Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Following the Money In Cybercrime

timothy posted more than 3 years ago | from the prevailing-wages dept.

Crime 107

jbrodkin writes "Five dollars for control over 1,000 compromised email accounts. Eight dollars for a distributed denial-of-service attack that takes down a website for an hour. And just a buck to solve 1,000 captchas. Those are the going rates of cybercrime, the amounts criminals pay other criminals for the technical services necessary to launch attacks. This criminal underground was detailed Wednesday in a highly entertaining talk given by researcher Stefan Savage at the annual Usenix technical conference in Portland, Ore. Savage's research into the economics of cybercrime began as lip service to satisfy the terms of a government grant, but it turned out to be the key to stopping computer attacks. Targeted methods — such as using CAPTCHAs — don't stop criminals, but they add to the cost burden and put the inefficient criminal organizations out of business, letting security researchers focus only on the ones that survive."

cancel ×

107 comments

Sorry! There are no comments related to the filter you selected.

Like antibiotics (2)

DanTheStone (1212500) | more than 3 years ago | (#36465516)

Now we just need to hope that they don't breed better attackers that are all resistant.

Re:Like antibiotics (1)

pasv (755179) | more than 3 years ago | (#36466052)

Antibiotics are taken after an infection. The problem is most people aren't taking their vitamins (user e-d-u-c-a-t-i-o-n). It may have been acceptable 10 years ago to not know the basics of preventative security measures but now you cannot afford to have an employee that doesn't know.

Re:Like antibiotics (2)

wisnoskij (1206448) | more than 3 years ago | (#36466660)

antibiotics are often given a preventative and in many cases for livestock are continually given from birth to death as a preventative.

Re:Like antibiotics (1)

arisvega (1414195) | more than 3 years ago | (#36467100)

You don't get it, it has to be a car analogy. Like so;

Instead of keep patching up your car, get one that was built to last.

Re:Like antibiotics (1)

Dunbal (464142) | more than 3 years ago | (#36467102)

If you think that taking vitamins ensures you never get an infection, please return your medical degree to the online university that sold it to you. While nutritional deficiencies can be one of MANY contributing factors leading to a depressed immune system, they are by no means the only nor the most important factor. And as an aside, if Vitamin C actually did anything to help the common cold surely there would be no more colds given the global abundance of Vitamin C containing cold symptom products.

Re:Like antibiotics (1)

Nursie (632944) | more than 3 years ago | (#36470816)

Taking vitamin supplements is for sucker, hippies and weirdos.

There's no evidence they do anything for people with even a halfway normal diet. In fact taking too much of some vitamins is actively bad for you.

The vitamin industry, of course, resists all attempts to make them validate their claims or do full testing, instead relying on superstition and handwaving.

There's a reason the supplement advertisers were made to ad small print to all their advertising material in the UK - "Dietary Supplements MAY be beneficial to the elderly or thos on restricted diets"

Re:Like antibiotics (1)

interkin3tic (1469267) | more than 3 years ago | (#36466136)

Psh! How could putting the inefficient cybercrime organizations out of business EVER backfire and select for better cybercrime organizations? That's just nonsense.

Re:Like antibiotics (1)

MichaelKristopeit408 (2018816) | more than 3 years ago | (#36466448)

Psh! How could putting the inefficient cybercrime organizations out of business EVER backfire and select for better cybercrime organizations? That's just nonsense.

by creating orphan members of the closed organization who out of will to survive create their own organizations using past knowledge to protect themselves and their organization where their previous organization failed.

just because an organization is vulnerable to being shut down doesn't mean the individuals of the organization are also vulnerable to never being allowed to start up again.

your pseudonym is nonsense, feeb. cower behind it some more.

Re:Like antibiotics (1)

interkin3tic (1469267) | more than 3 years ago | (#36466564)

by creating orphan members of the closed organization who out of will to survive create their own organizations using past knowledge to protect themselves and their organization where their previous organization failed. just because an organization is vulnerable to being shut down doesn't mean the individuals of the organization are also vulnerable to never being allowed to start up again.

I was being sarcastic... I guess that was subtle for the internets.

That said, I was just thinking along the lines of "Eliminate the inefficient organizations and that just means more business for the efficient ones, who will invest that added income better."

Re:Like antibiotics (-1)

Anonymous Coward | more than 3 years ago | (#36466688)

I guess that was subtle for the internets.

Simpler than that, even: MichaelKristopeit* is an idiot and you're wasting your time replying to him.

Re:Like antibiotics (1)

MichaelKristopeit401 (1976824) | more than 3 years ago | (#36466724)

ur mum's face is an idiot.

cower in my shadow some more, feeb.

you're completely pathetic.

Re:Like antibiotics (1, Funny)

MichaelKristopeit405 (1990180) | more than 3 years ago | (#36466772)

disregard that, i suck cock.

