The Cybercrime Wave That Wasn't

retroworks writes "Dinei Florencio and Cormac Herley write that cybercrime depleted gullible and unprotected users, producing diminishing returns (over-phishing). They argue that the statistics on the extent of losses from cybercrime are flawed because there is never an under-estimation reported. Do they underestimate the number of suckers gaining internet access born every minute? Or has cybercrime become the 'shark attack' that gets reported more often than it occurs?"

UNPOSSIBLE!

[Anonymous Coward]

Cybercrime is the new terrorisim! The new war on drugs!

Something we can 'fight' forever and spread alot of money around. (most of it to ourselves and business partners)

Why do you hate america? Do you wan't the evil cyberterrorist criminals to steal your identity and rape your dog?

Re:Flavour of the month

[Anonymous Coward]

Ever notice how when there is a notorious crime reported suddenly lots of other similar crimes start happening? Well, they don't suddenly start, they were happening before, just not being reported. It isn't over or under reporting in the sense that our stats are wrong, only in the sense that the mass media does a shit job of conveying factual information to the public.

Yeah like whenever a lame duck is trying to get re-elected there's a "white on black" shooting that wasn't really racial in nature and wasn't really done by a white guy.

Or whenever a bullshit pointless war isn't going well suddenly there's a white girl gone missing that we have to hear about for five weeks straight.

They say "commercial speech" is not as thoroughly protected by the Constitution as political or personal speech. Can we leverage that to pass a new regulation for media outlets: they shall not report about a criminal case until a trial has been held and a verdict issued and shall not report on the same event for more than one week. Just for the sanity of what few rational people managed to stay rational in the face of a psychotic pop culture.

Never saw anything more pointless than these hundreds of last-minute play-by-play updates on every little thing as if it was a sports event. "This just in! Zimmerman is asleep in his cell block! OH WAIT BREAKING NEWS! He appears to have woken up, scratched his rump, and gone back to sleep! MORE BREAKING NEWS! It's morning now and he's awake. Yes folks, he's AWAKE! Wow! Let's hear what our analysts have to say..."

Worse than just being long...

[betterunixthanunix]

It is not just that we are a long way from solving the problem of computer crime; we are not even trying to solve it. We are still sluggish on deploying digital cash (no, not Bitcoin, more like Chaum), relying on traditional systems of banking that have been translated into electronic forms (debit cards, credit cards, PayPal, etc.). We are still relying on passwords to protect money, personal information, and so forth. We are still relying on the From: field in an email to determine who the email came from. When things go wrong, we just call up the police and do nothing to fix the inherent security problems that made the attack possible.

Is it any wonder computer crime remains a serious problem? Society has not yet adjusted its thinking to align with the computer age. People have no concept of how easily emails can be forged -- one of my favorite demos to give people is to send them an email that has their own email address in the "From" field. There is also a general lack of technical knowledge that creates problems for people; a friend once told me that by password-protecting her BIOS, she could ensure that a thief would not be able to read her hard drive (she was shocked when I made her aware that a thief could just remove her laptop's hard drive and insert it into a different computer).

Eventually society will catch up. People eventually learned that traditional sword fighting tactics need to be dropped when you are dealing with firearms. In a few decades, computer security will improve out of necessity. Unfortunately, the time between now and then will be painful.