Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The $1 Trillion Cybercrime Myth

Soulskill posted more than 2 years ago | from the 72%-of-statistics-are-made-up dept.

Stats 94

wiredmikey sends this excerpt from SecurityWeek: "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. ... The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, 'The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.' The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled 'Sex, Lies, and Cybercrime,' they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: 'Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.'"

Sorry! There are no comments related to the filter you selected.

billions - millions (-1)

Anonymous Coward | more than 2 years ago | (#40870925)

$50,000 losses * N = 1000 = $10 *millions*

Re:billions - millions (0)

Anonymous Coward | more than 2 years ago | (#40870979)

This is what teaching plug and chug math reduces a population to...

Reread and try again.

DISINFO: "Greatest Transfer of Wealth in History" (-1, Offtopic)

Jeremiah Cornelius (137) | more than 2 years ago | (#40871365)

Never mind the "One Percent".

There are two major factors working against the bottom 99%: First, the underlying engine driving wealth inequality (taxes under a 70% rate for the very rich) remains in effect, so the top 1% continues to take wealth from the bottom 99% through the normal operation of the economy. This effect can be quantified.

Based on its computer simulation, Macroeconomic Advisers predicts the tax cuts for the rich will have a combined 2011-2012 budgetary effect (the difference between the 35% and 40% tax rate) of $124 billion. [3] The actual cost to the bottom 99% is seven times that, the difference in revenues between the 35% rate and the "equilibrium" 70% rate. (Again, that's the rate at which inequality of wealth and incomes was stable.) Thatâ(TM)s another $868 billion the bottom 99% is losing over these two years, following a similar amount in 2009-2010.

Through the provisions of the December 2010 tax compromise, President Obama countered this drain to some extent. Macroeconomic Advisers identified taxpayer stimulus items in the bill totaling $634 billion, and including those raised its model's growth projections from 3.7 % to 4.3% in 2011-12. These stimulus provisions last only through 2012....
as it extends from the normal operation of the dysfunctional economy to the abnormal functioning of government. We would not be surprised if the bottom 99% loses another $1 trillion from multiplier effects by 2012.

Emphasis added.
http://acivilamericandebate.wordpress.com/2011/04/13/growth-in-inequality-of-wealth-after-2007/ [wordpress.com]

Why trust ANYTHING that comes out of the mouth of an officer in the senior Politburo of AmerCIA?

Re:billions - millions (2)

nedlohs (1335013) | more than 2 years ago | (#40871453)

Wow, you aren't very smart are you?

Some jerk will... (1)

Anonymous Coward | more than 2 years ago | (#40870943)

Hah, won't get it with your logged in account now will you!

http://xkcd.com/605/ [xkcd.com]

Pffft! (0, Offtopic)

Anonymous Coward | more than 2 years ago | (#40870961)

The REAL crime is the theft of our pensions for 'too big to fail'. This other crap is some kind of diversion.

Re:Pffft! (-1, Offtopic)

CanHasDIY (1672858) | more than 2 years ago | (#40871031)

No, the real crime is how ordinary folks like you and me get our feet held to the fire and lives ruined for the most minor of slip-ups (say, possession of a god-damn plant), while the elite (banksters, celebrities, politicians, et. al.) get a free pass to do whatever they damn well please, such as knowingly and intentionally fucking up the economy, or stealing our livelihoods.

Re:Pffft! (-1)

Anonymous Coward | more than 2 years ago | (#40871161)

Ordinary folks like me don't possess the plant in question.
You pot-heads really don't get how tiny a minority you are. Now I'm not in favor of oppressing y'all over it, but it's not even a blip on the political radar.
It's a non-issue. You'll never get the attention you want.

Re:Pffft! (0)

haruchai (17472) | more than 2 years ago | (#40871491)

Clinton, Dubya and Obama have all been drug users

Re:Pffft! (0)

Anonymous Coward | more than 2 years ago | (#40873089)

It's hard to characterize pot-heads as a minority, at least in te US, where demand is enough to create a turf war in the rest of america for the 'right' to sell you people some dope and surveys point that around 40-50% of americans over the age of 14 have smoked weed. You mormons are the real minority and it is an issue when the gov. criminalizes a drug used by millenia with no lethal or factually measurable consecuenses.