Re:Like antibiotics (1)

MichaelKristopeit401 (1976824) | more than 3 years ago | (#36466948)

"MichaelKristopeit405" is operated by a pathetic individual attempting to steal my identity for use in defamatory actions.

to the individual responsible: i live at 4513 brittany ct. eau claire, wi 54701. present yourself to me, admit what you've done; then i will bring upon you the ultimate punishment for your transgressions.

you're completely pathetic.

Re:Like antibiotics (1, Funny)

MichaelKristopeit405 (1990180) | more than 3 years ago | (#36466980)

you're a liar. i live at 4513 brittany ct. eau claire, wi 54701. present yourself to me, admit what you've done; then i will perform fellatio on you.

Re:Like antibiotics (1)

MichaelKristopeit350 (1968134) | more than 3 years ago | (#36467094)

"MichaelKristopeit405" is operated by a pathetic individual attempting to steal my identity for use in defamatory actions.

to the individual responsible: i live at 4513 brittany ct. eau claire, wi 54701. present yourself to me, admit what you've done; then i will bring upon you the ultimate punishment for your transgressions.

you spend your days living in a fantasy world you've created relative to me... i can only assume you do this because living in any world relative to yourself is not bearable.

you are NOTHING.

Re:Like antibiotics (1)

MichaelKristopeit402 (1978292) | more than 3 years ago | (#36466700)

were you being sarcastic, or were you just thinking?

you're an ignorant hypocrite.

cower in my shadow behind your chosen energy based pseudonym some more, feeb.

you're completely pathetic.

Re:Like antibiotics (3, Interesting)

jellomizer (103300) | more than 3 years ago | (#36466286)

Well not really. Organized Crime grows but it doesn't reproduce well. If one does split it is often because there are some hot heads who think they can do it better, and takes resources away from the other. So we either get One Organization who is strong while the other is weak and will die off soon. Or both will be weaken and both would die off soon. Very Rarely would they split into 2 strong units.

However what could happen with all the small guys going away there is less competition for the big ones and then they can monopolize the market... FTC is kinda useless against Organized Crime.

But if they get too big it gets harder for them to operate without the law noticing and makes it easier for law to bring them down.

Re:Like antibiotics (4, Insightful)

icebike (68054) | more than 3 years ago | (#36466578)

However what could happen with all the small guys going away there is less competition for the big ones and then they can monopolize the market...

Do these guys really compete at all?

I've never seen shoplifters or bunglers compete. There are simply too many soft targets out there.

But the rest of your analysis is otherwise pretty good, and the reduction of organizations might be mostly in the script kiddie market, with the few really good (bad) organizations being pretty much unaffected.

When the truth emerges about the current deluge of hackers it will probably be a huge mob of semi-literate kiddies running scripts and purchased hacks, mostly for harassment and diversion of government resources while the big boys break into money pits or marketable secretinformation sites.

While the harassment and dossing have been with us for some time, the tempo has been ramped up. Why are these people concentrating on government agencies like the FBI? My guess is they are being organized to act as a diversion by other governmental agencies or those guys after the big bucks. Maybe Iran is getting back at the west for wrecking their centrifuges. Who knows.

Personally I suspect its the same organizations helping themselves to the money and their government employers to the secrets.

Re:Like antibiotics (1)

NoSig (1919688) | more than 3 years ago | (#36467876)

According to the summary these people are selling services to other criminals, so it seems to me that they do compete.

MASS MESH ATTACKS ON THE WAY... apk (0)

Anonymous Coward | more than 3 years ago | (#36466886)

They're nasty SOB's too:

http://www.esecurityplanet.com/trends/article.php/3935941/New-Injection-Attack-30000-Websites.htm [esecurityplanet.com]

"Now we just need to hope that they don't breed better attackers that are all resistant." - by DanTheStone (1212500) on Thursday June 16, @01:32PM (#36465516)

Break out the "Zithromax" then... looks like we'll need it!

APK

P.S.=> Now - SQLInjection's fairly easy to stop (via Stored Procedures usage, BIND variables usage, & removal of business logic out of front ends in general (if not blocking out redirects as I do to over 1, 444, 345++ known bad sites/servers/domains-hosts as I do via a HOSTS file, or a firewall (or even a TPL for IE, Opera's URLFILTER.INI or FireFox's methods etc.))...

This type though? Quite a bit worse

So - Hate to say "I told you so", but... it furthers the case for my stating to people to LIMIT THEIR USE OF JAVASCRIPT as I have said for YEARS here:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

nd a decade before it here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

Man - yes, I know: You NEED javascript for some sites (think e-commerce) but... the second I saw scriptable documents in say, Word & Excel docs + their macros being taken advantage of in VB-Script/VBA? I knew that scripting web HTML documents was going to be the same!

So, do take a read, be enlightened folks!

... apk

Cheap Enough, But ... (4, Insightful)

WrongSizeGlass (838941) | more than 3 years ago | (#36465534)

But how do you pay these "companies" when you want to purchase their services? I'm sure not going to give them credit card, or an electronic bank transfer. Do they accept BitCoins? ;-)

Re:Cheap Enough, But ... (3, Funny)

Anonymous Coward | more than 3 years ago | (#36465608)

I pay using credit cards. Not my own, though.

