Cybercrime Now Worth $105 Billion, Bypasses Drug Trade

Stony Stevenson writes "Citing recent highly publicized corporate data breaches that have beset major companies like Ameritrade, Citigroup, and Bank of America, McAfee CEO David DeWalt, said that cyber-crime has become a US$105 billion business that now surpasses the value of the illegal drug trade worldwide. Despite the increase in government compliance requirements and the proliferation of security tools, companies continue to underestimate the threat from phishing, data loss, and other cyber vulnerabilities, DeWalt said. 'Worldwide data losses now represent US$40 billion in losses to affected companies and individuals each year, DeWalt says. But law enforcement's ability to find, prosecute, and punish criminals in cyberspace has not kept up: "If you rob a 7-11 you'll get a much harsher punishment than if you stole millions online," DeWal remarked. "The cross-border sophistication in tracking and arresting cyber-criminals is just not there."'"

McAfee?

[parcel]

McAfee CEO David DeWalt, said that cyber-crime has become a US$105 billion business that now surpasses the value of the illegal drug trade worldwide.

erm, conflict of interest?

Bypasses drug trade?

[Anonymous Coward]

Bypass: A means of circumvention.
Surpass: To be or go beyond, as in degree or quality; exceed.

Re:

[ichigo 2.0]

Maybe that means the drug trade is worth more, but cybercrime bypassed it! Those dastardly hackers!

Re:

[utopianfiat]

I really wish news organizations would stop using the prefix "Cyber-". They are Online Criminals, or Internet Criminals, but they sure as fuck aren't Cybercriminals. Same BS as SUPERHACKERS IN CYBERSPACE. or HACKERS ON STEROIDS.

Re:

[stranger_to_himself]

Insightful: exhibiting insight or clear and deep perception
Informative: tending to increase knowledge or dissipate ignorance

Hey Wait

[Merusdraconis]

So now that there's better money in cybercrime than in drug trafficking, does that mean that now everyone involved in drugs is a loser instead of everyone except the higher-ups in the trafficking organisation?

Re:

[somersault]

Probably a lot more people (especially if you count the morons with the owned PCs) involved in cyber crime than the actual drug trade. I'd say it's a lot safer as far as leading a Life of Crime goes..

I wonder how much of this $105 billion is money going to the anti-virus companies? Or did they leave themselves out when counting this figure?

Sounds scary

[BadAnalogyGuy]

Considering the international nature of the Internet and the ability to hack from just about anywhere, including extradition-free countries, it seems like anyone could become a cybercriminal and make billions of dollars.

Does O'Reilly or Manning have a book on how to become a cybercriminal? Besides the Camel, I mean.

It is scary. AV coordination is suspicious though

[Erris]

The BBC has a nice write up [slashdot.org] on how open and inviting the world of cybercrime is. Tools are passed around and improved and auctioned along with the results, according to William Beer, of Symantec. The scene is booming, with almost double the number of new threats in the first six months of 2007 as in the last of 2006.

Arbor Networks is reporting the same boom from the ISP perspective [slashdot.org], and thinks the infrastructure of the internet itself is in danger.

Darkreading [slashdot.org] details some of the sophistication of the attacks, from an IT perspective as reported by MessageLabs.

Hmmm. Symantec, MessageLabs, McAffe, all at once reporting the same thing. Not to downplay the threat, but is a new version of Windows out?

Re:

[dedazo]

Not to downplay the threat, but is a new version of Windows out?

Yes, thankfully. It's been out for 8 months, it has twice [hitslink.com] the market share of Linux and OS X combined, and it's much more secure than the one it's replacing.

BTW, I think it's funny that you'd give so much weight to companies that you've referred to in the past as "snake oil vendors".

Given the fact that the vast majority of computers on botnets are there because of user action instead of exploited vulnerabilities, I fail to see what a new

Re:

[molarmass192]

Btw ... Mac OS and Mac Intel are both OS X so your Vista market share calculation is wrong, but those numbers will change seeing as almost 1 in 5 [pcworld.com] of laptops currently being sold is a Mac.

Re:

[orasio]

Not to downplay the threat, but is a new version of Windows out?

Yes, thankfully. It's been out for 8 months, it has twice [hitslink.com] the market share of Linux and OS X combined, and it's much more secure than the one it's replacing.

