exaggerated Cost of Hacking, Perhaps For Profit

Comments Filter:
  • News at 11? (Score:5, Interesting)

    by Mitreya (579078) <mitreya@gmail . c om> on Tuesday July 23, 2013 @10:14PM (#44367289)

    McAfee Exaggerated Cost of Hacking, Perhaps For Profit

    ... perhaps?

    • by Mr0bvious (968303)

      Perhaps if you include the amount paid to virus protection rackets (McAfee et al) it may just reach or exceed that $1 trillion...

       

      • by davester666 (731373) on Wednesday July 24, 2013 @01:41AM (#44368087) Journal

        Next up...losses by big media due to copyright infringement...

      • Perhaps if you include the amount paid to virus protection rackets (McAfee et al) it may just reach or exceed that $1 trillion...

        Don't forget the fake antivirus software that has you remove antivirus software, only to pull malware in, encouraging purchase of fake anti-malware software, which pulls viruses onto your machine, which lands most non-experts into a tech shop, where antivirus software is installed.

        *breathe*

    • by jayhawk88 (160512)

      It might have been trolling?

    • Re:News at 11? (Score:5, Informative)

      by hairyfeet (841228) <bassbeast1968&gmail,com> on Wednesday July 24, 2013 @12:10AM (#44367789) Journal

      Well I got to say most of us little shop guys certainly profit from McCrappy, we get paid to remove that shit because its fricking worse than the malware! You want to see a laptop grind to a fricking halt use McCrappy or Norton and just watch the cycles get wasted.

      So TFA really doesn't surprise me that they are pulling shady shit as their products are frankly more of a PITA than a lot of the infections I've seen of late. You want to know which AVs to avoid? Norton, McCrappy, and I'll get hate for saying this but I'd add MSE to that list. what I've found is that MSE is really more of a placebo, you give it to those that already follow best practices and it'll make them feel more comfortable but it really doesn't do much and usually scores at the bottom of most tests. Honestly that shouldn't be a surprise to anybody as it was originally called Giant AntiSpy and was made to keep spyware and toolbars off, NOT worms and rootkits and viruses.

      If you want a good AV that doesn't cost a dime? Here in the shop I've both tested the AVs myself as well as seen how well they work based on my customers and I'd say Comodo Internet Security and Avast Free are both REALLY good. Comodo is for your geeks as it has really REALLY fine grained controls and you can customize the hell out of it, although frankly you don't have to as for the past few years the defaults have been sane and well thought out. For your non geeks, your average Joes and Janes? Avast Free works really well, it holds their hand with info bubbles in English instead of geek speak, has a built in software updater that will warn you when your third party stuff is out of date, and its UI is REALLY simple and straightforward.

      So do us all a favor and don't reward bad behavior by buying McCrappy, not only are they pulling numbers out their behinds but their AV ties a boat anchor on the system.

      • AV-comparatives puts MSE a little lower down the list of detection rates, but far from placebo.

        I myself have had good results with removing a rootkit on an XP box that had no AV on it before.

      • by danomac (1032160)

        You mean the Avast Free that continually nags users to buy a subscription?

        I used to recommend it to people, but I don't now.

    • by Seumas (6865)

      Don't worry. None of these industry people are ever in a government position responsible for anything related to their business or anything, at least!

      Oh wait...

    • Hey, what's new in the world today?
  • Cyberwarfare? (Score:5, Interesting)

    by Mitreya (579078) <mitreya@gmail . c om> on Tuesday July 23, 2013 @10:22PM (#44367333)

    Department of Defense, has used the $1 trillion estimate to argue for an expansion of cybersecurity, including 13 new teams dedicated to cyberwarfare.

    What exactly is this "cyberwarfare" that I keep hearing about?
    Who are we fighting? What are the objectives? When will it end?

    • by Anonymous Coward

      What exactly is this "cyberwarfare" that I keep hearing about?

      "I put on my robe and wizard hat"...

    • by sjames (1099)

      We're fighting the Cybermen, of course. They want to 'upgrade' us and we don't want them to.

      • by H0p313ss (811249)

        We're fighting the Cybermen, of course. They want to 'upgrade' us and we don't want them to.

        Dammit! Where's the Doctor when we need him?

        Someone fetch the Brigadier quickly!