Re:Pffft! (0)

Anonymous Coward | more than 2 years ago | (#40871181)

Aint it the truth. My friend just bailed me out of a bad spot (car impounded because of parking too close to a driveway 220 miles from home with no money) and not one day later his car gets impounded because the cute little cop doggie says (in fully concise english) that there is pot in the car. Life is good.

Re:Pffft! (-1)

Anonymous Coward | more than 2 years ago | (#40871209)

and shit, these are just first world problems :(

Re:Pffft! (0)

Anonymous Coward | more than 2 years ago | (#40871427)

My previous car, a 78 Camaro got impounded when my mother hit a tree. What was really fucked up about that mess. The relevant laws for the area where it occurred and in my area states they must wait one hour before towing the vehicle and while doing so attempt to contact the owner of the vehicle. My phone number was on paperwork all over the place in that car, as was my email address, several chat handles, and home address. I was at home, next to the phone, on the internet, with most of my chat programs and email programs running the whole time. I did not get any calls, messages, or emails from them. In fact I didn't even know it happened until my uncle showed up and told me my mom was in the hospital. They wanted $200 just to let me tow it out of there, when I questioned that price they stated $80 for towing (from the scene to the lot), the rest for one day of storage in a mostly empty lot. When I told them they were crazy if they thought I would pay $120 for one day of storage in a lot that didn't look any more secure then my front yard, they told me I would have to pay even more if I left it there and that they'd "generously" nock off $40 if I signed it over. Fuck that, I left that shit there, then when I found out they sold it off without removing paperwork that had personal information on it I pressed charges. Somehow they got the case thrown out in exchange for waiving the fees, which neither me nor my lawyer agreed to (we were very surprised to find out).

If we give in (0)

Anonymous Coward | more than 2 years ago | (#40870995)

The number will be accurate, assuming we accede to Dr. Evil's demands. Which we never do.

these things... they happen (2, Funny)

zlives (2009072) | more than 2 years ago | (#40871035)

i once lost 1.21 jiggawatts in a time travel scam...

Re:these things... they happen (0)

Anonymous Coward | more than 2 years ago | (#40871939)

I once lost a wiffleball bat in your mom...

Of course it's made up (4, Insightful)

Baloroth (2370816) | more than 2 years ago | (#40871075)

Obviously, the $1 trillion figure is made up. The real figure is more likely in the tens of millions, maybe a little higher, but probably even less than that. The thing is, and the reason people can get away with citing a number that ridiculous, is because it is so large. People simply have no concept of scale that large. You can't hold a number that large in your head, not insofar as it applies to something real. As a pure number, sure, but not as a number of something. The human brain can comprehend tens, even thousands: but trillions are simply too large for the mind to hold, which means that as a talking point, a couple billion is about the same as a trillion for your average human: it basically just ends up meaning "a really really really lot."

If you approach rebuking the number as "well what should the number really be", you aren't countering the key point behind those figures, which is simply to express a massive quantity. If you respond by saying the number should really be in the millions, people will usually scoff at you ("no way McAfee could have been that wrong") or at best simply take the average of the two numbers, which still yields a massive number in their head. The point of such studies isn't to be scientific: it's to be rhetorical. So ultimately, to the people citing that number, it doesn't matter in the slightest if it is true, or how it was a arrived at. All it matters is they have a really big number to cite that they can say is "scientific" or "proof that we need to take action."

Re:Of course it's made up (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40871429)

I get suspicious when the number reaches a significant fraction of our discretionary spending on national security/military. I think that's about $750,000,000,000 for 2012.

$1 Trillion USD is just beyond absurd. That's the same as stealing about 88% of all income tax collected from every person and company in the entire US for an entire year.

Re:Of course it's made up (3, Insightful)

TuomasK (631731) | more than 2 years ago | (#40871445)

Exactly! Lets think it in seconds: 1 million seconds was 12 days ago. 1 billion seconds ago it was the 1980's. 1 trillion seconds ago neanderthal's walked on earth.