BTW, I think it's funny that you'd give so much weight to companies that you've referred to in the past as "snake oil vendors".

Given the fact that the vast majority of computers on botnets are there because of user action instead of exploited vulnerabilities, I fail to see what a new version of Windows has to do with this or not. People will infect a mainframe if the given the chance and someone can be bothered to write the malware for it. Hmmm. BonzyBuddy for OS/390 must be quite an experience. I wonder if it runs on InfoMan...

User action, and protecting from its bad consequences, has to do with the OS. e.g. : a badly designed OK/Cancel button is responsible for people losing their data (hint: ok/cancel dialogs just don't work), but you can say that data is lost due to "user action". The reality is that a well designed UI would help the user in identifying and preventing malware.

In Ubuntu, for example, you always know where the software comes from. You don't usually run self-executable installers. You get a warning every time yo

Black is White?

[Erris]

It's hard to believe the same person could say these two things:

[Thank God there's a new version of Windows. Vista is] much more secure than [XP].

and

the vast majority of computers on botnets are there because of user action instead of exploited vulnerabilities, I fail to see what a new version of Windows has to do with this

I mention it because it's about this time in the non free OS cycle that M$ usually kills the old version.

Re:

[demachina]

"...it seems like anyone could become a cybercriminal and make billions of dollars."

And the sad thing is it wouldn't exactly be that hard to fix it, or at least lower the risk. If either banks/credit companies or governments instituted a voluntary system to associate digital signatures with social security number, credit cards and bank accounts. If I had a PGP key that only I could authenticate and require it to be authenticated for all transactions involving my social security, credit cards and bank accou

Now expect

[Jeremiah Cornelius]

The covert Government support of CyberCrime by "intelligence" agencies, and the monopoly of profits from this - just like the drug trade.

Too bad the CIA can't destroy the black urban population of America with phishing spam, like they did to the brothers ad sisters with drugs in the 70's and 80's.

Re:

[dintech]

Too bad the CIA can't destroy the black urban population of America with phishing spam, like they did to the brothers ad sisters with drugs in the 70's and 80's.

Yes and clearly they got to you too. Put down the crack pipe good sir.

Re:

[megaditto]

This wiki article has some credible references (AP and others) http://en.wikipedia.org/wiki/CIA_drug_trafficking [wikipedia.org]

Re:

[megaditto]

I am sorry, wrong link (I need to learn to use Klipper properly):

http://en.wikipedia.org/wiki/CIA_and_Contra's_cocaine_trafficking_in_the_US [wikipedia.org]

Thanks for pointing this out.

Maybe this isn't true

[Centurix]

Maybe drug dealers are getting smarter.

Re:Maybe this isn't true

[MillionthMonkey]

No, this just means we're finally achieving victory in our War on Drugs!

Re:

[Plutonite]

Zonk is also achieving victory in his war on the English Language! (Hint: the word is not bypass)

Re:

[z0idberg]

Sweet! They can bust out that banner again.

http://img.dailymail.co.uk/i/pix/2007/04_02/georgebushAP2604_468x306.jpg [dailymail.co.uk]

Uhhh, wtf?

[QuantumG]

"If you rob a 7-11 you'll get a much harsher punishment than if you stole millions online," DeWal remarked. "The cross-border sophistication in tracking and arresting cyber-criminals is just not there."

Yeah, it's the difference between a violent crime and shifting some numbers from one table in a database to another.

What an idiot.

Re:

[clarkkent09]

Is it really that clear-cut that violent crimes should be punished more harshly than non-violent "white collar" crimes? An employee of a 7-11 who gets held up suffers some stress (unless he gets shot, but that's rare) and the company loses a few hundred dollars. I would say that people responsible for the Enron fraud for example caused much greater suffering to more people (who lost their life savings, pensions etc) than a crackhead who robs a 7-11.

Re:

[QuantumG]

The purpose of prisons is to separate those who are a danger to society from society.

As much as I believe those responsible for the Enron disaster are a danger to society, they can be neutralized simply by prohibiting them from being directors of companies ever again.

Re:

[clarkkent09]

The purpose of prisons is to separate those who are a danger to society from society.

There is a bit more to it than that. In all countries there is a retributive element in the justice system, i.e. making the punishment proportional to the severity of the crime. If your statement were true, anyone who commits a crime and can show that they are not able to commit that crime again should just be let go.