        • by mrbester (200927)

          Sorry bro, he dead.

          • by H0p313ss (811249)

            Sorry bro, he dead.

            Again? We're going to run out of actors at this rate.

            • I think that the he's dead remark is about the brigadier. The actor that played him died in February 2011
              • by H0p313ss (811249)

                I think that the he's dead remark is about the brigadier. The actor that played him died in February 2011

                a) The actor is dead.
                b) It wouldn't exactly be the first time a different actor took over a role in the series now would it?

                (Tongue planted firmly in cheek. YMMV. This comment is a work of fiction. Names, characters, places and incidents either are products of the author’s imagination or are used fictitiously. Any resemblance to actual events or locales or persons, living or dead, is entirely coincidental. Please keep off the grass.)

    • Other countries and organizations are trying to hack into the US (so they say.)

      We are fighting them on our own electronic turf - "they" being primarily North Korea, China, and Russia (so they say.)

      The objectives are to protect the personal data of the citizens of the United States (the NSA is doing quite enough spying already, after all) and state secrets (which is why they're so pissed at Snowden since they spent all that money trying to stop China from getting shit and he just handed them a laptop. Do

    • We're cyberfighting cyberterrorists to cyberkill them before they cyberkill us. More seriously: Think of the spygames of the cold war, with the punch that you don't need to physically be in the location you're attacking. The objectives are as diverse as they ever were: gather intel, sabotage, manipulate data and the public. So we're targeting any device worth spying on (that is, all of them, prioritized), any infrastructure, any database, any public (foreign or otherwise). And we (our devices, infrastruct
    • by Tom (822)

      Wars ending? You still from the 20th century? When is the last time the USA ended a war? Iraq, Afghanistan, drugs, terrorism - all the more recent wars are designed and intended to last forever.

  • by Trepidity (597) <delirium-slashdot@@@hackish...org> on Tuesday July 23, 2013 @10:23PM (#44367337)

    If I get this correct, this is the original study being challenged:

    A 2009 study (PDF) by the McAfee estimated that hacking costs the global economy $1 trillion.

    And here is the new evidence:

    A new estimate by the Center for Strategic and International Studies (and underwritten by McAfee) suggests the number is closer to closer to $300 billion

    So this is two different McAfee-funded studies dueling it out?

  • by Joe_Dragon (2206452) on Tuesday July 23, 2013 @10:27PM (#44367365)

    mcafee is POS software anways

  • by symbolset (646467) * on Tuesday July 23, 2013 @10:29PM (#44367375) Journal

    Further on they say global losses are "probably" in the "range" of $300 billion.

    These are the losses - data loss, the costs of identity theft and notification. If you want to count the cost of the Windows malware ecosystem you have to include both the losses and the cost of defense. That's all the costs of data losses, the entire revenues of all antivirus, firewall, next-gen endpoint sofware companies including the (now Intel) McAffee. These things cost money, and without the Windows monoculture they could not persist.

    I have long said that the cost of the Windows malware ecosystem far exceeds Microsoft's own revenues. This is proof. The cure is easy: Don't run Windows. You can choose to not have this problem. You can opt out. Google did. If someday your choice of other OS becomes also so infested because it has become too popular and its developers lose track of security you can choose another. The OS isn't really that important anyway.

    • Now add in the various costs, from lost productivity to tech support costs, of shitty AV software like McAfee.

      • by symbolset (646467) * on Wednesday July 24, 2013 @12:31AM (#44367869) Journal
        If you're running AV then the fraction of expense committed to defense has to be at least 50% of your desktop IT spend because that's how much of a PC's capacity modern AV takes - even though it doesn't work.
        • by funkify (749441)

          If you're running AV then the fraction of expense committed to defense has to be at least 50% of your desktop IT spend because that's how much of a PC's capacity modern AV takes - even though it doesn't work.

          Modern? If your antivirus software uses 50% of your PC's system resources, then I'm going out on a limb to guess that either your antivirus software or your PC (or both) are not exactly modern.