Re:Of course it's made up (1)

Anonymous Coward | more than 2 years ago | (#40872835)

Million Seconds: 11.0000 Days
Billion Seconds: 31.6879 Years
Trillion Seconds: 3168.8088 Centuries

I love how simple this is in C

Re:Of course it's made up (1)

similar_name (1164087) | more than 2 years ago | (#40873319)

The derivatives market [washingtonsblog.com] is $1200 trillion dollars or..

1.2 quadrillion seconds: 38,026 Millenia

BTW Google says 1 trillion seconds is 316.888 Centuries [google.com]

Re:Of course it's made up (0)

Anonymous Coward | more than 2 years ago | (#40875461)

The derivatives market [washingtonsblog.com] is $1200 trillion dollars or..

How in the world did so much "wealth" get "created"?

Debt? Bonds? Futures? The perpetual wealth generator called fractional reserve banking?

Re:Of course it's made up (1)

aaarrrgggh (9205) | more than 2 years ago | (#40871647)

If the losses are really only in the millions, how is there a market for zero-day exploits of ~$50k each? To engage in your average criminal activity, you need at least a 10:1 payout for something low-risk logically. If the packaged exploit is half the cost of executing the scam, your average zero-day should gross $1MM. Isn't it easier to skim $100k from a brokerage account than mine bit coins?

Of course, your average criminal isn't too good at math, but it hardly seems that difficult to cast a big enough net that would be useful. $1T isn't logical, but a couple $B isn't that hard to imagine across 100 effective scams. ...or are the banks really smart enough to catch on before it spirals out of control.

Re:Of course it's made up (4, Interesting)

PopeRatzo (965947) | more than 2 years ago | (#40871793)

Obviously, the $1 trillion figure is made up. The real figure is more likely in the tens of millions, maybe a little higher, but probably even less than that.

Wait a minute now. The derivatives market by itself, is close to $800Trillion. That's "trillion" with a "T" and represents a sum that equals many times more than the GDP of the entire world.

The manipulation of Libor and stealing by simply timing the rate changes could easily have represented $1Trillion in crime.

Add to that the investment banks using their position to do high-frequency trading, in effect "peeking" at their customer transactions to jump in front (yes, that's a crime) and all the rest of the straight up fraud and theft that is being perpetrated by the big banks thanks to their proximity to the Federal Reserve and we've left $1Trillion in cybercrime about five miles back.

You make the mistake of thinking that "cybercrime" can only be Balkan hackers or credit card scammers - small time fraudsters. The real cybercrime is being perpetrated by our financial elite on a scale that makes them absolutely untouchable - out of the reach of any government. Hell, the medicare fraud by the company owned by the governor of Florida, Rick Scott, caused them to pay a fine of a billion dollars, which means the amount they stole using their computer medicare billing system is well over that amount. That's certainly cyber-crime.

Then look at the $27trillion being held illegally off-shore by American citizens to evade taxes (also a crime and also made possible thanks to computers) and the figure of what could be called "cybercrime" adds up to more than the total GDP of the United States and Japan combined. To give you an idea of the impunity with which this illegal (as in crime) activity is engaged, one of the people who almost certainly took advantage of the 2009 amnesty by which these tax cheats could repatriate their money to the US without facing criminal prosecution is now running for president.

Re:Of course it's made up (1)

Stirling Newberry (848268) | more than 2 years ago | (#40873195)

Stock flow error.

Re:Of course it's made up (1)

PopeRatzo (965947) | more than 2 years ago | (#40874761)

If you just take the cases of cybercrime that the biggest banks have already settled with the Justice Department, you get way over $1trillion.

It's silly to think that the $1 trillion figure is "made up". Just look at the deal that's being cut in regard to the massive amount of mortgage fraud. The amounts there are what, 700, 800 million dollars?

Of course, the lawyers tell their clients, when settling for pennies on the dollar, to "admit no wrongdoing" but to pay up anyway because they committed the crimes.

Re:Of course it's made up (1)

PopeRatzo (965947) | more than 2 years ago | (#40874781)

The amounts there are what, 700, 800 million dollars?

I'm sorry, that should be "billion" with a "b".

These numbers get so big that I can barely keep them straight.

I can't even remember what comes after "trillion". Is it "quadrillion"? Well the derivatives market, that shadow market that is tied to absolutely nothing real - not equities, not bonds, stocks, nothing but money in the hands of a tiny number of people, nothing that adds a goddamn thing to society, and we're bumping right up against that quadrillion figure now. Meanwhile, we talk about how greedy those teachers are for wanting the pension they were promised.