Re:

[QuantumG]

Yeah, the whole "we'll be complete assholes to you so that other people think twice before doing what you did" thing. It's barbaric.

Re:Uhhh, wtf?

[ZorbaTHut]

Sadly, some incentive to others to not follow in the person's footsteps is often helpful. Many people aren't fundamentally good - they're fundamentally selfish, and any legal system that doesn't take this into account is doomed to failure.

If I had some way to push a button and take one dollar from every American in the country, with a 5% chance of getting caught and no penalty besides losing the money I'd gained, I'd honestly probably push it. If the penalty was instead 80 years in prison, I wouldn't. Penalties are important.

Re:

[ZorbaTHut]

And you make bizarre strawman conclusions based on small amounts of data. Yup, you're a liberal! :D

I support appropriate punishments for crimes. Hacking into a school database, not doing anything, and reporting it to the authorities is zero years in prison. Murder, I'd probably place at around 20 years in prison. Hacking into a financial database and stealing billions, yeah, I could get behind 800 years in prison.

The crime, IMHO, is not the important part. The important part is how much damage is done, whet

Re:

[ZorbaTHut]

That's true - it was a hypothetical example. Still, I personally wouldn't do it even if I had two years in jail and got to keep the money. I value my time pretty highly. Others, of course, may feel differently.

Re:

[sethstorm]

As much as I believe those responsible for the Enron disaster are a danger to society, they can be neutralized simply by prohibiting them from being directors of companies ever again.

Well, you do have a point, just that after Ken Lay received the Aspen Pardon(dying before sentencing), neutralization went out the window.

Re:

[gobbo]

The purpose of prisons is to separate those who are a danger to society from society.

Nicely idealized, and a good goal. However, the purpose of the current USA prison system is largely to perpetuate the economics of the the prison system... it's a heartless, profitable, growing business. Not to mention putting away 1 million people who are a danger to no-one but potentially themselves--pot users, thus indicating that it's also a political and ideological tool, a way of enriching police departments, a tool of racist elites, the CIA's drug importation enterprise, etc etc.

Re:

[StikyPad]

Robbery isn't necessarily violent, although he probably should have used home burglary as a better example. It does seem ridiculous that "white collar" crimes are less penalized since any one case typically affects many more people than any one burglary.

Re:

[QuantumG]

Robbery isn't necessarily violent

Huh? Then it's not robbery.

although he probably should have used home burglary as a better example

You're suggesting that burglary is the same thing as robbery?

Ok...

It does seem ridiculous that "white collar" crimes are less penalized since any one case typically affects many more people than any one burglary.

Larceny, whether committed via burglary or fraud or hacking carries the same penalty, determined by the value of the goods stolen. Burglary may carry other penalties, like trespass, or entering a domicile while the occupants are home, or damaging the property.. but that's just co-incidental.

Re:

[Gandalf_the_Beardy]

Actually in the UK robbery can be without violence - it's the implied threat of, or actual violence that turns theft into robbery.

It's perfectly possible in the UK to walk into a bank, pretend that the distended shape of a banana in your pocket is a handgun and rob the bank - that's armed robbery and you get life for it.

Regardless of semantics, the intent of the crime is what should determine the sentencing more than the actual result - I don't want to see violent crimes lessened simple because it ended up

Re:

[StikyPad]

No, I am not equating robbery and burglary. Robbery is classified under "violent crime," but it is merely the theft of money or goods through violence or *intimidation*. Intimidation may be a threat of violence, but not necessarily.

*In theory*, your assertion is correct, but in practice, burglars get harsher sentences than fraudsters. 33% harsher [albany.edu], in fact, and half as much time as robbers, despite the fact that burglary costs more in real dollars. $2.7B compared to $316M, for crimes known to police in 2 [albany.edu]

Re:

[StikyPad]

Also let me apologize for missing the closing tags there. Here's the corrected version for the sake of legibility:

No, I am not equating robbery and burglary. Robbery is classified under "violent crime," but it is merely the theft of money or goods through violence or *intimidation*. Intimidation may be a threat of violence, but not necessarily.

*In theory*, your assertion is correct, but in practice, burglars get harsher sentences than fraudsters. 33% harsher [albany.edu], in fact, and half as much time as robbers, d

Re:

[anagama]

Shooting someone violates old deep seated morality. Moving data does not. Check out the portion on the inner chimp [wnyc.org].