Re:Cheap Enough, But ... (1)

icebike (68054) | more than 3 years ago | (#36466650)

Seems AC is making up stories.

If you had someone else's credit card why not just give it to the supplier in exchange for the hack, and let them sell it on to someone else rather than trigger a transaction that leaves a paper trail.

Re:Cheap Enough, But ... (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#36465724)

Wire transfer?

Re:Cheap Enough, But ... (0)

Anonymous Coward | more than 3 years ago | (#36465784)

I have 500,000$ worth of bitcoins. If you know of any companies that accept them as payment please let me know.

Re:Cheap Enough, But ... (1)

drinkypoo (153816) | more than 3 years ago | (#36465786)

One time use credit card? Money order? A competent bank could create a temporary account for a wire transfer.

Re:Cheap Enough, But ... (2)

wintercolby (1117427) | more than 3 years ago | (#36465826)

Re:Cheap Enough, But ... (2)

Lunix Nutcase (1092239) | more than 3 years ago | (#36465936)

That's why you should pay them in Beenz. No one is going to want the steal them.

Re:Cheap Enough, But ... (0)

Anonymous Coward | more than 3 years ago | (#36465900)

But how do you pay these "companies" when you want to purchase their services? I'm sure not going to give them credit card, or an electronic bank transfer. Do they accept BitCoins? ;-)

PayPal?

Re:Cheap Enough, But ... (2)

scorp1us (235526) | more than 3 years ago | (#36466056)

Better yet how much for them to mine bitcoins for you. They can pay themselves with 30% of the mining...

Re:Cheap Enough, But ... (2)

hellkyng (1920978) | more than 3 years ago | (#36466130)

You pay these companies through web money accounts, which are effectively the same as cash. These transactions are usually non-reversible and run through companies like Western Union or Liberty Reserve. Credit cards are a completely worthless form of payments on those sites, and they recognize that.

Re:Cheap Enough, But ... (1)

Intrepid imaginaut (1970940) | more than 3 years ago | (#36466152)

Western union? Warcraft Gold?

Re:Cheap Enough, But ... (1)

gl4ss (559668) | more than 3 years ago | (#36466232)

for such low sums some egold-alike (or one of the gazillion paypal competitors that come and go) would do - whatever happens to be buyable with a disposable credit card that can be bought from some other paypal-like service.

Re:Cheap Enough, But ... (0)

Anonymous Coward | more than 3 years ago | (#36466898)

Gents, how about "liberty reserve"; http://www.libertyreserve.com/ [libertyreserve.com]

I guess not your credit card....

Re:Cheap Enough, But ... (0)

Anonymous Coward | more than 3 years ago | (#36467894)

Aside from the obvious 'cash in an envelope', I'd imagine a prepaid Visa type thing would work well.

Wow! (5, Funny)

eln (21727) | more than 3 years ago | (#36465572)

At those prices, I can't afford to NOT spam!

IN IS NOT CAPITALIZED IN TITLES (-1)

Anonymous Coward | more than 3 years ago | (#36465650)

Now you know.

Re:IN IS NOT CAPITALIZED IN TITLES (1)

Culture20 (968837) | more than 2 years ago | (#36468414)

It is if it's the abbreviation for Indiana (IN).

Re:IN IS NOT CAPITALIZED IN TITLES (0)

Anonymous Coward | more than 3 years ago | (#36471742)

IN is not an abbrev. IN is a post office obamanation. Ind. is an abbrev. of Indiana. Ft. is an abbrev. for Fort. Class dismsissed.

Economics (5, Insightful)

SniperJoe (1984152) | more than 3 years ago | (#36465754)

I am beginning to think that everyone should be forced to take an economics course in their lifetime. So much of the world is driven by economics that I think you'll understand the world quite a bit better if you understand the dollars and cents behind it. Perhaps its a case of "the more economics you know, the more economics you see."

Re:Economics (2)

betterunixthanunix (980855) | more than 3 years ago | (#36465810)

Theoretically this should be part of basic high school education, but considering that we only barely expect our high school graduates to be literate (at least in America), I doubt we will see such a situation any time soon.

Re:Economics (4, Insightful)

operagost (62405) | more than 3 years ago | (#36465920)

If our students understood economics, there would be fewer of them going to college with the false expectation that a degree will guarantee them a secure job, and even fewer who believe politicians who promise "free" anything.

Re:Economics (-1)

Anonymous Coward | more than 3 years ago | (#36466532)

-1 flamebait. Not this again. There needs to be a Godwin's-esque law for someone starting this argument on slashdot.

Re:Economics (2)

dmgxmichael (1219692) | more than 3 years ago | (#36467124)

Worse, if more people understood economics, there'd be even fewer engineers and more parasites (lawyers, politicians and bankers)

Re:Economics (1)

paulo.casanova (2222146) | more than 3 years ago | (#36465972)

Most people are too immature in basic high school to understand Economics -- at least to a useful level. And they are too concerned with tagging their photos in Facebook to care...

