Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck

FBI Says Computer Crime Costs Billions Every Year 142

JamesAlfaro wrote to mention a C|Net article putting a pricetag on computer crime. From the article: "The FBI calculated the price tag by extrapolating results from a survey of 2,066 organizations. The survey, released Thursday, found that 1,324 respondents, or 64 percent, suffered a financial loss from computer security incidents over a 12-month period. The average cost per company was more than $24,000, with the total cost reaching $32 million for those surveyed. Often survey results can be skewed, because poll respondents are more likely to answer when they have experienced a problem. So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent. "
This discussion has been archived. No new comments can be posted.

FBI Says Computer Crime Costs Billions Every Year

Comments Filter:
  • Questions? (Score:4, Insightful)

    by Anonymous Coward on Friday January 20, 2006 @12:05PM (#14519801)
    Who responded to this survey? The accountants? The lawyers? The CFO? The CIO? I'm not saying that computer crime doesn't cost a whole lot of money. I'm just wary of reports like this, especially when the total is arrived at via simple straightline extrapolation from their 1300 respondents. This is simply a report designed to paint a bad picture so that they can secure extra funding for things like "online surveillance."
    • Re:Questions? (Score:5, Informative)

      by Anonymous Coward on Friday January 20, 2006 @12:33PM (#14520088)
      At the company I used to work at (Small to Med Cap Engineering firm), I got a copy of this letter asking me (as the head IT guy, we didn't have a CIO) to fill out the online form.

      I filled it out, and really I used numbers off the top of my head. We really never had actual security breeches by hackers, but they were asking for an aggregate of security incidents and measures. I included budgetary expenditures for preventative as well as reactionary security.

      I've filled out surveys like this for Gartner and others and I have to say, while the overall methodology followed norms, I really did not get a sense that they had much of a clue as to what the IT industry would classify as loss related to computer crime. Under their model, as I understood it - if you had to buy anti-virus software, that was a business loss due to cybercrime!
      • Under their model, as I understood it - if you had to buy anti-virus software, that was a business loss due to cybercrime!

        In that case you'd better include the costs of Windows and Office in there, too. : p
      • >if you had to buy anti-virus software,
        >that was a business loss due to cybercrime!
        Why shouldn't it be consideed a business loss due to computer crime. If I build a ware house and crime in the area increases, I have to buy better physical security, isn't that loss directly atributable to an increase in physical crime?
      • Err, I kind of think this a fair assement, This isn't like the chicken and the egg, we know what came first here; the virus, then came AntiVirus software. Having to buy this stuff actually IS a result of cybercrime.

        If there was no trespass or theft, why would I buy locks? (I wouldn't, they'd not exist)
        • That analogy would work well for a firewall. I'd liken antivirus more to the police. Antivirus doesn't stop crime, it just cleans up the mess. Of course with a discussion of this volume, the main problem is with windows machines where (especially in the case of virii) the problem is already on the system, it just has to be unleashed. This makes the crime more complicated, it's more of a sabotage (in cooperation with microsoft) than a hit and run (to borrow terms from driving).

          This discussion doesn't add
      • if you had to buy anti-virus software, that was a business loss due to cybercrime!

        It is.

    • was thiiiiiiiiiiiiiiiiiisssssss big.

      and when they hacked our system, it cost us a trillion, billion dollars.
    • Re:Questions? (Score:5, Insightful)

      by samkass ( 174571 ) on Friday January 20, 2006 @01:14PM (#14520407) Homepage Journal
      I think Mitnick made the point that he was accused of causing many millions of dollars in damages, but these (public) companies did not list such a charge on their quarterly reports. In fact, I have yet to see hacker damage appear on any quarterly report, including the more recent ones under the stricter Sarbanes-Oxley rules. So what's happening? Is this being overblown, or are companies mis-representing the damage to shareholders?
    • Don't worry. The data is good. The respondants were all members of the RIAA.
    • In the 1930s due to poor investments and no securities other then the depositor's money to secure it, many banks failed. What does this have to do with billions lost to hackers? Well, in Oklahoma, shady bankers figured a quick way to cover up cooked books:
      Tell everyone the bank was robbed.
      Pretty Boy Floyd was a bank robber of that era who, if you check the records, on one day is said to have robbed 3 banks, in 3 seperate towns, at over 150 miles distance, all on the same day. Same or sim
  • by eldavojohn ( 898314 ) * <eldavojohn@gma[ ]com ['il.' in gap]> on Friday January 20, 2006 @12:05PM (#14519802) Journal
    This article doesn't even mention the Computer Security Institute [gocsi.com] (CSI), the organization which conducts and publishes these surveys. The FBI allows them use of crime databases and is just presented the end result. On top of that, they present you with one graph and label it as referenced from the "Computer Crime Survey" when, in fact, this survey also had to do with security and is entitled 2005 Computer Crime and Security Survey [usdoj.gov]. I believe you'll find a wealth of information in that PDF as it contains many graphs that break down respondents of crimes, average security expenditures, types of attacks, etc. If you're interested in what constitutes a "computer crime," check out the policy [usdoj.gov] and sample cases [usdoj.gov] (some amusing) as we all know that what is and isn't illegal with computers can get very fuzzy very fast.