Re:

[Joebert]

Yeah, it's the difference between a violent crime and shifting some numbers from one table in a database to another.

What if shifting numbers results in a riot or suicide ?

Say if, someone "shifts some numbers" on the stock market, an investor loses everything he has because of this shift & hangs himself, could that be considered violent crime ?

What if someone alters a news release on a company website to artificially decrease the value of that companies stock & it causes a riot ?


Cybercri

Re:

[QuantumG]

Blah. Both people who suicide and people who riot are responsible for their own actions.

If erroneous data is all it takes to make people riot then they don't belong in society.

Re:

[Joebert]

You're obviously too young to understand the concept of innocent bystanders, sorry to have pissed in your cherios kid.

Re:

[TheVelvetFlamebait]

It's the difference between a potentially violent crime and shifting some numbers from one table in a database to another.

Or to place bias evenly...

It's the difference between a crime of the possibility of slightly disrupting the function of some organic matter and shifting numbers from one table in a database to another.

Re:

[QuantumG]

Sorry, but armed robbery isn't "potentially violent".. it's violent.

Re:

[QuantumG]

So you're saying that atheists are required to value money more than life.

yah.

   

Re:

[ZorbaTHut]

If the lost money causes two people to starve to death, or 100 people to die one year earlier than otherwise due to slightly inferior medical care, then you could easily argue that the lost millions is indeed a great cost than a single murder.

If you want a real challenge, try to figure out exactly how much emotional pain and depression is equivalent to one murder.

This number

[symbolic]

...sounds like it was pulled out of someone's ass. I don't deny that there's a problem, but what concerns me is that this "number" could very well become another excuse for the government to pursue "solutions" that are even more invasive than our current crop of 9/11-related idiocy.

Re:This number

[Dunbal]

but what concerns me is that this "number" could very well become another excuse for the government to pursue "solutions" that are even more invasive than our current crop of 9/11-related idiocy.

      Everyone knows those cyber-terrorists are building weapons of mass destruction. You are either with us or against us, you liberal cyber-terrorist facilitator...

      You know, the scary thing is it's almost not even funny anymore.

Re:

[dgun]

but what concerns me is that this "number" could very well become another excuse for the government to pursue "solutions"

Oh, the "war on cybercrime" is just a campaign slogan away from reality. Are you ready for random searches of your hard drive? With my luck, a random search of my hard drive would reveal trace amounts of cocaine.

How to make a number up

[EmbeddedJanitor]

Exactly how does cybercrime cost almost $20 for every man, woman and child on the planet? There must be some creative accounting going on here.

If the RIAA are involved in creating the stats, then they're probably using their $750 per track damages. If MS does the same thing for pirated versions of Office (probably $10000 per copy) etc, then just the piracy part of cybercrime would add up pretty quickly.

Bottom line: This sounds like a number that has been created to support some proposed course of action.

Re:How to make a number up

[AJWM]

There must be some creative accounting going on here.

They're including sales of Windows Vista. If releasing that thing to the market isn't a crime, I don't know what is.

(Ba dump bump.)

Re:This number

[rwyoder]

...sounds like it was pulled out of someone's ass.

Absolutely! When a thief robs a liquor store of $1000, he actually has the money, and the store has really lost the money. Now let me relay something I learned from a lecture I attended by a wekll-know former hacker a few years ago; He had used social engineering to obtain a copy of some cell-phone infrastructure s/w from a large, well-known high-tech company. He later learned that when the cops questioned the mgt of the company, they wanted a dollar amount of the damages. When the mgt hesitated about how to determine the damages, the cops asked: "So what did it cost to develop it?" And that was the number they used! The hacker had done nothing but use social engineering to persuade an employee to FedEx him a copy of the s/w which he kept, but did nothing with it. He never even broke into a single computer, nor ever distributed the s/w, nor did any kind of damage. But in their zeal to pump this up into a big case, the cops used the completely bogus multi-million dollar cost of the project and charged him with that dollar amount of (non-existent) damage.

Re:

[Capt James McCarthy]

"...sounds like it was pulled out of someone's ass. I don't deny that there's a problem, but what concerns me is that this "number" could very well become another excuse for the government to pursue "solutions" that are even more invasive than our current crop of 9/11-related idiocy."