Re:Economics (1)

MobileTatsu-NJG (946591) | more than 3 years ago | (#36466138)

Most people are too immature in basic high school to understand Economics -- at least to a useful level. And they are too concerned with tagging their photos in Facebook to care...

I'd be careful about casting stones, plenty of people posting on Slashdot don't even understand supply and demand.

Re:Economics (0)

Anonymous Coward | more than 3 years ago | (#36466264)

I'd be careful about casting stones, plenty of people posting on Slashdot don't even understand supply and demand.

I'll fix it for him:

Most people are too immature.

It's the sad, simple truth of the world.

Re:Economics (0)

Anonymous Coward | more than 3 years ago | (#36466592)

> Most people are too immature.
>
> It's the sad, simple truth of the world.

Too wordy. "People are immature."

Re:Economics (1)

slyborg (524607) | more than 2 years ago | (#36468760)

Dunno, my high school required basic Econ to graduate, This was back in the 80's.

Re:Economics (4, Insightful)

JustSomeProgrammer (1881750) | more than 3 years ago | (#36465830)

My world history class in college was centered on the history of trade since people always migrated along those paths and society developed along those paths. It was really interesting and taught me that yes, money really does make the world go round.

Re:Economics (0)

Anonymous Coward | more than 3 years ago | (#36465942)

Bad idea. If everyone were forced to have a basic knowledge of economics, then liberalism would take a huge hit.

Re:Economics (0)

Anonymous Coward | more than 3 years ago | (#36466494)

This from someone who still believes in Reaganomics and that the Bush tax cuts are good for the country? It didn't work 30 years ago and still doesn't work.

Re:Economics (1)

nomadic (141991) | more than 3 years ago | (#36466560)

And this is why it is useless to teach economics; there's no agreed definition to what economics is.

Re:Economics (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#36466612)

But any rational person realizes that George H.W. Bush was quite correct in calling Reagan's version of economics out as "voodoo economics".

Re:Economics (0)

Anonymous Coward | more than 3 years ago | (#36466838)

That's why Reagan was the greatest president ever and why this country still wants to pursue the economic policies he started. You can't even be a republican candidate these days without pretending to believe this tripe. It's also the reason that Bush senior lost the election. He needed to raise taxes on top of the 8 tax increases that Reagan made to pay for defense and corporate spending.

Re:Economics (1)

nomadic (141991) | more than 3 years ago | (#36467700)

And while you are rational and I'm rational, and ultimately even Reagan was sort-of-rational (in that he did institute tax increases when he thought they made sense), there are plenty of people on slashdot, for example, who think it is accepted "economics" that raising taxes always hurts the economy.

Freakonomics (4, Insightful)

Lifyre (960576) | more than 3 years ago | (#36465988)

I don't know if you've read Freakonomics or not but that is basically the premise of the entire book(s). There are economics in everything, people respond to incentives and if you set up your incentives properly you'll get the result you desire. Fail to properly incentivize people and you can get all sorts of interesting results. I particularly like the Israeli Day Care example.

Re:Freakonomics (1)

SniperJoe (1984152) | more than 3 years ago | (#36466132)

Absolutely. I have read that book (not the sequel yet, though) and that's a bit about why I said what I did. Hell, I was just in the car listening to BBC World News over Sirius and they were talking about the fact that rewards for information regarding terrorism isn't very effective with the Taliban because they are not materialistic and as such, money has little value to them. As you said, it's all about incentives.

Re:Freakonomics (0)

Anonymous Coward | more than 3 years ago | (#36471974)

rewards for information regarding terrorism isn't very effective with the Taliban because they are not materialistic and as such, money has little value to them

The Taliban will do anything for 72 virgins. Surely we can find 72 patriots on Slashdot willing to make the sacrifice.

Re:Freakonomics (2, Funny)

Anonymous Coward | more than 3 years ago | (#36466160)

Freakonomics is to Economy like Donald Duck is to Ornithology.

Re:Economics (1)

jbrodkin (1054964) | more than 3 years ago | (#36465990)

Absolutely. I wish I had taken an economics course in college. It's only in my "old age" that I've started to become interested in this stuff.

Re:Economics (1)

IceNinjaNine (2026774) | more than 3 years ago | (#36466530)

"Youth is wasted on the young." - George Bernard Shaw

Re:Economics (1)

Raenex (947668) | more than 3 years ago | (#36466548)

I wish I had taken an economics course in college.

I did, and you didn't miss much. Unfortunately, most of it involved a bunch of formulas that are only true when everybody acts completely rationally and don't take into account feedback at all. It was just an academic exercise.

The basic idea of supply and demand is the most fundamental thing you can learn about economies, and just about anybody can understand it.

Re:Economics (1)

Anonymous Coward | more than 3 years ago | (#36466982)

Proving that you didn't learn much economics. You just regurgitated information you didn't understand.