    I think this is a case of CSI running a survey and doing a damn fine job on the support but the media (and Slashdot) feel that FBI is better news than CSI.
    • "I think this is a case of CSI running a survey and doing a damn fine job on the support but the media (and Slashdot) feel that FBI is better news than CSI."

      Thanks for the informative links. However, it is also news that the FBI bungles their reporting of the survey results, not to mention their analysis of such.

      The FBI, like any federal agency, needs to justify themselves to the public as well as those that vote on their budget. Little reports like this do so, as well as help people be aware that se
  • by JonN ( 895435 ) * on Friday January 20, 2006 @12:07PM (#14519821) Homepage
    Alright, so there is alot of crime in computers, even my young sister knows of all the viruses and what not floating around the internet. However is the U.S. and businesses in general responding in the proper way? Responding to worms, viruses and Trojan horses was most costly... Respondents spent nearly $12 million to deal with virus-type incidents, I think the issue is seen here, with the question of how these viruses and other spyware made it onto the business networks.

    Perhaps the problem is that companies aren't putting enough money into their security and not enforcing strict enough protocol among their staff. How many viruses felt by businesses do you assume were caused by a stupid employee? This could take the form of lazy tech staff, or even the assistant downloading something to pass the time. Then there is also the fact that alot of smaller businesses I have experience with do not have an employee that can properly setup and maintain the businesses networks and desktops. How much money are these companies spending on techie staff to remove stuff that otherwise could be done by any teenager who has experience with computers.

    The number is huge, however the issue behind it I feel is being avoided and unseen. Businesses need a better method of using computers, perhaps a more business friendly OS. From the article, "Some are very small businesses that should have that technology, but they don't," and this is the problem. We won't be able to stop people from trying to bring down software and networks, however businesses can become more competent on how to prevent and protect.

    • Here's a quick CBA. Average cost of losses - $24,000. Average cost of competent network/system admin - $60,000. Want to guess why things are the way they are?
    • The problem is clearly identified - We won't be able to stop people from trying to bring down software and networks, however businesses can become more competent on how to prevent and protect.

      Why not? This is like saying "I live in a crime-ridden part of town, but I can't do anything to help myself and my neighbors other than getting bigger, stronger security grates."

      How about addressing the problem? Why is attacking computers and destroying information so much fun?

      Sure, it is difficult but part of the

  • by dada21 ( 163177 ) <adam.dada@gmail.com> on Friday January 20, 2006 @12:09PM (#14519837) Homepage Journal
    I believe the FBI is correct, but I also believe that one should lock the door to their houses, offer potential robbers the thought that the family might be armed, get a decent alarm and security company and insure their belongings for the maximum amount.

    My IT business makes about 40% of its income dealing with security issues. We have to turn new business away usually, as most new customers that we go visit are so insecure it isn't even funny. With insecurity comes more than just data theft but spyware and viruses and the rest, as we all know. It amazes me how many companies leave their homes unlocked, the lights on, the alarm off, and a big sign on the front steps saying "Come and get it!"

    The solution to computer crime isn't using the FBI -- I'd like to turn their offices off and throw out the key. The solution to computer crime is:

    1. Developing a good infrastructure and upgrade cycle
    2. Commit to teaching users proper ways to set up their data and desktops
    3. Purchasing security sofware and services from companies that do the best job finding the holes and plugging them.

    Is the law useful? Not one bit. Most companies aren't going to bother suing civilly for damages, and no one wants to bother calling the cops. The chalk line around your stolen data isn't very useful. Get a good consultant, pay them well, and make them back it up with guarantees. Problem solved.
    • What you said makes sense, except for:

      2. Commit to teaching users proper ways to set up their data and desktops

      Put users in charge of an essential part of your computing environment and you get what you deserve: an environment about which you can guarantee nothing. By definition, you have introduced a population of rogue systems. This would be true regardless of platform.