Well, I heard that 9 out of 10 'Internet Specialists' say it's true.

Re:

[Lumpy]

It kinda go along with the last story here. Bad claims causing problem in Fraud investigations.

Cybercrime claims are always incredibly overinflated, just like IP loss claims and other silly claims of that sort. It skews things and actually borderlines committing fraud themselves.

Shift emphasis

[Harmonious Botch]

Legalize drugs for consenting adults, and put the crime-fighting resourses to use stopping cybercrime.

Re:

[User 956]

Legalize drugs for consenting adults, and put the crime-fighting resourses to use stopping cybercrime.

Yeah, but you know their solution is to just trump up a third never-ending war. In addition to the "war on drugs" and the "war on terror", we'll have the "war on netcrime" which will result in nothing less than an increase in the rate of usurpation of powers by the Federal government.

Re:Shift emphasis

[QuantumG]

Don't forget the war on copying.

We could probably make this easier by just call them all "the war on freedom".

Re:

[TheVelvetFlamebait]

Even better: legalise cybercrime and put the crime-fighting resources into tax rebates.

Re:

[QuantumG]

Did you just refer to sex as a vice?

Only on Slashdot..

Punishments...

[sydneyfong]

"If you rob a 7-11 you'll get a much harsher punishment than if you stole millions online,"

Like... distributing a mp3 on a P2P network?

This must mean...

[NeoSkink]

We're winning the drug war! That's the only way to explain such low numbers!

Maybe we'd better start a war on cyber crime too, seeing how the drug war has been so successful!

Re:

[MadMidnightBomber]

Remember when the US had a drug problem and then we declared a War on Drugs and now you can't buy drugs anymore? [mnftiu.cc]

Drugs vs Cybercrime

[RancidPickle]

If you think about it, this makes perfect sense. Why risk getting 'capped' picking up ten bricks of heroin, risk getting snagged at some border transporting the bricks, and getting it home, just to get shot by your partner, when you could sit at some Starbucks, sipping a Venti White Chocolate Mocha and rake in tens of thousands of dollars.

Pushing ones and zeros are safer than pushing dope. No wonder organized crime has delved into the digital world.

Re:

[Technician]

Pushing ones and zeros are safer than pushing dope. No wonder organized crime has delved into the digital world.

Does that mean my local dealer is going away?

Re:Drugs vs Cybercrime vs music/movies

[denis-The-menace]

Other other hand, if you happen to be caught DL'ing music/movies you'll get a stiffer penalty than dealing drugs.

The Courts

[photomonkey]

I agree that cybercrime is a huge problem (although I don't buy that it's more of a problem than illegal drug trade). At the very least, it is a crime on a lesser level because no one is placed in danger of physical harm through it's effects.

Cybercrime, as well as other crimes, should be punished according to the level of damage caused.

With that in mind, the current US court systems cannot seem to wrap their heads around the tactics and ideas put forth in the discovery period of civil copyright cases. There is a common misunderstanding or complete lack of understanding on the part of most of society in the ways of computers and networking.

At this point, I doubt very seriously that most of the accused and prosecutors have the knowledge or ability to fairly fight a cybercrime court case.

In physical, there is always some level of evidence present to tie a suspect to the crime. In the land of computers, it's much more difficult to do so. Where a physical bank robber can wear a mask or clothing to conceal identifying aspects of his physical person. But there remains at the scene hairs, fibers, eyewitness accounts, surveillance tapes and other evidence that helps to narrow down the criminal.

With cybercrime, the 'break-in' can happen from thousands of miles away without the perpetrator ever setting foot, or having ever previously set foot on the premises. There is no physical description, no chemical or biological evidence left behind. The attack could come from a public terminal at a library, or even someone's open (or hijacked) wireless access point. Through the use of zombie computers, the attack could come from my mother's computer.

How can we expect to catch, let alone prosecute cybercriminals without special law enforcement and prosecution/defense attorneys and judges capable of fairly trying people like my mother or the guy who used her computer to break into the Bank of America system?

Re:

[Dunbal]

With cybercrime, the 'break-in' can happen from thousands of miles away without the perpetrator ever setting foot, or having ever previously set foot on the premises. There is no physical description, no chemical or biological evidence left behind.

      The money has to go SOMEWHERE, otherwise there's no point. Follow the money.