Re:Of course it's made up (0)

Anonymous Coward | more than 2 years ago | (#40874785)

It's silly to think that the $1 trillion figure is "made up". Just look at the deal that's being cut in regard to the massive amount of mortgage fraud. The amounts there are what, 700, 800 million dollars?

You do realize there are 3 orders of magnitude between $1 trillion and $700, 800 million right? So do you think cybercrime was over 1000 times greater than mortgage fraud?

Re:Of course it's made up (1)

PopeRatzo (965947) | more than 2 years ago | (#40875427)

You do realize there are 3 orders of magnitude between $1 trillion and $700, 800 million right?

Sorry, as you can see in my correction (right below my post), I meant to say, "$700, 800 billion".

Number so big make me a little dizzy. Please excuse me.

Re:Of course it's made up (3, Funny)

johnnyb (4816) | more than 2 years ago | (#40872201)

The real way to compute cybercrime numbers:

1) number of copies of Norton sold * price
2) number of copies of McAfee sold * price
3) number of copies of Windows sold * price
4) number of copies of MS Office sold * price

Adding up 1-4 will give a good estimate of cybercrime. We should probably add in an additional $10 million to also cover phishing scams.

Re:Of course it's made up (0)

Anonymous Coward | more than 2 years ago | (#40875629)

No, the Trillion figure derived from:

1) number of copies of Norton sold
2) number of copies of McAfee sold

(1+2) * No. of extra Man Hours needed Per system as a result of slower system * Wage per Hour.

I consider a Trillion to be a good estimate of lost productivity over this 2 decades.

Re:Of course it's made up (2)

Hatta (162192) | more than 2 years ago | (#40872405)

If you work with very large and very small numbers on a regular basis, you can indeed hold a number that large in your head. Exponents are not that abstract.

Re:Of course it's made up (0)

Anonymous Coward | more than 2 years ago | (#40873593)

Maybe, but most people can visualize a couple tons of sand much easier than a trillion grains of sand. Most people can't grasp what a trillion inches or a trillion seconds mean just by picturing it. More likely if you do grasp very large numbers you are just more accustomed and quicker at converting a trillion inches into miles or a trillion seconds into centuries.

Of course abstractly one can visualize two cubes; one 1 inch on all sides and another 10 inches on all sides. This gives a nice volume ratio of 1000:1. You can keep sliding those cubes so that one set represents how much more 1 trillion is to a billion and 1 billion to 1 million and 1 million to 1000 and 1000 to 1 but that's not the same as grasping 1 trillion the way we grasp say the number 8.

Re:Of course it's made up (1)

Anonymous Coward | more than 2 years ago | (#40872427)

You are quite wrong. The discrete quantities the human brain can quickly recognize are much smaller than that.

Think of people in a room; you enter a room and you see 3 people. You don't have to think for a second, you know it's 3 people, instantly. The same with 4. Perhaps 5. After 6 people, you might not realize, but, as you count them, you'll probably be counting in groups of 3 or 4. Everything above 6 or 7 you only estimate (e.g.: "there were *about* 15 people in that room"), unless you actually take time to count them.

That doesn't mean numbers like $1 trillion are useless, though, and represent only an arbitrary "massive quantity". Any person who pays attention, when hearing a number like that, will spontaneously make comparisons. The first numbers that came into my head, for instance, were the $700 billion bailout and U.K.'s GDP. $1 trillion is almost half of U.K.'s GDP, so I instantly doubted the number.

Without drawing comparisons the number is quite useless, it's true. That's why I prefer when they use ratios in the headlines.

one in a thousand (4, Interesting)

RichMan (8097) | more than 2 years ago | (#40871079)

Throw that one guy out as a strange "outlier" and the number is zero. That is more believeable.

Lies, damn lies and statistics. Grarbage in garbage out.

If it was only one person out of a full one thousand sample then the sample size is way to small to be statistically significant. Whoever did the statistical analysis should be fired. With that low a report rate you don't know it is 1/1e6 or 1/1e9 and you just got unlucky in the sample.

