funsec mailing list archives
Re: Cybercrime as destructive as credit crisis
From: Rich Kulawiec <rsk () gsp org>
Date: Fri, 21 Nov 2008 18:16:56 -0500
On Thu, Nov 20, 2008 at 05:26:22AM -0700, Bruce Ediger wrote:
Just the other day, I read that something like 60% of all "cybercrime" investigations was for child pornography. How on earth can $60 billion annually be devoted to child pornography?
It's not. This is a huge overestimate, but it's one that will no doubt be echoed by the press, just like the ones from The Cartel (the MPAA, RIAA & Co.) about losses due to the content "piracy" and The Other Cartel (the BSA, the SPA & their cronies) about losses due to software "piracy". These numbers are not intended to be defensible, serious estimates: they're intended to be talking points, as Mike Masnick over at TechDirt has pointed out, more than once. How do they arrive at them? Well, pretty much, to borrow a line from Buzz Burbank, they make them up. But as to whether 60% of all *investigations* are focused on CP? I have no problem at all buying that. It's an easy target, especially when suspects are crucified in the press the moment their arrest is announced, *even if the evidence is pathetically weak*. Convictions are easy based on circumstantial evidence and juries -- who lack even baseline awareness of IT security -- will believe whichever geek-in-a-suit takes the stand and gravely testifies for the prosecution. And notice how these cases are always accompanied by lots of numbers: this many magazines, this many photos, this many movies, whatever -- all to make it look as big and significant as possible. And notice how often they go after the folks *buying* it, and how rarely they go after the folks *making* it. Roughly along these lines, I think the canonical example of prosecutorial misconduct, police stupidity, and jury idiocy would be the Julie Amero case -- imagine how much worse that would have gone if CP had been involved. (Although the recent cases of teens taking nekkid photos of themselves and being prosecuted under CP statutes are arguably even more ridiculous.) As I've said elsewhere (e.g, the NANOG list): Law enforcement is almost a complete non-factor in dealing with online abuse. Action is erratic, slow and incompetent at best; it tends to only happen when one of four things is true: (a) someone's running for office (b) positive PR is needed (c) a government has been publicly embarrrassed and needs a scapegoat or (d) someone with sufficient political connections, money, and/or power wants it. And even when it happens, it's ineffective: for example, token prosecutions of spammers have done nothing to make the spam problem any better. Multiple spyware vendors have settled their cases for pitifully small sums and then gone right back to work. Notice how fast authorities swooped down on the kid accused of fiddling with Palin's Yahoo account. That's a (c) and (d) I think. The Amero case was (a) and (b), at least. A number of spyware cases have been (b), never mind that in toto they've achieved nothing. You can just about run down the list of cases, with few exceptions, and tick off which factors were involved. Now if we want to talk real economic damage -- then let's talk about things like this: Robert L. Borosage: Keep Dancing, Chuck - Politics on The Huffington Post http://www.huffingtonpost.com/robert-l-borosage/keep-dancing-chuck_b_82790.html which makes the point (and cites sources) that the top five Wall Street banks handed out 39 billion dollars in year-end bonuses last year (2007). Not salaries, just bonuses. Not over the past century, just for 2007. Not the entire banking industry, just five banks. $39 billion. Extrapolation to the rest of the banking industry and then to the rest of the financial sector is left as an exercise for the reader. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Cybercrime as destructive as credit crisis Juha-Matti Laurio (Nov 20)
- Re: Cybercrime as destructive as credit crisis Bruce Ediger (Nov 20)
- Re: Cybercrime as destructive as credit crisis Valdis . Kletnieks (Nov 20)
- Re: Cybercrime as destructive as credit crisis Rich Kulawiec (Nov 21)
- Re: Cybercrime as destructive as credit crisis Trollie Fingers (Nov 20)
- Re: Cybercrime as destructive as credit crisis Gadi Evron (Nov 20)
- Re: Cybercrime as destructive as credit crisis Valdis . Kletnieks (Nov 20)
- <Possible follow-ups>
- Re: Cybercrime as destructive as credit crisis Thomas Raef (Nov 20)
- Re: Cybercrime as destructive as credit crisis Thomas Raef (Nov 20)
- Re: Cybercrime as destructive as credit crisis Valdis . Kletnieks (Nov 20)
- Re: Cybercrime as destructive as credit crisis Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 20)
- Re: Cybercrime as destructive as credit crisis John Bambenek (Nov 20)
- Re: Cybercrime as destructive as credit crisis Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 23)
- Re: Cybercrime as destructive as credit crisis Thomas Raef (Nov 20)
(Thread continues...)
- Re: Cybercrime as destructive as credit crisis Bruce Ediger (Nov 20)