Re:

[photomonkey]

What about in a case where no money is stolen, but rather credit card numbers and SSNs?

Likely the person who makes use of that information is not the same person who stole it. Even if that's the case, how many different places can you go to swipe someone's name, SSN and even DOB? Until recent years, universities used SSNs as student ID numbers.

If money goes from account A to account B, sure follow the money. When bits and bytes with no direct monetary value goes missing from one place, who's to say th

Re:

[sentientbrendan]

>don't buy that it's more of a problem than illegal drug trade). At the very least, it is
>a crime on a lesser level because no one is placed in danger of physical harm through it's effects.

That is faulty reasoning. You are thinking that dealing drugs is worse than theft because the "damage done" is worse (at least with harder drugs like cocaine and heroin). However, you aren't considering *responsibility*.

If a free person does something to harm themselves, it is no crime. It is just foolish and being

Re:

[cdrguru]

Sorry, but we have long ago passed any "responsibility" for drug use onto society in general.

Need treatment? It is at everyone else's expense except the drug user. But often there isn't much treatment to be had because of this.

Cause an accident? The victim is the drug user. The person(s) they injured are compensated by their own insurance as well as state and federal funds. But there are limits, so the collateral damage is just a write-off.

Become a poor performer at your job? You get fired and fall on

Re:

[Darby]

I do not see any "personal responsibility" here at all. I see a societal problem that keeps right on growing in cost to everyone except the drug user.

Yes, but that problem is caused almost 100% by drug *laws*, not by drug use. You really need to keep that basic simple fact in mind at every stage of any discussion of the issue otherwise you just end up looking silly.


You can't pass drug use off as a individual decision when all of the consequences fall to society in general.

But the consequences you speak of a

Fabricated Numbers

[Rothfuss]

I don't want to belittle the impact of cyber-crime, but this $105 Billion number is just fabricated to make the problem look large. On the other hand, the numbers for drug trade are basically an estimated amount of drug sales.

Drug numbers are *real* numbers. They still may not be accurate, but at least they represent the summation of finite transactions - like the global automobile trade, or the global whale oil trade. It is a sales number.

Cyber crime is a 'damages' number. Like the woman that spilled hot coffee on her leg and sued McDonalds for several million dollars in 'damages'... and at least she had a specific amount of damages ruled in her favor. The trumped up cyber-crime numbers... along with the RIAA numbers... are just manufactured because it is handy to provide very large numbers if you are on the side of the people producing the numbers.

What I would like to see is how many $$s were actually phished last year? How much did the Nigerians actually rake in by claiming to be my/your/her/his brother in law or trusted barrister?

Re:

[TubeSteak]

I don't want to belittle the impact of cyber-crime, but this $105 Billion number is just fabricated to make the problem look large.

I'm leaning in that direction also... Especially because of something in TFA.

"[McAfee CEO] DeWalt said that cyber-crime has become a US$105 billion business ... Worldwide data losses now represent US$40 billion in losses to affected companies and individuals each year"

So are they really saying that cybercrime is a $65 billion business with $40 billion in collateral damages?

If that's how they're playing the numbers, then you can easily jack up the cost to society of drugs, just add in hospital bills, lost w

Here's Another Reason: Cybercrime Pays

[patio11]

You know what your hourly wage works out as any dealer not on top of the local pyramid? Check out Freakonomics, its an interesting case study. Using one gang's meticulously kept accounting records, they estimated the average dealer makes a bit more than minimum wage. Oh, and for that he has a 25% chance of death or imprisonment over an N month interval. (I can't remember what N was but, yikes, for 25% it wouldn't matter if it were 120!)

Compare this to cybercrime. I have been, at points in the past, a spam researcher. At the time, I lurked in spammer forums to get an idea of what the enemy is thinking. Ignoring the "I make a million a month and own a fleet of cars and a harem" boasting, and just focusing on the deals that were offered and consumated there, it is clear that cybercrime makes Serious Money especially by the standards of the locales where some criminals hang out. A single script to clean a spam mailing list, which is what, two or three hours of work, costs about a month worth of a legit Russian programmer's wages.