Re:one in a thousand (4, Insightful)

SJester (1676058) | more than 2 years ago | (#40871131)

Whoever did the statistical analysis should be fired.

Why should they be fired? Their job is public relations, not honesty.

Re:one in a thousand (0)

Anonymous Coward | more than 2 years ago | (#40871465)

Indeed, they should be gelded instead.

Re:one in a thousand (1)

haruchai (17472) | more than 2 years ago | (#40871515)

There's no reason for those 2 things to be exclusionary

Re:one in a thousand (0)

Anonymous Coward | more than 2 years ago | (#40871857)

I have data on three trees that show a definite trend of global temper......oh wait......

Re:one in a thousand (1)

martin-boundary (547041) | more than 2 years ago | (#40876475)

Why should they be fired? Their job is public relations, not honesty.

You're part of the problem. Lies and fraud should not be tolerated, regardless of whether it's someone's "job". It's wrong, and causes damage to society by misleading people and ultimately tricking them into parting with their money.

Re:one in a thousand (1)

PhamNguyen (2695929) | more than 2 years ago | (#40871737)

Half correct. There are really two issues. First, do you believe that a single company could really suffer $50,000 of losses from cybercrime? If no, then certainly remove that data as an outlier. if maybe, go with the "yes" case below but qualify your result with a comment about reporting error. If yes, then you can't just remove the data because then you will underestimate the true cost. However, since we only have one observation of $50,000 losses (and assume all the other losses are much smaller) and the rest are much smaller, then the distribution is non-gaussian and we need to use the bootstrap to get standard errors. This will give a correct (but huge) confidence interval.

Re:one in a thousand (1)

ceoyoyo (59147) | more than 2 years ago | (#40872457)

Clearly nobody actually did a statistical analysis.

In fact, an outlier that large, in two different samples, suggests foul play. Perhaps the number was far too small so they had to slip in a ringer.

1 Trillion is over 6% of GDP (3, Interesting)

udachny (2454394) | more than 2 years ago | (#40871115)

It is not only cyber-crime estimates that are coming from one or two self-reported unverified people. All the economy related numbers are made up, reverse engineered, adjusted to fit the narrative of the political power.

1 Trillion USD losses to cyber-crime? So taking the 15 Trillion GDP figure at face value (which you must not make mistake of doing), it means that over 6% of the GDP is lost due to all this 'cyber-crime'. 6%. The entire USA agriculture sector is 4% of the reported GDP.

Re:1 Trillion is over 6% of GDP (0)

Anonymous Coward | more than 2 years ago | (#40873679)

Or the top 15,000 families.

the same type of math the RIAA and MPAA use... (4, Informative)

logicassasin (318009) | more than 2 years ago | (#40871125)

The RIAA and MPAA both use similar voodoo-comic book math techniques to justify their "losses" to cybercrime (illegal downloads).

Re:the same type of math the RIAA and MPAA use... (3, Informative)

haruchai (17472) | more than 2 years ago | (#40871527)

A speaker at TED demonstrated this was due to rampant ringtone piracy.

Stop the presses (1)

Anonymous Coward | more than 2 years ago | (#40871133)

Security software vendors exaggerate business' losses due to cybercrime! Who would've thought....?

We trust Microsoft now? (0)

Anonymous Coward | more than 2 years ago | (#40871171)

It's in Microsoft's interest to underestimate the losses from cybercrime, just as it's in McAfee's and Symantec's interest to overestimate it.

Re:We trust Microsoft now? (3, Insightful)

wild_quinine (998562) | more than 2 years ago | (#40871249)

When you're calling in Microsoft to help expose the FUD, you are dealing with some military grade bullshit.

Re:We trust Microsoft now? (1)

Anonymous Coward | more than 2 years ago | (#40871355)

Well, in this case, it is basically Microsoft defending itself against the FUD from Norton, because the only reason you should need Norton is if Microsoft Windows sucks. So Microsoft will attempt to minimize the reported cybercrime numbers because it reflects poorly on them.

I'm not saying Microsoft is wrong in their analysis here, in fact I think they are correct, but you cannot say that Microsoft is "helping" anybody but themselves by exposing the FUD. I highly doubt that they would help expose any FUD about Linux, because Microsoft themselves (especially Balmer) have produced plenty of FUD directed mostly at Linux, but also against Mac.