The very basic economics formulas are centuries old and don't have a built-in feedback adjustment. You have to do that yourself. Which is why basic microeconomics has a lot of graphs with a supply curve and a demand curve and gives you problems asking what equilibrium price (or quantity) results from a stated change in quantity demanded, quantity supplied, shock to cost of production, etc etc.

They're pretty handy for showing people what adjusting one variable will result in. They're only a good guide when dealing with the amount of variables in a functioning modern economy. If you can't consider the implications of assumptions that are violated in real economies, thats a failure of you, not the economics.

Or, I guess physics didn't teach you much either. Because basic physics tells you to assume something is falling in a pure vacuum, which occurs exactly nowhere (or at least nowhere that I know of), and yet people managed to develop beyond mere "academic exercise" .. because they understood the limitations of the formulas.

Re:Economics (1)

Raenex (947668) | more than 3 years ago | (#36467734)

I was talking about macroeconomics. The basic formulas for supply and demand are fine.

Macroeconomics claims to model bigger things, yet most of the formulas I was indeed forced to regurgitate were just not useful in the real world.

This opinion is also held by many mainstream economist. In fact, it seems to become popular again after every major crisis.

Re:Economics (0)

Anonymous Coward | more than 2 years ago | (#36469234)

Again proving that you didn't learn much economics. You just regurgitated information. Especially since you claim that "many mainstream economist" don't find macroeconomics useful. You can find many that will distance themselves from, say, keynesian style macroeconomics, but you'd be hard pressed to find one that's just like "macroeconomics? pft, that stuff is shit in the real world."

I'd find it pretty difficult to find useful, er, uses of basic chemistry. Apart from turning red wine into a toxic white wine look-alike, not so useful in the real world either. And yet, I wouldn't go so far as to suggest that you missed nothing by skipping basic chem.

And if your time in an economics classroom didn't at least teach you enough to think "wait, what?" during campaign time, you really didn't spend enough time studying. Which is more of a benefit than I've ever gotten from the basic natural sciences.

Re:Economics (1)

Raenex (947668) | more than 2 years ago | (#36469520)

You just regurgitated information.

I was forced to, because that's what they decided constituted an education. That doesn't mean I didn't understand what they were trying to teach, and couldn't evaluate its worth.

You can find many that will distance themselves from, say, keynesian style macroeconomics, but you'd be hard pressed to find one that's just like "macroeconomics? pft, that stuff is shit in the real world."

Considering that what I was taught was a bunch of limited, academic navel gazing, there are plenty who would say it was worthless shit in the real world. That doesn't mean the whole field is worthless, and maybe things have improved, but when I took it, something like 17 years ago, most of it was a worthless academic exercise. In fact, the same critique was mentioned in my textbook in a later chapter.

After the last crisis, you had economists saying we need yet another rethink and research on how things really work.

Re:Economics (2)

idontgno (624372) | more than 3 years ago | (#36467852)

That just proves that Newtonian mechanics isn't complete physics the same way that high school Macroeconomics isn't the complete economic picture. However, there is a difference: classical mechanics corresponds pretty closely to gross everyday observation of physical phenomena, but pure elementary Macro and Micro bear only the slightest correspondence to the gyrations and churn of the great big huge Global Economy, as frantically and inconsistently reported by every news organ in the world, and as debated endlessly and fruitlessly by every pundit, economist, politician, or CEO in existence.

High school economics is more obviously idealized and incomplete than high school physics, because high school physics is more closely correlated to observable reality.

Re:Economics (0)

Anonymous Coward | more than 2 years ago | (#36468348)

Apparently you didn't grasp the part where it was asserted that you didn't miss anything by not taking basic economics, with the implication that basic economics is incomplete. Despite the fact that everybody at all times faces economic decisions. I suppose we should all just guess and pray rather than bothering to try to systemically learn something about something as complex as an economy where each actor has a unique set of preferences, assets, and goals. Unlike say chemistry, where one atom of an element is interchangable with any other atom of that element, economics strives to resolve dozens/thousands/millions/billions of unique agents into something a single lowly human mind can process. And we should definitely not bother trying to ease the learning curve by simplifying the basics.

But yeah. Basic physics is less obviously incomplete, so its viable. Even though only a small fraction will find basic physics knowledge in their life, we should offer it to all students. But economics, more obviously incomplete, should be passed over, though it is far more applicable to a student's life.

Re:Economics (0)

Anonymous Coward | more than 3 years ago | (#36470858)

This is true. I had to take two economic classes as basic courses. They taught us micro/macro economics but only at a very broad glance. Sure we drew graphs and stuck in price ceilings and floors to see what happened, but there are so many more variables in the real world that these simplistic models fail rather quickly when you try to apply them.

The background of what economics is and why it exists is a good thing to know regardless.

Re:Economics (5, Insightful)

gstoddart (321705) | more than 3 years ago | (#36466148)

I am beginning to think that everyone should be forced to take an economics course in their lifetime.

The problem is ... which version of 'economics'?

It seems there's the broad, general sense of economics which attempts to explain how things work as an interconnected system. And, then there's the economics which is almost dogmatic ... it's a belief that under certain circumstances, and given a set of assumptions, a given outcome would naturally occur. Those, I'm not convinced are supported by anything more than a desire for it to be true.