Or take a look at the opportunities for low-level criminals in the US, like "cashers". A casher is the guy at the end of the identity theft chain who gets the only risky job: turning the swiped data into money. (Phisher turns credentials over to casher, casher gets money, pays phisher.) He has a non-zero chance of his photo ending up on camera. For this, he gets perhaps 35% of the take from the scam. 35% of the banking account of say a lower-middle class family is easily thousands of dollars. No drugs in your pocket, no guns in your face, and no dedicated squad of police officers busting into your apartment at 1:00 in the morning if you get sold out by a buddy.

Why would you sell drugs if you weren't using, given these risk-vs-reward scenarios?

Sounds like a good career move to me!

[maillemaker]

I tell ya, the more I read this stuff the more it makes me consider a life of crime! :)

Bypasses?

[DrJimbo]

Cybercrime passes, or even surpasses drug trade but I don't know why you think cybercrime "goes around" drug trade.

Forgive me for being an English Nazi but jeez Louise, have they now outsourced Slashdot editing to people who don't speak English?

Re:

[Cro Magnon]

Forgive me for being an English Nazi but jeez Louise, have they now outsourced Slashdot editing to people who don't speak English?

No, they haven't done that now. They did it ages ago.

Snark

[ewhac]

"Dear Customer,

"Thank you for your correspondence dated 17 May 2001, 22 January 2002, 8 July 2004, 14 March 2006, and 19 September 2007, requesting that the Federal Bureau of Investigation enforce existing wire fraud statutes with at least the same vigor with which we enforce non-violent drug posession statutes. Upon review, we regret to inform you that your requests to date were not of the form required by this authority.

"Please re-submit your request according to the traditionally established procedure. The most recent edition of this procedure may be obtained from the office of Senator Ted Stevens (R-AK). Your request may be filed at any Republican party field office. Please enclose with your request a cashier's check made payable to the Republican National Committee in the sum of no less than fifteen million (15,000,000) US dollars or equivalent sum in easily-convertible currency excepting Euros. Please do not enclose cash.

"We pride ourselves on providing our customers the best and most convenient law enforcement service possible, and look forward to receiving your request."

Re:

[sethstorm]

easily-convertible currency

Would you like that in dollars, rubles, yuan, yen, pounds sterling, Australian dollars, US jobs, university admissions, no-bid contracts, or members of Congress?

As of this post(excluding Iraqi dinars):
15 million USD = 379.977708 million Russian rubles
15 million USD = 112.819279 million Chinese yuan
15 million USD = 1.72651934 billion Japanese yen
15 million USD = 7.4940048 million British pounds
15 million USD = 17.8507676 million Australian dollars

Surpasses US market, not global

[fafalone]

The value of the global illegal drug trade is upwards of $300-500 billion by most estimates (and at least 150-200 by almost all others); of which the US market makes up about $60-100bn. Why is fact checking virtually non-existent with anything related to drug prohibition? And the other tactic, deceptive use of statistics, such as implying the $90bn maximum value of the trade is the entire value based and neglecting to mention that's only the wholesale market, is equally acceptable in even the most reputable publications. Why? Oh yeah, because virtually every actual fact contradicts the political consensus that prohibition is the best way to deal with the harms drugs create.

How do you divide 105 B$ ?

[hernick]

Divide 105 B$ between these kinds of cyber-crime:

x B$ stolen from e-mail users who have to work through deluges of spam
x B$ stolen from drug companies by thieves who sell illegal generics online
x B$ stolen from software vendors by digital-high-seas pirates
x B$ stolen from the RIAA and the MPAA by the common man who won't pay retail price
x B$ stolen from bookstores by project Gutenberg
x B$ stolen from encyclopedia makers by Wikipedia users
x B$ stolen from McAfee and other security vendors by Linux and OS X users
x B$ stolen from buggy-whip makers by car drivers

McAfee is here to help: your computer will be safe from all these cyber-crime enablers.

Re:missed one..

[Technician]

x B$ stolen from Microsoft and SCO and others by Linux and OS X users

Not True

[klblastone]

Cybercrime alarmists have been saying this for two years, but it's simply not true. The United Nations drug statistics indicate that the global market for illicit substances is approximately $322 billion. More information here: http://arstechnica.com/news.ars/post/20051129-5648.html [arstechnica.com]

ugh

[pestilence669]

Problems:

A) Pulling numbers out of ass.
It's crime. Criminals don't pay taxes. Where did this revenue estimate come from? Surely not from the IRS or the criminals' accounting department.