  • I wonder how many of these billions is the cost of hunting script kiddies when the money would be better spent hiring someone who knows a thing or two about security and preventing an attack from happening in the first place.
    • "I wonder how many of these billions is the cost of hunting script kiddies when the money would be better spent hiring someone who knows a thing or two about security and preventing an attack from happening in the first place."

      Yeah but hiring a security guy costs money too. So does developing and implementing a security strategy. I wonder if the FBI's numbers take into account the costs incurred by companies in preventing computer crime.

      • Cost of MS hiring somebody to ensure that all windows programmers are aware of, and prevent the risk of toys like Sasser, Code Red and Melissa - $200,000/year for somebody actually willing to do the work.

        It is true, however, that this estimate of "damages" is probably calculated using pages from the RIAA book of estimating damages: download one song, $21,000 (or whatever it is they are claiming these days).

  • by Anonymous Coward on Friday January 20, 2006 @12:10PM (#14519851)
    Word to the wise:

    Next time someone says "XXX Trend is costing us YYY dollars every year", it's probably going to be followed up with "Therefore we should spend ZZZ dollars dealing with it."

    XXX = overstated threat
    YYY = some made up figure
    ZZZ = profit
    • Not necessarily, though since most people are ignorant about computers, you're probably right.

      There are diminishing returns when it comes to trying to solve any problem. Which is better:
      1. $67 billion lost to computer crime
      2. $100 billion spent to reduce #1

      Fight Club:
      A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by t

    • I thought it was:
      XXX = overstated threat
      ???
      ZZZ = profit
  • Maybe? (Score:4, Insightful)

    by SilverspurG ( 844751 ) * on Friday January 20, 2006 @12:11PM (#14519863) Homepage Journal
    Now that even the FBI can put a quantifiable sum of money on this may we please begin dismembering the EULA which makes this such an enormous problem?

    "We'll just create this broken product... and let everyone else deal with the billions of lost dollars which it causes."
  • by Doug Dante ( 22218 ) on Friday January 20, 2006 @12:12PM (#14519872)
    "Often survey results can be skewed ... the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent. "

    Why? Because that seemed like a good number? This inexplicable change causes me to question the validity of the whole study.

    • Actually I was amazed they moved it down - usually companies try and cover up such losses.

      But you have to question the whole thing when the FBI basically doesn't believe what they're being told! What was the point of asking? Why didn't they just make the whole damn thing up?

      Perhaps they could have approached the problem from the other end - look at the amount spent of IT security and said the loses must be less than that, because otherwise companies are not acting in their share holders interest. (I'm not a
  • In other news, paper crimes have cost Trillions per year.

    It is amazing how many crimes go unreported, and if we were to prosecute all crimes by every person alive today, it would cost Quadrillions!
  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Friday January 20, 2006 @12:14PM (#14519907)
    Comment removed based on user account deletion
    • Be aware that there are significant intangible benefits to working for the government like job security and status.
    • You raise a fair point, but I wanted to point out something.

      >spend $2B for a stealth bomber

      While the cost of a weapons program is staggering and of questionable value relative to other needs, it's not as simple as deciding to spend $2B for a bomber.

      You start out with an appropriation to spend $XXB on a program, expecting to produce NNN planes which will result in a cost of $YYY million each (still a lot, obviously).

      Then, years into the program, things change and funding is cut and they say, build just 18
    • Ultimately, you get what you pay for is a fundamental law of life.

      It may be, but it carries a risk of its own. Companies can (and do) pay large sums of money for certain services and still get screwed. Money in and of itself isn't answer...money helps, but competence is what gets the job done.
  • "FBI Says MS-Windows Costs Billions Every Year due to negligence." That's what they *should* say, but nooo.
  • Rather cheap (Score:1, Insightful)

    by Opportunist ( 166417 )
    More money is blown into similar activities under the cover of "fighting terror".

    With the difference that in that crime people die.
  • suffered a financial loss from computer security incidents

    Whoa, whoa. Back the truck up here, pal. Define "loss." I'm betting the overwhelming majority of the reported un-cash is probably:

    1) "Lost" sales -- which is money the company didn't have in the first place
    2) Money paid to try and prevent computer crime (which was their choice, and obviously didn't work
    3) Money paid to chase criminals after the fact (which, though necessary, shouldn't be lumped together with what a robber stole)

    That leave
  • I am curious how this would compare to the costs incurred due to defects in software. Back in 2002, NIST reported "Software bugs, or errors, are so prevalent and so detrimental that they cost the U.S. economy an estimated $59.5 billion annually":

    http://www.nist.gov/public_affairs/releases/n02-10 .htm [nist.gov]

    Has anyone seen an update to this report?