        • by cusco (717999)
          What kind of piece of junk PC are you running? My four year old laptop is sitting here idling at 3-6% CPU usage, almost all of that Firefox. If yours is sitting there over 50% then you've got something seriously wrong with your machine.
    • by sandytaru (1158959) on Tuesday July 23, 2013 @11:45PM (#44367697) Journal
      The OS is damn well important if you're trying to play a current gen video game. *sigh*
      • by symbolset (646467) *
        That's being resolved. Apparently by revenue 90% of games are on Steam, and Steam is cross-platform now because W8 App store doesn't allow Steam, and GabeN is not a moron.
      • by kermidge (2221646)

        True, but with increasing use of for instance CL, GL, emulators, vm, library lookup (a la Wine), cross-platform languages then the underlying OS will become of lesser importance. I expect the trend to continue until OS is either a matter of user preference for specific usage or be transparent altogether, but it's gonna take a while to get there. Meanwhile, as you say.

    • Sorry, any massive shift to another OS will just focus the attention of thousands of pirate hackers instead of Windows. I maintain the security of Linux is largely still security thru obscurity -- nobody cares to hack at it, the way they do Windows.

      A few dozen guys are not thousands from poor, corrupt countries who are on a mission from god to make an illicit buck.

  • by Anonymous Coward on Tuesday July 23, 2013 @10:33PM (#44367397)

    The real number might be closer to the $1T if we allow for the cost of losses that have not been released due to the very existence of the project being secret. They never would have admitted it at the time if a spy had compromised the Manhattan project. Do you think it is any different today?

    • if a spy had compromised the Manhattan project

      I believe you're looking for Klaus Fuchs [wikipedia.org]. The Soviets did spy on the Manhattan Project, and Stalin had to look surprised when Truman told him about it at the Potsdam conference.

  • About $2.5 billion (Score:2, Insightful)

    by Anonymous Coward

    Cyber war needs cyber casualties, $300 billion is hugely inflated too.

    Take out the cost of basic security, which should already be part of business, you don't count the cost of the locks on your doors as losses due to theft, yet these inflated numbers always count the cost of basic security as a loss due to hacking.

    The reason this number is hugely inflated is because it's part of the cyber-war justification. If you want a big budget (NSA gets $10 billion? $20 billion? 30?) then you need to be able to inflic

  • Submit the problem to the what-if [xkcd.com] blog and Randall will have it figured out - probably more accurately - by next Tuesday.

  • Peanut vendor caims peanuts can cure cancer! News at 11!
  • No different than... (Score:5, Interesting)

    by msauve (701917) on Tuesday July 23, 2013 @10:59PM (#44367521)
    Law enforcement's take on drugs which often (always?) values things based on the sale of minimal quantities. Busted a couple of tons of pot? Value it based on the highest value of selling joints on the street.

    It's all lies, meant to justify their existence.
    • I've oftened wondered how the price of a drug is decided, does it follow free market economics? You would assume that most of the money is profit, yet we don't see sellers undercutting sellers to reach a natural economic equilibrium. Is this exactly what gang turf wars are about? It would seem the gang leaders have a firm grasp on capitalism and business management. Maybe in prison we should offer an MBA program, on second thought... we have enough criminals at the top already.

  • by EmperorOfCanada (1332175) on Tuesday July 23, 2013 @11:16PM (#44367585)
    But nobody can exaggerate how crappy their bloated, pile of dung, machine slowing, worst-possible-time pop-up, fear mongering, computer newb fooling, circle of garbage really is.

    In the future when people are writing case studies about the PC industry they are going to point a huge finger at the bloated trialware business model that has ruined the experience of buying a new computer. Basically consumer PCs are sold profitless. Then the companies hope that a certain percentage of the fools buy one of these piles of snot software packages of which the manufacturer gets a significant cut. Profit.

    But the end result is that non-tech people unwrap their shiny new machine only to find all kinds of confusing icons for music services, media services, a trial for MS Office, and the worst... some AV pile of vomit. The AV vomitus will then tell them that they need to subscribe to their service otherwise the machine will be more infested than a street-walking Bangkok lady-boy.

    Some defenders will scream, "If they don't want it then they can uninstall it." But the simple reality is that your average computer buyer from Staples is 100% unable to uninstall it thus will have this software threatening them every time they look at the screen.

    I don't know how many giant screens or kiosks that I have seen screaming about the subscription running out.

    But then the next layer of pain is that nobody hardly trusts these popups. With people like myself saying, "For the love of all that is good don't buy that crap." So now how can they distinguish between some AV crap trying to scam them and just their OS telling them that they should install the update.