I, for instance, have yet to be convinced that "trickle down economics" actually accomplishes what its proponents claim it will. I also, am completely unconvinced by things that the rampant socialists say would happen if we listened to them since their numbers are equally imaginary. They both amount to wishful thinking.

At a certain point, economics devolves into ideology and philosophy. And your belief in what works ceases to be empirical, and more focused on how you think the world should operate if you could rewrite reality to suit your own needs (or, force everyone to adopt your theories long enough for them to be proven true/fail utterly).

I agree that some understanding of economics is valuable ... but then it breaks down to become a belief system, and goes all to hell. Modern economics is like the Emperor's New Clothes ... as long as we all keep deluding ourselves that it works, everyone is happy. Occasionally, a glaring counter example comes along that people chalk up as being an anomaly.

It seems that goes for both ends of how people believe economics works.

Re:Economics (0)

mcmonkey (96054) | more than 3 years ago | (#36466890)

I, for instance, have yet to be convinced that "trickle down economics" actually accomplishes what its proponents claim it will.

Really? So what will it take to convince you that "trickle down economics" actually accomplishes the opposite of what its proponents claim it will?

Because from there, it's an easy walk over to being convinced that those proponents know this and have been lying about their intentions the whole time.

Re:Economics (2)

gstoddart (321705) | more than 3 years ago | (#36467254)

Really? So what will it take to convince you that "trickle down economics" actually accomplishes the opposite of what its proponents claim it will?

Surprisingly little, but in the interests of being somewhat balanced, I chose to highlight that the two extremes are both a little shaky without actually focusing too much on one or the other.

Because from there, it's an easy walk over to being convinced that those proponents know this and have been lying about their intentions the whole time.

As someone I used to work for used to say ... it's not a lie if you believe it.

I believe it's entirely possible to believe that trickle down economics would work, and that it it would begin by benefiting those advocating it ... as I said, after a certain point, one's economic theories become closely tied with one's beliefs.

Trying to falsify the beliefs of another is usually an impossible task. I don't need to believe them to be intellectually dishonest ... I just think that the belief that trickle down economics is so tied into the rest of how they perceive economics as working, that there's no separating the two. It's an article of faith.

Those who worship at the feet of "The Free Market" will pretty much always take it as a given that tax cuts for the rich will trigger spending which will in turn excite the economy, and therefore benefit everyone. I think it lets the wealthy skim off the cream, leaving the rest of us with less (which is why the top richest people get richer and everyone else ends up broke).

Somehow, they think that's to everyone's benefit, but I've never been clear on exactly how that was supposed to work for the rest of us.

To a certain extent, Capitalism seems like a ponzi scheme. Certainly, that's how they're running the stock market over the last decade or so.

Re:Economics (0)

Anonymous Coward | more than 2 years ago | (#36469550)

There is a problem with your assumptions. The people who remain rich (whether they inherited it or earned it) have learned how to protect the value of their money. With even slow gradual inflation money bunged up in a bank will lose value over time. So the people who have money have learned how to use it; they purchase goods and services and they invest it. Investing it means providing someone else with the means to make a product or a service a reality and profiting from it. Purchasing a service means paying someone to do a job, like gardening, that pays the service provider. Purchasing goods, like a car, means paying the person who sold it and the people who made it. Investing it... wow... That is how you provide the capital for someone with ideas to make something that didn't exist before and pay people to help them do it, and then get everyone paid (from the lowest employee up to the investor) for the value of the idea.

Re:Economics (1)

dargaud (518470) | more than 3 years ago | (#36471856)

I, for instance, have yet to be convinced that "trickle down economics" actually accomplishes what its proponents claim it will.

I heard a (good) economist debunk it in one single sentence (I'm paraphrasing here): "If you give money to the rich, they'll put it in an offshore account or use it to purchase expensive art from other rich people. None of it goes back to the economy. If you give money to the poor, they use it to eat or to fix their car. It's back in the economy within a week."

I'm confused (2)

interkin3tic (1469267) | more than 3 years ago | (#36466108)

It suggests that CAPTCHAs can narrow the profit margin, but just a few lines above that it says they only cost a dollar to overcome. So these spammers will sell 1000 e-mail accounts for 8 dollars, and adding a dollar to the end cost to compensate for the CAPTCHAs would totally destroy their business model?

Was that supposed to mean that each of the thousand CAPTCHAs adds a dollar in cost to spammers? Because then I could see how that would cause some problems for them.

Re:I'm confused (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#36466150)

Was that supposed to mean that each of the thousand CAPTCHAs adds a dollar in cost to spammers?

Yes.

Re:I'm confused (0)

Anonymous Coward | more than 3 years ago | (#36466754)

I call bullshit on that. How long does it take an average human to solve CAPTCHAs? Assume that it takes me ten seconds for each, which I imagine is not entirely unreasonable. Then I'd make on the order of 360 bucks/hour solving CAPTCHAs if they cost the client a dollar each.