B) Playing the victim card.
The "victims" of "cybercrime" are almost always entirely at fault due to gross negligence. We shouldn't cry for people (or businesses) that cause themselves harm... especially if the "crime" involves losing a laptop filled with private data.

C) Trying to present something old as new.
It's not theft, i

Drug Dealers

[dontspitconfetti]

The drug dealers just need to move their whole business online, then they'll be on top again!

Imagine IRC channels dedicated to the drug trade! /me is ready to meet in the alley behind the liquor store

self-evident self-interest

[bigmaddog]

A man who stands to directly benefit from our fear of the cyberevil is telling us that said cyberevil is a) epic, b) growing in excess of other epic evils we are familiar with, and c) being grossly underestimated by everyone. Fantastic. Where's the credibility? We don't really need to attack his figures - the intractable flaw in the analysis is that his interpretation of them will never be without the looming spectre of disingenuousness, even if we cannot pinpoint it. Let's hear from people who aren't in li

Short memory?

[suv4x4]

Just go back two articles and we see that the industry lied blatantly about the $40 billion losses of piracy in Canada, and that such numbers are hard or impossible to obtain. And in other news "cyber-crime has become a US$105 billion business"...

Do we ever learn?

I don't think that word means what you think

[Tim C]

"Bypass", v: to avoid something by going around it.

I think the word you're looking for is "surpass" (to do or be better than).

(Definitions taken from the Cambridge Advanced Learner's Dictionary [cambridge.org].)

inflated numbers

[z_gringo]

That is nonsense. they are using grossly over inflated numbers. Kind of like when the RIAA claims they are being damaged by people downloading music.

WAR!!!!

[s1oan]

I see it coming... We had a war on drugs, a war on terror and soon we'll have a war on cybercrime. What country must be invaded this time?

Re:

[Bellum Aeternus]

The United States. We're the enablers in this one. For the most part it's inside jobs, so I guess Bush will have to invade lower Manhattan.

Re:

[Magada]

I have mod points and I almost modded you funny, but then I thought better of it. Nigeria has oil [bbc.co.uk].

Cybercrime vs Drugs?

[Yousef]

Hmmm...
Give it a little while and GWB will add a War on Cyber-crime to the wonderful War on Terror; the successful War in Iraq; and the original War on Drugs...

Made up statistics?

[tkrotchko]

Does this remind anybody of the stats that the Canadian government used to justify more anti-consumer laws? These stats sound like the kind of numbers that you come up with sitting around a bar with your friends.

Sounds like someone is using the big numbers to try to get congress to write more laws to "protect" the banks (or whomever). And when big companies get together to propose laws, it's usually not good for everybody else.

I don't get it

[ubrgeek]

Is this a story because of who made the claim? If not, this story is nearly two years old: http://www.theregister.co.uk/2005/11/29/cybercrime/ [theregister.co.uk]

Ghost in the Shell

[tknd]

When I read the summary it immediately reminded me of Section 9 in Ghost in the Shell. While we don't have all the cool technology or cyborgs yet, it is interesting to see how technology is burying itself deeper and deeper into our everyday lives.

It's Not a Fair Comparison

[ThomasTerranova]

It sounds impresive, but i don't think cybercrime
really surpasses the drug trade in profits, except on paper.

Corporations routinely exaggerate losses to a
ridiculous degree. I read that the average cost
to a company for a lost or stolen laptop is
considered to be $85,000 (due to loss of time
and proprietary data.)

Another example:
A company's server is hacked by a friendly hacker.
The hacker just wanted a challenge and didn't
distribute any data. He's caught and the company
then claims $5 million dollar

Adds to GDP!

[enrevanche]

This is absolute proof that Microsoft is good for the economy. Without them, this substantial addition to the world economic growth would be much smaller. Open source just cannot match this.

Re:Penalties are not that much lower

[Jeremiah Cornelius]

Oh yeah.

That Conrad Black will be facing a real "three strikes" kind of deal!

Re:

[MillionthMonkey]

I've heard that penalties for white collar crime were a lot harsher than real life crimes.

Just have one of your friends give you a pardon.

Re:

[Dragonslicer]

Maybe they wouldn't be hacked so much if they used a secure operating system?

Not even Linux can protect you from leaving your office laptop (with a root password of "password") in your unlocked car in a high-crime neighborhood.