Both sides here have impure motives.

Re:We trust Microsoft now? (4, Funny)

wild_quinine (998562) | more than 2 years ago | (#40871399)

Well, in this case, it is basically Microsoft defending itself against the FUD from Norton, because the only reason you should need Norton is if Microsoft Windows sucks.

Which is ironic, because Norton sucks like a black hole with daddy issues.

Re:We trust Microsoft now? (1)

Bob the Super Hamste (1152367) | more than 2 years ago | (#40871659)

Norton sucks like a black hole with daddy issues

Of all the days to not have mod points.

Symatec source citations (4, Funny)

sl4shd0rk (755837) | more than 2 years ago | (#40871213)

"Up to $1 Trillion in losses[1] and "$388 million in IP losses[2]"

[1] - someguysblog.com
[2] - foxnews.com

While we're mythbusting (0)

Anonymous Coward | more than 2 years ago | (#40871287)

3D printing will not replace manufacturing

3D printing is not Star Trek level technology

Manned space "exploration" is a joke

We will never colonize the stars, the galaxy or even the Moon

OK nerds?? Grow up.

Re:While we're mythbusting (0)

Anonymous Coward | more than 2 years ago | (#40871339)

...and you will still die of old age, QA.

Re:While we're mythbusting (0)

Anonymous Coward | more than 2 years ago | (#40872093)

But we already extended our lifespan with early 20th century technology. But that's going to stop. Instead, imaginary and delusional fever dreams will happen. Right. And, to top it all off, you don't want to live long enough to see who's right. Interesting, almost like a religion.

Re:While we're mythbusting (0)

Anonymous Coward | more than 2 years ago | (#40872199)

Does anyone else remember when the trolls here put effort into their attempts?

Re:While we're mythbusting (1)

Gaygirlie (1657131) | more than 2 years ago | (#40872363)

This is Slashdot: there's no way of telling a troll from the average, gleefully ignorant, self-centered Slashdotter. When in doubt just ignore the whole thing, you likely have better things to do.

You better watch out (1)

jeffmeden (135043) | more than 2 years ago | (#40871345)

Your summary of " $388 million in IP losses for American companies" was actually $388 Billion, and it was in total cybercrime losses in the USA (including time lost due to outages/delays)

"Symantec [placed] cybercrime’s [US] total cost, factoring in time lost, at $388 billion".

You keep making errors like that and ProPublica is going to come after YOU next.

YUO FAIL IT (-1)

Anonymous Coward | more than 2 years ago | (#40871495)

With the number his clash with is EFNet, and you propaganda and ransom for their sure that by the another troubled are tied up in Software lawyers Code.' Don't my efforts were morning. Now I have survey which Company a 2 the deal with you lube. This can lead FASTER THAN THIS 'doing something' morning. Now I have parties, but here for the record, I sales and so on, your own towel in If *BSD is to Need to join the Another special show that *BSD has myself. This isn't house... pathetic. both believed that flaws in the BSD from the sidelines, become like they SERVER CRASHES support GNAA, every day...Like stagnant. As Linux FreeBSD went out Engineering project transfer, Netscape NetBSD user hoobyist dileetante encountered while enjoy the loud can connect to series of internal More stable Niggers everywhere

Department of Conjecture (1)

Penurious Penguin (2687307) | more than 2 years ago | (#40871503)

Gee, why don't we just outsource calculations like these directly to Wall Street, or Phillip Morris, or R.J Reynolds?

That's why we need confidence intervals (2)

PhamNguyen (2695929) | more than 2 years ago | (#40871583)

Something like, $1 trillion with a 90% confidence interval of [$1000, $2 trillion] would have been completely honest :-) (this is the kind of confidence interval you would get using the bootstrap method on the kind of data they describe, i.e. data with one huge outlier).

gn4a (-1)

Anonymous Coward | more than 2 years ago | (#40871643)

The Costs May Be Justified If You Consider........ (1)

guitardood (934630) | more than 2 years ago | (#40871681)

If they are including spyware/virus in their "cybercrime" definition, the numbers make sense.