    With limited resources, organizations need to choose between fixing security problems or fixing others types of defects in their software.
  • Sarcastic question (Score:5, Insightful)

    by Guppy06 ( 410832 ) on Friday January 20, 2006 @12:26PM (#14520023)
    Did they include the NSA's illegal wiretaps in that tally?
  • Just like anything else, data networks need to be protected. Where all the money and private information transits nowadays? Yeah, via public networks. If a company doesn't have a strong data security team in these days, they are falling behind times, and no one, individual or corporation, will want to make business with them.
  • Is that including rootkits and other crimes from industry or just the ordinary non-corporate (i.e. punishable) crimes?
  • by gnovos ( 447128 ) <gnovos.chipped@net> on Friday January 20, 2006 @12:35PM (#14520102) Homepage Journal
    Most, nearly all, of the "cost" of computer crime comes from running a full security audit of your systems and locking down the security procedures and controls you will use to keep it from happenng again. If these companies had a competent computer security policy in the first place, they would find thier "costs" much less.

    It's like a thief crashing through your dry-rot, termite-infested walls and then blaming HIM that you have to rebuild your whole house now. This money is almost always money that *should* have been spent, but wasn't in the name of cost-cutting or just general laziness.
  • A portion of every IT worker's salary goes towards security. Security issues are certainly a daily concern support technicians. The costs easily amount to billions.
  • Waste of money. (Score:1, Insightful)

    by Anonymous Coward
    "So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent."

    We realized the data was completely meaningless. So we pulled a number out of our arse and decided that made the results accurate and meaningful.
  • Does the FBI view the theft of a computer as a "computer crime" (therefore adding that to the sum total of their figures) or activities within WANs and the Internet that are a result of criminal intention? I see no clear line drawn here. P2P downloaders/uploaders, Copyright Violators [wait, what if I published information on a webpage in my book, is that Computer crime?], Intentional Crackers/Black Hats, Organised Computer Crime Teams (possibly government funded) - all of them fall into this umbrella. Unfor
  • But did they ask the RIAA for their costs on computer crime?

    And no, I didn't RTFA
  • All due (Score:1, Insightful)

    by Anonymous Coward
    to three things
    1, coders inablility to write code that is secure
    2, admins inablility to secure their infrastructure.
    3, admins not being knowledgible enough to monitor and handle hacking attempts.

    The idea of passing new laws to "prevent" such crime is stupid. Kill as many flies as you can, there will still be flies to bother you.

    But get a good repellant, and the flies dont bother you any more.

  • The article says they reduced their estimate of frequency because they figure people who've been affected are more likely to respond than those who haven't.

    I think the size of the loss will probably have a major effect as well. Somebody who's lost only twenty dollars is a lot less likely to respond than somebody who's lost fifty thousand.

    There are also questionable cases. Consider something I hit about a year ago. Shortly after Cingular bought AT&T, I switched my cell phone to Verizon. Cingular cont

  • by wfberg ( 24378 ) on Friday January 20, 2006 @12:51PM (#14520215)
    It sounds like a lot, but $24,000 is substantially less than the cost of 1 IT staff. Besides, it's not mentioned how large these companies are (on average). For a 1 person operation $24,000 is a lot, for a Fortune 500 company with hundreds/thousands of employees, it isn't.
  • Of the 2066 companies that responded to the survey, a huge number (like 70%+) were in Texas or NYC. What's up with that? FBI is national.

    Another odd thing is that only 23% used IDS, and only 90% had a firewall of any kind. Wha? These things seem so fundamental to me. I suppose the large number of very small companies just don't pay any attention to security.
  • by valkraider ( 611225 ) on Friday January 20, 2006 @12:57PM (#14520265) Journal
    In a related note, the costs associated with train robberies is way down. And cattle rustling related costs have virtually dissapeared.

    As the world changes, so does the crime.
  • In other news: (Score:3, Interesting)

    by vertinox ( 846076 ) on Friday January 20, 2006 @12:59PM (#14520288)
    Accountants enjoy new freedom of book keeping with "theoretical losses" of arbitrary fitgures they pulled off the top of their head:

    Accountant: So how much did you think we lost because of computer crime?

