Cybercrime — an Epidemic? 74
ChelleChelle writes "'Cybercrime is pervasive, nondiscriminatory, and dramatically on the increase.' So states TEAM CYMRU, an altruistic group of researchers focused on making the Internet more secure. This article is a look into the root causes of Cybercrime, its participants, and their motivations, as well as suggestions on what we can do to stop this epidemic." From the article: "Many victims do not seem to draw the correlation between their losses and cybercrime; worse, they often view it as a crime that is impossible to investigate and prosecute. For cybercrime to be acknowledged as an important issue, the victims must report such incidents to a receptive law enforcement community with a well-informed judiciary. Attempts such as the president's National Strategy to Secure Cyberspace represent a significant first step in the right direction. To have the desired impact, however, the detailed provisions delineated as action/recommendations must be implemented."
how do you know when it's cybercrime? (Score:1, Offtopic)
I recently (days ago) posted an on-line ad to sell my car. Within a day I found 5 missed calls all from the same number. Hmmm, better carry my cell phone with me until I sell this thing.
Next time he called, he asked if the car was still for sale. Yes! Cool, maybe I can sell this thing.
He asked if he could send someone out to take some pictures... I asked what exactly it was he wanted. He said they (autotrader magazine) was having a special and they wanted to run my car ad in their mag for the special on
Re:how do you know when it's cybercrime? (Score:5, Informative)
You posted your number with the premise that you're selling a car. They're just trying to sell you a service based on that information. Now, if you would have put a disclaimer (like on Craigslist) saying something like "bona fide buyers only. No commercial services or solicitation," you might have been (in theory) entitled to recover civil damages.
-b.
Re:how do you know when it's cybercrime? (Score:5, Informative)
By the way, this is why you never post your cell number online. Set up a temp email address instead, or ask interested buyers to post their number, not yours.
Re: (Score:2)
Yep. That's autotrader. See this thread from rec.autos.misc [google.com] and this from ripoffreport.com [ripoffreport.com]
Re: (Score:2)
I got one of those last week. I don't publish my cellphone to ANYBODY, other than my family and a few friends. Most of my friends don't even have my cell. I can only think that it is Cingular itself that has given up my number to others.
And actually, I get no unwanted calls on my home line either, since it's a VOIP number given to me by Speakeasy.
Re: (Score:2)
Phone prefixes (the three numbers after the area code) are general specific to a provider. If your number is 214-555-8752, then someone who is 214-555-9761 probably has the same carrier as you. What this means is that Everyone with 214-555 is a Cingular customer, thus all cell users. That's ten thousand known victims--I mean potential marks--I mean customers to text message.
They're probabl
Re: (Score:1)
Because information wants to be free. Sorry, but every silver lining requires a dark cloud to line.
The obits will be used for apartment hunting.
KFG
Re: (Score:1)
That being said
The article mentions reporting the incidents to a "receptive law enforcement community with a well-informed judiciary"
Not happening!!! There is no such thing!
Reply: WTF Scam $SERVICE$ cybercrime? (Score:2)
You pay for the service, lose your money, get ducked
When you think and/or feel WTF (What...), then it is WTFU (Want To Fuck U), but you already know this
USA politics, religion, business
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
I've taken a compromise approach: all crackers are hackers, but not all hackers are crackers. As in my lockpicking example: you can do it professionally (locksmith), as a hobby (yes, some people make a hobby of picking locks...I've seen stranger), or you can get criminal with it.
Re: (Score:2)
If you believe the newly appointed Defense Secretary, cyberterrorism is legit term and is tantamount to using WMDs. [msn.com]
My daddy always told me... (Score:5, Insightful)
Simple as that, the internet has easy money and easy access. Coupled with the ability to steal from long distance and dramatically lowered possibility of getting caught...
It's a no brainer, of course the level of cybercrime is increasing.
Re:Let's stop the most significant epidemic/pandem (Score:2)
Not just the victims, the police too. (Score:5, Interesting)
Until law enforcement steps up to the plate and carries over on their job, people are going to continue to feel this way. Even once I had tracked the perpetrator down I had to personally go into the local prosecuting attorney's office to re-explain the case because they didn't get it either.
People have a reason to feel like they are unprotected on the internet.
It's because for a greater portion of incidents, they are.
Then there is the FBI's fraud division they setup online - which seems to be there for the sole purpose of reducing phone calls they have to take, while yet ignoring the reports unless they are very large cases - something I have seen discussed here on slashdot more than once.
I'm sure there are people with victorious memories over online criminals, but those are surely trumped by the sheer volume of cases where the victim reports the crime and the responsible law enforcement authorities do absolutely nothing if for no other reason than they simply do not know how.
Re: (Score:2)
Re: (Score:1)
It's not a question of lack of reporting, it's a question of no one being willing to listen to the reports and try to do anything about them.
Re: (Score:2)
People have a reason to feel like they are unprotected on the internet.