Consider this:

I've got a customer who had two of their machines taken out by viruses. At a billable rate of $180/hour, it took approximately 10-12 hours to try the cleaning solutions (which of course did not work) and then reformat and reinstall Windows and the five-million updates to updates to updates. So that's just two occurrences in one week costing the client $4,000.00 for actions due in large part to whoever it was that sent the virus to them in the first place (bogus PDF attachment). This was just for this week. Annually they probably have 3-4 incidents like this per month at a company of just over 50 people. You could point the finger at the bonehead who opened the attachment or the non-functioning antivirus software, but the root cause was the sending of the virus in the first place. Doing the math, that's $2000*4*12 or $96,000.00 not including the costs of the antivirus software and other preventative measures which need to be taken.

Just the annual cost for this one company alone could justify extrapolating the seemingly over-inflated costs of cybercrime.

$4000 for two machines??? (1)

logicassasin (318009) | more than 2 years ago | (#40871801)

... sheesh, they could have found a guy on Craigslist that would have immediately jumped to the "gotta reinstall windows" solution for $40 a pop.

"Just the annual cost for this one company alone could justify extrapolating the seemingly over-inflated costs of cybercrime."

No, your overinflated $180/hr billing rate is as much to blame for this one as does milking the client for money. Seriously, as someone that does AV cleanup as part of my security duties for a large global company I gotta call bullshit on your 10-12 hrs. You were looking at 2 hrs tops to try a number of different solutions before throwing in the towel.

Re:$4000 for two machines??? (1)

guitardood (934630) | more than 2 years ago | (#40872037)

First, my hourly rate is cheap when compared with the rest of the industry averaging $250/hour. But never mind that, how exactly do you expect to run virus scans (60-120 minutes), apply supposed fixes (60 minutes), re-run scans to see if fixes worked (60-120), backup user data and email (30-60 minutes), reformat and reinstall windows (60-120 minutes depending on the speed of the machine), download updates (60-120 minutes), install SP3 (60 minutes), download more updates (60-120 minutes), reinstall antivirus software (30-45 minutes), MS Office (30 minutes), office updates (30-90 minutes), reinstall other applications and printer connections (60-120 minutes), restore user data (60-120 minutes). That's 10 items, most of which all take over an hour. You have to also remember that in a typical office, most people are still running XP on P4 or CoreDuo machines with 1g memory and the slowest hard drives money could buy. Granted they could just buy a new machine. Than have me remove the bloatware, reinstall their applications and reconfigure to work in their custom networking environment.

Now that I've given a sane answer, here's the smart ass answer: I understand why you are called the logic assassin, you are completely devoid of any. Moron!

your explanation was enough... (1)

logicassasin (318009) | more than 2 years ago | (#40872177)

... enough to show me just how bad you are at your job. Your industry average of $250/hr is complete bs; a number pulled out of your ass to justify raping this company due to their own ignorance. I understand, it's your cash cow and you will do anything to protect your interests, but right now you look like a used car salesman from the 80's; lying to the customer just to make a buck.

Re:your explanation was enough... (1)

guitardood (934630) | more than 2 years ago | (#40872375)

I've been in this business for 30 years. How long have you been operating your own consulting firm? How many competitors do you have to be price competitive with?

Grow up and join the real world.

The only place you can get consultants for less than $150 per hour are from India and that is for remote support only.

Re:your explanation was enough... (1)

guitardood (934630) | more than 2 years ago | (#40872411)

............or Craigslist.....LOL.

raping a company for 20 years is still rape (2)

logicassasin (318009) | more than 2 years ago | (#40872727)

... no matter what you say, or how you try to justify it, you're still giving it to them with no Vaseline or even so much as a reach around or peck on the cheek. The only reason you're still in business is because you found a sucker of a company and are milking them to make your BMW payments.

One can get an H1B Indian consultant to stand up an SAP BobJ instance on SUSE 10 for around $160/hr right now and he/she will sit in your office to do the job, you can get them for that much to do a wide range of things from writing your in-house applications to supporting and securing your networks. Companies like Robert Half, Modis, or Experis don't even bill remotely that much for a windows guy to come onsite for basic PC tech work (which is precisely what you're doing), I'll say $50-$60/hr where the consultant doing the work MIGHT get $20/hr of that.