Sorry, but that's just not realistic, and even less so when you consider that other people living elsewhere might be willing (or forced) to do this work for much less than what MY minimum would be.

Re:I'm confused (1)

Dunbal (464142) | more than 3 years ago | (#36467192)

Fuck, sometimes I can't even solve it after 3 or 4 tries.

Re:I'm confused (1)

gnick (1211984) | more than 3 years ago | (#36467182)

Was that supposed to mean that each of the thousand CAPTCHAs adds a dollar in cost to spammers?

Yes.

No. Read it again. It adds $1 to each block of 1,000 CAPTCHAs, not each of the 1000 CAPTCHAs.

that cheap, eh? (2)

treywilliams (2274258) | more than 3 years ago | (#36466124)

I wonder what the going rate for stealing credit card numbers that have been saved on a website for returning customers. I know, because I've been the victim on identity theft twice now, and let me tell you, it ain't pretty. Recovering financially takes a year or more through vigorous DIY credit repair strategies and can make you weary of future online purchases. I read in another recent post all the grief that PayPal gives its customers and I can also attest to the fact that they are the most self-serving douche bags on the internet. Their operation is criminal... negligent at best. But seriously, $8 for a denial of service attack is super cheap. Hopefully as people start getting more serious about cybercrime, we can look back in 10-20 years and look at the internet as the Italian mafia with its godfathers being Google, PayPal, Facebook and the rest of the power holders sitting in prisons or at least crashing and burning financially.

Re:that cheap, eh? (1)

satuon (1822492) | more than 3 years ago | (#36473538)

I use PayPal because you don't have to disclose anything to the sellers, you don't give a credit card number. I've heard they charge a few percent of the entire sum for each transaction though.

recording? (0)

Anonymous Coward | more than 3 years ago | (#36466176)

Was this talk recorded? If so, does anybody have a url?

Of course you follow the money. (5, Interesting)

Animats (122034) | more than 3 years ago | (#36466204)

Of course you follow the money. There aren't that many spammers; about three years ago, there seemed to be only about ten unique large-scale spammers. Taking one of them down made a significant dent in spam traffic for a month.

Junky spam and junky bogus web sites are obsolete, even in the criminal world. The old mindset was to filter out emails and sites that "looked junky". The old "Web Spam Challenge [lip6.fr] was based on this. They have a big file of pages which humans have classified, by a quick look, as "spam" or "not spam". Five or ten years ago, that sort of worked, because most of the junk sites were really tacky. Phishing sites used to have blatant misspellings. That's history. Today's crooks have good web site production values.

So you have to dig deeper. On the web spam/bogus web site front, part of the right answer is to find out who's behind the web site and do a background check. (We do that at SiteTruth.com, as I've mentioned before.) Right now, even a superficial check (is there a mailing address on the site? Is it a known phishing site? Do seals of approval check out? Non-junk SSL cert?) is enough to knock out a big fraction of the junk. The deeper checks (is there a business at that address? How long in business? How much revenue last year? What's their business credit rating?) tell us enough to have some confidence about business legitimacy.

The original article mentions "ordering tons of stuff from phishing scams to trace the path of the money." That's what the FBI should be doing more of. Law enforcement can have accounts created, plug into the credit card system, and watch their credit cards being used in real time. It's hard to do that without law enforcement authority.

Re:Of course you follow the money. (1)

Dunbal (464142) | more than 3 years ago | (#36467262)

a significant dent in spam traffic for a month.

A month.

Time to bring out draconian legislation that hits spammers where it hurts - go after the idiots who respond to spam, just like they go after the "johns" that try to pick up prostitutes... a few ads in the local paper saying that John Q Neighbor was trying to buy v14gr4 or an online degree should really help.

I hope you don't think I was being serious.

Busting CAPTCHAs is not a crime. (5, Insightful)

Jane Q. Public (1010737) | more than 3 years ago | (#36466234)

Busting CAPTCHAs is not a crime. Not usually, anyway. Sure, it may violate a website's terms of service, but US courts so far (quite correctly) say that's not a crime, unless you're "stealing" a for-pay service. And maybe not even then.

It is not valid to label something a "crime" just because it's inconvenient for some people. The lesson to be learned here is that CAPTCHAs are a lazy (and often lousy) way to prevent "unauthorized" access.

Also, while most CAPTCHAs today can be busted with automated tools, as OP says it's often more economical to just hire teams of people from Pakistan or India to do it manually. The going rate on freelancer sites is about $1 per 1000, but sometimes it's even less.

Re:Busting CAPTCHAs is not a crime. (1)

_Sprocket_ (42527) | more than 3 years ago | (#36467012)

Busting CAPTCHAs is not a crime. Not usually, anyway. Sure, it may violate a website's terms of service, but US courts so far (quite correctly) say that's not a crime, unless you're "stealing" a for-pay service. And maybe not even then. It is not valid to label something a "crime" just because it's inconvenient for some people. The lesson to be learned here is that CAPTCHAs are a lazy (and often lousy) way to prevent "unauthorized" access.