    Then people like myself come along and see that they are about 3 years behind on their updates because they were to scared to ever OK the updates. Their Adobe Flash is 4 versions out of date and their browser is running a beta of this new Javascript thing. So the fear caused by the bloatware AV has now caused them to allow their machine to become woefully insecure.

    The alternative is that they blindly trust everything that seems helpful resulting in so many toolbars that they are left with around 1 inch of working browser and their machine takes 5 minutes and 8 casino ads to boot up.

    So to me these AV types are not just the scum they obviously are but an insidious destroyer of the PC industry.

    The best part is how people have been leaping to smart-phones to get away from desktops that scare them only to find many of the Telcos have installed "Helpful" software that points to obscure music/ringtone services, custom search engines, and other things that no doubt send a kickback their way.
    • The sad thing is, those same folks who are unable to uninstall their AV and finally give up and pay $60 for the subscription are the ones who are going to open up that attachment that seems to be from Aunt Sally that says "omg you have to see this so funny!!!" which will probably brick their machine when they don't head the warnings from the AV that the file is unsafe.
    • Thinking McAfee's security products are consumer virus scan is like thinking all Dells products are Best Buy laptops.

      The simple fact is the majority of the product line up are non consumer and invisible to you. I'm not just talking about enterprise malware, I'm talking about IDS, IPS, SIEM, Solidifiers, Risk and Compliance, Encryption, etc.

      The majority of the product line up and business model is corporate and government customers monitoring and blocking threats on the wire. Little or nothing to do with som

      • After ripping McAfee's infestations from the guts of many a PC, and watching even the wingnut McAfee trash talking his own old company, I think I'll pass on anything not only from that company but anything that even were to rhyme with McAfee. To me there is never just one cockroach.
  • One of McAfee's clients, the Department of Defense, has used the $1 trillion estimate to argue for an expansion of cybersecurity, including 13 new teams dedicated to cyberwarfare.

    Clearly the DoD, when its job would clearly seen to be Defense, should march first towards cyberwarfare. I mean, who cares that the US Government's handling of cybersecurity is a joke? Nah, we need to attack those Chinese hackers now and hard. Because surely we can use highly paid, low in number hackers in the US--but only those

    • Well, you have to hand it to them...a cyber-war sounds a lot more juicy than a regular war -> less casualties (on your side), comfier seating and schedules, less risk, and better pay.

      Of course, the reality is that a cyber-war is just the latest is the long series of handouts for defense contractors...more of an invention, really, than something substantial, and definitely not the way to go liberty-wise if you want to have any kids in the future and not regret it. But such is life.

      The DoD, perhaps, is suf

  • You must be kidding.

  • I used their PCI compliance program once. My server did not comply, but complaining to my account manager with McAfee got rid of all the warnings and errors. They care about the money only.

    (Note: I never did store any customer information on this server. The goal of the PCI certificate was simply to see if it would benefit sales.)

  • The price people pay for McAfee and its competitors as well as the lost productivity and power consumption of McAfee and its competitors needs to be figured into that total.
  • Seems to me being off by a factor of 3 is not a "massive" mistake in calculating economic _estimates_.
    There's a lot of guesswork involved.

    The fact that everybody guesses in the best direction for their employer is not strange.
    How many of the top 500 economists predicted the 2007 recession?. Many of them even said we weren't in a recession when we actually were.

    btw, if you haven't disabled advertising, this particular thread on slashdot sends you wonderful offers from McAfee ;-)
  • Have you read a news article that says police busted a weed house and got rid of $30 millions weed? Usually that $30 millions is the price of all grown up weeds selling at the top street price. They may only confiscated a few baby plants.
  • Intel's one is also estimate. There is no way to validate either one of them. And, they of the same order of magnitude, so it really is unfair to stipulate that McAfee exaggerated theirs.

  • Say my home network gets hacked and all my data gets released into the wild. There's a tangible cost in time it would take me to change passwords, but how do you quantify costs of embarrassment or damage to your reputation? Say I've got some scathing criticisms of a family member or reprehensible views on some issue.

    Can you put a price tag on the damage to Anthony Weiner from the leaked sexting conversations?

Pause for storage relocation.

Working...