It's because for a greater portion of incidents, they are.
To a certain extent, that's true for any kind of crime. Police do only the minimum amount of detective work to qualify for the term "investigation". They are inundated with things to investigate. If you want police to work for you, you have to dig for yourself, get all the evidence together, document, photograph, and substantiate everything, and hand over a case pre-cut and ready
Cybercriminals do discriminate! (Score:5, Funny)
Re: (Score:2)
It's really called "Team Cymru"? (Score:3, Funny)
Does the team also consist of... (Score:2)
Re: (Score:2)
Start with the 'petty-crimes' (Score:3, Insightful)
And I mean, web-forms vandalism. From spammers to Wikipedia vandals. The reaction is always "clean up and forget". Or, when a particular page is too frequent a target — protect it to registered users only.
Not enough, IMO. The vandals should by sought out and prosecuted — {RI|MP}AA style — making a few high-profile prosecutions against (semi-)randomly picked abusers to "drive it home" to others, that one's being far away does not make them immune.
Re: (Score:3, Insightful)
Of course, the US government had a great opportunity to make spam a crime, but the opt-out nature of the legislation meant it was bit of a damp squib.
Re: (Score:2)
The entire point of CAN-SPAM was to preempt state legislation that did in fact make spam a crime (or at least something individuals could sue for). The bill was basically authored by the Direct Marketing Association. The feds, for the most part, never had a single intention of making spam a crime.
Re: (Score:2)
The license covers only what can and can not be done with the information outside of Wikipedia itself. And other sites suffering from web-form abuse may have totally different licensing/rule of conduct too — this is irrelevant.
As to "just what is illegal" — IANAL, but the vandal's intent may have something to do with it.
No, I was not.
Re: (Score:2)
This is because for IT types, the focus is on connectivity and uptime and nothing else.
This is why many companies are starting to set up IT security departments independent of the IT support staff: You can barely count on the IT guys to install patches, much less track down customer complaints of fraud or compromised systems. To be charitable, most of them are overworked, but that only lends more support to setting up independent departments.
I also find that IT
I notice... (Score:2)
By The Way #1: They seem to have found some atypically literate hax0rs. I see commas, apostrophes (used correctly!!!), mostly correct spelling.
By The Way #2: I'm looking forward to all the hello_world.pl'ists ranting about how the ACM doesn't know what "hacker" properly means.
And their motto is: (Score:3, Informative)
Altruistic? (Score:3, Insightful)
Just that statement is more than enough to a) scare the crap out of me and b) doubt their "research".
Re: (Score:2)
Re: (Score:1)
You just have to report it! (Score:2, Informative)
Re: (Score:3, Interesting)
If they are no bodies the cops don't care unless maybe you are a multichain store. The cops get no revenue from a lot of legwork, good luck. If there aren't drug profits or ticket revenue i wouldn't hold my breath.....
An employee stole thousands in merchandise that was found in his garage and nothing happened. I have yet to have something bad happen to me or work (or the office or apt next door) that was actually solved except the one WE knew the a
Apparent lack of actions from Feds disappointing (Score:5, Interesting)
1) Stock pump scams. When one starts making the rounds (Cana Petrolium today judging by my mail), find out who made purchases of the stock in the previous week. Freeze their accounts until the individuals responsible can be dragged into an FBI office. If the FBI/SEC can't locate the individuals then it just means that the laws regulating the stock trade are jokes.
2) Phishing. Set up fake accounts with the banks being phished and submit them to the phishing sites. I'm sure the banks will be more than happy to help. As soon as anybody tries to transfer money in our out of the account, freeze the account on the other end.
3) Drug / Software scams. Same as #2. Set up fake accounts with Visa and MC. Submit them to the sites trying to 'sell' the stuff and wait for the account numbers to get re-used somewhere else (you didn't think any of these sites were doing anything other than harvesting CC numbers did you?). Follow the money.
If the Feds can't do these things, then I think it indicates that we may be at risk of a fairly catastrophic economic collapse. After all, if I can buy and sell stock illegally, take money out of bank accounts fraudulently and buy stuff with credit cards without authorization, and do it all anonymously, it's safe to say the criminals are going to win. If Bush would just declare these crooks to be 'cyberterrorists' and start subjecting them to extraordinary renditions and gitmo treatment, I bet his popularity would surge. And he would be doing something good for the country with his remaining two lame duck years.
Re: (Score:1)
Re: (Score:2)
If they truly want to stop stock pump scams, they should start by shutting down all the financial new channels. Then they could bust all the fly
Re: (Score:2)
Then there's Sony, trying to screw customers in order to pump up the short-term stock options of the execs. These are all people who should be placed carefully in sealed plastic bags.
It's not just one company or a few, though. Once
Banks, Visa , and MC are not the ones losing money (Score:2)
Your suggestion of honey pot accounts (for Banks, Visa, and MC) will never happen. Because the ones losing money are not the Banks, Visa or MC. If they have loses, it's a small fraction of a percent of their profits.