    IT Guy: I dunno... Our server web server went down for a while and I joked that it was because some guy was hitting F5 in China.

    Accountant: Ah! Excellent... *writes something down* So how much do you think it cost us.

    IT Guy: Oh I dunno... Whats the cost of me getting up out of my seat to make a phone call to the guy down in the server room to boot it... Oh $0.35 cents?

    Accountant: Hrm... *scratches chin* No good. But if I multiply it by inflation and theoretical estimates and carry the zero. By golly! I think we've lost over $2,000,000.35 to computer crime! Thats one hell of a tax break. Daddies going to be rolling in the bonus this year!

    IT Guy: But... I... Oh never mind...
  • I point to the 'point-and-click' culture as at least part of the problem. I was dealing with a major vendor of credit information, and they wanted to set up a VPN tunnel as part of their 'corporate' security (presumably SBO complience). They wanted to use preshared keys. I offered to send them my public key so they could encrypt the keys. Or, failing that, my phone number so they could send the keys that way, if need be. They emailed the keys in the open. If they couldn't do it with a point-and-click,
    • I think its funny that you think the "major vendor" was stupid for sending you the keys in plain text, but yet you think giving them your phone number is going to help things in some way?
      • Sending the keys over a POTS ppp link is actually pretty far out-of-band, and provides reasonable levels of assurance that the sender and receiver are correct. Because of less time exposure for interception, it's probably just as good as using a flash drive sent parcel-post.
        • No, using the telephone network gives you absolutely no assurance of anything. There's likely hundreds of places between you and them where people could be sniffing traffic.
          • No, using the telephone network gives you absolutely no assurance of anything. There's likely hundreds of places between you and them where people could be sniffing traffic.

            Read the posts again. The whole point is that you assume all your communications are being sniffed. That's why you use multiple distinct channels.

            If you send the keys/passphrase on a modem, and you send the host/user identification through e-mail, you have 2 distinct separate channels. The likelihood of a Bad Guy [TM] being able to

            • No shit sending a floppy via courier is also retarded. The fact that other non-secure methods of transmitting keys exist, does not mean that its ok to use a non-secure method of transmitting keys.

              "Read the posts again. The whole point is that you assume all your communications are being sniffed. That's why you use multiple distinct channels."

              Right, its all being sniffed so splitting it up doesn't matter, since its all being sniffed. Duh?

              Welcome to 1991, you can use PGP to encrypt the keys and send them vi
              • Riiiiiiight, we'll use secure keys to secure the keys. And then we'll make chickens without eggs!

                Either you are determined to misinterpret whatever I say to make yourself appear clever, or you are a troll, or we are not speaking the same language. Further conversation seems pointless.
                • Which part of PUBLIC KEY CRYPTO is so difficult for you to grasp? Its perfectly ok for your public key to be intercepted. In fact, everyone on earth can have a copy, its all good. That's the point of public key cryptography dumbass.
      • I was also an operator for the military cellular telephone (31-m & 31-D), which used encryption for every phone call. An interesting idea about distributing keys via a flash drive, since that was kind of how the keys for the cell phone encryption were distributed - via a PCB card. To actually get a card into the hands of an operator, it was first necessary to get past guards, which meant having a code book, and knowing the unit SOP for reading the code book. Then, if the various cross checks were go
  • The numbers are meaningless anyway, unless you have another set for comparison, say the loss from common white-collar crimes (embezzlement, theft, etc.). It's about the proportion of loss more than the actual loss. Sure, a worm or virus can bollix up the works, but such things are easily fixable. An accountant siphoning money from the company accounts is harder to trace and when found, is usually harder to recoup.
  • So basically (Score:3, Insightful)

    by Dunbal ( 464142 ) on Friday January 20, 2006 @01:23PM (#14520486)
    Often survey results can be skewed, because poll respondents are more likely to answer when they have experienced a problem. So, when extrapolating the survey results to estimate the national cost, the FBI reduced the estimated number of affected organizations from 64 percent to a more conservative 20 percent.

          So basically they think their method of obtaining information is flawed, they have no idea by how much, but since 64% "feels" too high the decide to create a whole new number out of the blue that was felt to be subjectively acceptable to the committee.

