Shared publicly  - 
 
I have been waiting for a Freakonomics style assessment of cybercrime and this is close.
Summary:
Cybercrime losses are grossly over-estimated by billions.
Cybercriminals have to work hard for a relatively small return on their time.
Thoughts?
http://www.nytimes.com/2012/04/15/opinion/sunday/the-cybercrime-wave-that-wasnt.html
31
6
fermin mittilo's profile photoEddie Presley's profile photoJames Barrow's profile photochioma ndibe's profile photo
12 comments
 
Thoughts? After the jump?
 
Makes sense, there's no such thing as easy money. I wonder if part of the cybercrime hysteria stems from most people's lack of technical knowledge. If you don't really understand how criminals can get at you, it's easy to start jumping at shadows.
 
Nice article. Most of the cost of cyber crime is probably in doing the clean up.
 
It's more like the story of the starfish on the beach, it matters a lot to the victim. If it's your last $1000 in the bank it was ALL you had.
 
While it examines personal cybercrimes, but what I think is not covered are what's not reported often anyway, the extortion cybercrimes. Banks and companies paying off criminal cyber hackers threatening businesses rather than have the company fall victim to a cyber onslaught, a DDOS attack, an exposure of company proprietary information or customer data. That would tend to big bigger payoff
than ripping off a single customer.
 
I think the key statement in this analysis is "low-profit struggle for the majority." Identity theft, and credit card numbers are so easy to steal they sell for very little-- and therefore are low profit for the criminal. However, the cybercrime described in this article is only a small part of the picture. When industrial and national security espionage is considered the price tag is higher.
 
im swiming away from that fisherman
 
I have some problems with their analysis. they are right that surveys grossly overstate the cybercrime problem, but those surveys (the ones I've seen anyway) focus on 'losses' in terms of time spent cleaning up the mess, not necessarily money lost directly to the criminals. that's very hard to measure. and of course they're usually sponsored by companies that sell products purporting to prevent cybercrime.

the problem is that because the authors don't have any way of measuring the true profits of cybercrime, they discount them outright. there are many notable cases of 'spam kings' who have pocketed millions. why not talk to them? some of them love to boast about how rich they are. there is a thriving black market of purloined email addresses, credit card numbers, and other credentials, as well as hackers and botnets for hire. the total value of that market would offer a much more accurate idea of what cybercrime really does pay.

also: what corporations and wealthy individuals have had to pay in data extortion, as well as how much banks pay out in online credit card fraud. again, figures that are hard to come by.
 
+P Costello that's what makes this such a hard concept to wrap one's head around. Much is hidden and underreported, but much is over exposed and over reported. Perhaps on a personal direct level there is less to fear than is reported but to +Portia Pusey 's comment, the industrial, financial and global security issues are more extreme.
Add a comment...