Why should they spent resources to capture cybercriminals ripping off their customers? They are not altruistic.
Re: (Score:2)
I call it "zerging", a term from starcraft:
Zerging describes a tactic, originating in real-time strategy games but used in many different computer games that is analogous to the human wave attack in real-world ground warfare, in which overwhelming numbers of troops are sent at the enemy, d
Re:Apparent lack of actions from Feds disappointin (Score:2)
Wow! I think you're actually serious. There are so many things wrong with this proposition it's scarey that a grown adult doesn't understand.
1) Confusing the issue with terrorism means you've misdiagnosed both problems. When you do that your solut
Phishing Honeypots (Score:2)
Honeypots have their uses, but they won't prevent phishing as well as you suppose. The "account on the other end" is owned by some ordinary Joe Schmoe who has responded to a job ad as a "financial manager" for some overseas company. Such "money mules" ar
Easy one (Score:1)
Re: (Score:1)
Brilliant!
Crime increases rampant as new laws are made up (Score:4, Informative)
Take the internet, and take file-sharing and then just add the two together and
outlaw file sharing, you get an instant couple of million of additional criminals.
Nothing to see here, move along citizens. There's a whole "Enforcement Community" to be
built here on the net, much like the "War on Drugs" racket that criminalizes millions
of Americans already and is the cause for more than 70% of all incarceration in this country.
for stupidreason in Drugs War Terror; do
echo "War on $stupidreason & profit"
done
But hey it's for the children and in order to keep them safe we have a billion dollar
Corrections Industry (Corrections USA Inc. comes to mind)
Three Letter Agencies that lap up your tax dollars
Special Police Squads
Drug Testing Laboratories (to test you at the workplace)
but that's so 20th century, now with "Cybercrime" we get
even more people in prison
even more Three Letter Agencies
even more Police Squads
even more Wiretapping and spying on your home computer
even more searches of your property at the airport (they already started copying harddrives at the AP).
If you're not dumb I think you get the picture: another artificial reason to criminalize, prosecute and
incarcerate in the making and bread and butter for thousands more of bureaucrats.
Re: (Score:2)
And for the most part, the posters are right. When it comes to tech and the Internet, the cops have no clue.
But of course, a stupid bible thumping shitbag like yourself will miss all the finer points of the details on pretty much everything anyway unless it helps prop
Re: (Score:1)
Lets see... you just called me
stupid -- debatable
bible thumping -- Yeah! Amen Brother! Go and visit my church at http://www.landoverbaptist.org/ [landoverbaptist.org]
neo-fascist -- I thought we just established I am NOT on your team?
*ian, *ist etc. -- Im not much of a joiner so organized religion is nothing for me.
a shitbag -- ask my ex out, youre a perfect match for her.
Here... let me try my hand at a downright mean insult:
I t
Oh, I get it. (Score:1)
Thanks for clearing that up for me!
the way i see it ... (Score:5, Insightful)
- defacing webpages?
- password sniffing?
- phishing?
From my perspective, and my opinion may not always be correct -- the flood of 'cybercrime' by 'criminals' is a step in the right direction. They are forcing everyone to rethink our security models, and our plaintext connections. Far too often we neglect and abuse the passing of cleartext information
for far too long, we have been using these insecure protocols -- its time to step up and improve our security. How hard is it to use TLS, SASL and SSL? how about setting up our webservers to have a plain text portion, and a security based portion, using SSL? When will we finally learn to look at the URL when we are providing banking information to some seemingly safe site?
I'll tell you, we will finally have learned, once people have been driven to the point where insecure is no longer acceptable as status quo. Just like Video Card manufacturers that sell their products with 'hdcp compliant' all over the packaging -- so will ISP's, banks, and whomever, about SSL TLS, and secured authentication, etc, on the internet.
Crime is crime-defend yourself. (Score:3, Interesting)
Ignorance toward preventative measures usually results in victimization or a greater likelihood of it. There is no epidemic here. Crime will occur on every medium available-one must simply defend themselves from it. Given, a criminal can be smart enough (or determined enough) to commit an illegal act and this is bound to happen. That is why we have executive and judicial branches of the government-to apprehend and serve justice to those who succeed in breaking the law.
The internet is in its nascent form (and I dare say almost anarchistic), but it is no less a system effected by (human?-)entropy.
Problem is, the police don't care (Score:2)
The police themselves have no interest in cybercrime. The resources required to solve it are far greater than those needed to solve real-world crimes (remember, Britian is the spying captial of the world so chances are it will be caught on CCTV).
old hackers just fade away (Score:2)
They got a real job, got married, etc. It happens to the best of us.
The tragedy of the commons (Score:2)
When you have 5 minutes, go help out groups like Phishtank [phishtank.org], Akismet [akismet.org], SpamVampire [thescambaiter.com], etc.