          Wow who funded THAT?
  • Does any one else work in the public saftey field? We've been attempting to submit NIBRs data to the state for the last oh, 3 years or so. NIBRs is the replacement for UCR crime stats. There are 3 optional fields that I've always thought were funny. Were drugged used, were alcohol used, and were computer equipment used. I've always figured that was for some acdemics to query the FBI and find out how many crimes computer equipment were invovled with. There is a tiny problem with that though... I've not see
    • The FBI's Uniform Crime Reports [fbi.gov] are biased against reporting white collar crime. The FBI classifies crimes as "Part I" or "Part II" crimes. "Part I" includes most violent crimes, and "Part II" includes fraud, embezzlement, and drug-related offenses. For "Part I" crimes, complaints and arrests are recorded. For "Part II" crimes, only arrests are reported. As a result, most white collar crime doesn't show up in the Uniform Crime Reports at all.

      Thus, US information about the prevalence of white collar crim

  • I'm wondering if they are only talking about ID fraud, or the culmination of hacking, viruses, and adware. I wouldn't be surprised if it was a blanket term.

    There was a tale not too long back of a one Jeremy Hammond (case pending), so was persecuted for breaking into a rival company's server and stealing over $3.5 million dollard worth of credit card numbers ( http://en.wikipedia.org/wiki/Jeremy_Hammond [wikipedia.org]). Who knows how many Jeremy Hammonds there are in the world, who perpetrate similiar crime every year.

    R

  • Not news (Score:3, Insightful)

    by XMilkProject ( 935232 ) on Friday January 20, 2006 @02:05PM (#14520882) Homepage
    This isn't really news. It seems like the numbers are just pretty much made up. They knew that the polling was completely inaccurate, so they just decided to change the number from 64 to 20. This number has no more meaning than one made up entirely randomly.

    I'd guess that most companies are losing more money due to stolen office supplies than computer crime. I get annoyed at computer crime being treated as some magical force, as if it is some how different from every other sort of crime.

    Politicians repeat after me: "Computers are not Magic!, Computers are not Magic!"
  • But they're not crimes. Perhaps they should be.

    IT security shops make billions each year.
    So do body shops.
    So do insurance companies.

    Get over it.

  • The cost is much higher than the 67bn that the FBI says. Their "more realistic" estimate of twenty percent is way below the mark. Also, every machine that I find infected with spyware costs at least two hours of repair time - these costs should realistically include the user's down time, my time, "overhead and burden" and the other costs associated with having a computer out of service. These costs could realistically be hundreds of dollars per incident. All of this comes before the cost of the crime as
  • Statistics like this support insinuations against people with computer skills. I wonder if stats were kept on the number of crimes where the perpetrators made use of the public roads and parking to aid their crime? Driving licenses contribute to X percent of national crime!

    If last year music downloads had their best year ever and other computer based business models are also improving - I wonder what the size of computer aided or assisted business is? What percentage of the profit from that business went in
  • Does the talley include the Sony rootkit?
  • If this survey was about safety and the expense of keeping our roads safe and the vehicles driving you know they would break down what vehicle cost most. Funny that there is no talk of the principle cost here being one software manufacturer and that alternatives dont represent such a cost to the country.

    Virus protection and repair form the largest category of expenses. Doesn't it make sense to avoid the operating system with the largest expense in virus costs.

    Why has protecting the nations computers from vi
  • Together with the new-year speeches, come the "I want to secure my budget for this year"-speeches everywhere.
    The FBI is no exception in this case.

    Bring in the money guys, bring in the money...

  •     As an online retailer other than eBay or Amazon, try calling them up and saying "We have some information on people that are attempting to use fraudulent credit cards through us." See how quickly you're told to buzz off.
  • The vast majority of IT type with whom I work are completely, gloriously incompetent when it comes to security.

    I'm not talking about patch management and implementing the SORBS list and having a firewall and so forth. I see the whole gamut when it comes those guys.

    What I never see is any kind of inventory system in place so they can say, hey, we have three thousand known MAC addresses that should be allowed on our network--what's that NEW device?

    Or, "I know the operating system, patch level, loadout, and p
  • This is a very interesting conclusion brought on from the FBI, particularly because it excludes INDIVIDUALS who may be victims of "computer crime", but only focuses on businesses who claims losses due to percieved computer crime.

    When a person is a victim of identity theft, the loss is much more "real" in that there's a person who is "hurt" by this crime. There is attributable loss, usually in money taken out of bank accounts, money that may be racked up on credit cards, and the years spent trying to undo th

"If there isn't a population problem, why is the government putting cancer in the cigarettes?" -- the elder Steptoe, c. 1970

Working...