I didn't see anywhere in the article where it labeled solving CAPTCHAs as a crime. And I don't remember ever seeing anyone claiming that a CAPTCHA prevents unauthorized access either. What the article does say is that a CAPTCHA solving service is one of the tools that criminals employ in their trade. And while it might seem futile to use a CAPTCHA, doing so induces a cost to criminals that tends to limit how many criminals continue to operate.

In my experience, CAPTCHAs never completely solve the problem of scammers trying to abuse my environment. But invoking a CAPTCHA and changing it once in awhile does weed out a very high percentage of junk accounts.

Re:Busting CAPTCHAs is not a crime. (1)

Jane Q. Public (1010737) | more than 2 years ago | (#36468354)

The article is titled "Following the Money In Cybercrime". Further, the article states:

"... And just a buck to solve 1,000 captchas. Those are the going rates of cybercrime..."

Which is very clearly an implication that busting CAPTCHAs is a crime. It is not explicitly stated, no, but it's a very strong implication! One could not blame a reader for reading that busting CAPTCHAs is, indeed a crime.

Re:Busting CAPTCHAs is not a crime. (1)

_Sprocket_ (42527) | more than 2 years ago | (#36469012)

The article also talked about scammers sending around 12 million emails per purchase. That doesn't mean the article is now strongly implying that sending an email is criminal. I see your point. But I would suggest that a reader seeing this sort of implication needs to go back and re-read the article again.

Re:Busting CAPTCHAs is not a crime. (1)

Jane Q. Public (1010737) | more than 3 years ago | (#36472108)

I disagree. The two sentence above, just as I quoted them in the order they appeared, very clearly imply that busting CAPTCHAS are illegal. If the author did not mean to directly imply that, then there would have been absolutely no purpose to stating "And just a buck to solve 1,000 captchas." immediately before "Those are the going rates of cybercrime..."

But since the author did put those words in that order, anybody who knows how to read English does, in fact, know that the implication was clearly intended.

Re:Busting CAPTCHAs is not a crime. (0)

Anonymous Coward | more than 3 years ago | (#36467150)

O.o I don't know how you got modded insightful for stating something is not a crime that the article didn't say was a crime.

What it does say is that breaking capchas is a service billed out to criminals that those criminals then use to actually commit crimes.

Just like buying a crowbar is not a crime. But it sure does make it easier to break a lock open if you previously bought one.

Re:Busting CAPTCHAs is not a crime. (0)

Anonymous Coward | more than 3 years ago | (#36467366)

US courts so far (quite correctly) say that's not a crime

Are you sure? What WAS the outcome of the case against the woman who harassed a teenage girl on MySpace to the point of suicide?

I *hope* that you're right, but that case had a lot of emotion running high (as well it should have... I thought that was the stupidest charge they could have possibly laid on her - assuming she's found guilty, the choice of the judge becomes "let someone responsible for the death of an innocent go" or "make internet access without reading the TOS of every single web site you access illegal with prison time")

Re:Busting CAPTCHAs is not a crime. (0)

Anonymous Coward | more than 3 years ago | (#36467482)

... Harassment is a way separate action than captcha breaking. One of those being actionable in a court of law does not make the other also actionable.

Re:Busting CAPTCHAs is not a crime. (1)

Jane Q. Public (1010737) | more than 2 years ago | (#36468398)

"I *hope* that you're right, but that case had a lot of emotion running high (as well it should have... I thought that was the stupidest charge they could have possibly laid on her - assuming she's found guilty, the choice of the judge becomes "let someone responsible for the death of an innocent go" or "make internet access without reading the TOS of every single web site you access illegal with prison time")"

As the law stands now, breaking someone's Terms of Service is not a crime. And the reasoning is sound: if breaking Terms of Service were a crime, then any company could essentially define the law any way they wanted to, by what they put in their TOS.

Judges are FAR too jealous of their prerogatives to allow that. Besides the fact that it would be just plain a stupid idea to let corporations decide what the law should be.

Obligatory (0)

softWare3ngineer (2007302) | more than 3 years ago | (#36466360)

Always think of this comic when i hear the word captcha now.

xkcd [xkcd.com]

Re:Obligatory (0)

Anonymous Coward | more than 3 years ago | (#36467644)

Bots will just rate each others' spam comments as constructive, which will work because on all but the biggest forums there are far more bots than legitimate new users.

Pointer to actual talk (0)

Anonymous Coward | more than 2 years ago | (#36469298)

http://www.usenix.org/events/atc11/stream/savage/index.html

Stainless Steel Rat (1)

DCFusor (1763438) | more than 2 years ago | (#36469384)

Is what you need to become if you want to do crimes of money these days. If our government was serious, this crap would be toast instantly. See how quick they got the DC Sniper after he gave them no more than a Cayman Island bank account number. Think "what would Harry Harrison do?".

This proves that
A: We're not serious about this.
B: It's probably half the government itself in an attempt to create people believing they need even more power.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>