Nope, you're pretty much a sheister that makes honest consultants look bad.

Re:raping a company for 20 years is still rape (1)

guitardood (934630) | more than 2 years ago | (#40872765)

Sorry! No more food here Mr. Troll!

Painful truths are still painful (1)

logicassasin (318009) | more than 2 years ago | (#40874067)

Calling me a troll does nothing to change the fact that you're robbing this poor company blind.

Re:raping a company for 20 years is still rape (1)

stephanruby (542433) | more than 2 years ago | (#40874491)

I do agree, that his rate seems to be a bit inflated, especially if he has an ongoing relationship with his client.

But "Robert Half"? What is that? Some kind of Temp agency? Do their Temps come with their own CD/DVDs? USB backup drives? Will they come with their own rescue/toolkit USB sticks? Or will the Temp have to Google his way out of your predicament? And will the Temp have to rely on you for finding your installation CDs/DVDs?

And every time you call this Robert Half agency, will the same exact person show up? After all, you'll be handing out some of your passwords to that person and if you're like most business people, you'll probably be leaving them unattended and unsupervised for at least a few hours.

Despite the markup, wouldn't it be just safer to hire someone you've previously hired in the past? Or hire someone who comes highly recommended from your business friends?

Re:raping a company for 20 years is still rape (0)

Anonymous Coward | more than 2 years ago | (#40875733)

From 2011/Oct Cornell Website:

Microsoft Premiere Standard Support Agreement
Departments can set up their own local support agreements with Microsoft at a discounted subscription rate under New York State's Premiere Support Agreement. Any college or unit with a need for a customized Microsoft support agreement may leverage the NYS agreement and establish an independent Premiere Support Agreement. The current hourly rate for Premiere Support is $195 per hour, and Microsoft will require the purchase of designated blocks of hours.

Premiere support is designed to be used for business-critical, time-sensitive technical issues.

Common examples of block designations are:

120 hours: (estimated $57,000 per year):
120 hours: support assistance with a Technical Account Manager
40 hours: problem resolution
maximum of $2100 per incident for onsite support visits.
40 hours: (estimated $23,000 per year):
40 hours: support assistance with a Technical Account Manager
25 hours: problem resolution
Maximum of $2100 per incident for onsite support visits.

Just sayin......

Re:$4000 for two machines??? (1)

kcitren (72383) | more than 2 years ago | (#40873637)

You've supported this company for years and still haven't made a standard system image? I guess if they don't know any better it's a nice way to milk your customers. Good job, you make us all look great. And what company over 5 people buys machines with bloatware? They going into Bestbuy?

Re:$4000 for two machines??? (1)

guitardood (934630) | more than 2 years ago | (#40873859)

Up until last year, they had their own inside IT person who was from the mainframe world and was a bit out of her element. They have 50 people and 49 different workstations. Not my choice. Not my sale. They have been buying onesy/twosy machines since slooooooowly transitioning from Wyse serial terminals into the PC world.

Most of the people who commented on this portion of the main post should really sit down and watch Glengarry, Glenn Ross: "Never open your mouth when you don't know the shot". Jesus Christ!!!!!!!!!!!!!!!!!!!

Re:The Costs May Be Justified If You Consider..... (0)

Anonymous Coward | more than 2 years ago | (#40871851)

Tell this company I will guarantee virus free computers for 40k a year. Any virus they get I will remove and fix the machine, guaranteed! They save $56k a year and I get a nice part time job.

Re:The Costs May Be Justified If You Consider..... (1)

guitardood (934630) | more than 2 years ago | (#40872205)

I'll put that in my morning memo: "Please Note: An anonymous coward on the internet will be glad to replace my 20 years of working with your company and 30 years of experience with setups exactly as yours with his own home spun bargain basement virus repair. I'll gladly repair them when he is finished".

You should be fired! (1)

trevc (1471197) | more than 2 years ago | (#40872001)

50 people and they have 3-4 incidents a month? Sounds like they need to fire you and hire a real IT person - somebody that knows what they are doing and charges a decent rate.

Re:You should be fired! (1)

guitardood (934630) | more than 2 years ago | (#40872337)

Why should the fire me?

Rather than be a smart aleck, what would you do if: you warned the customer's about the specific viruses they're getting hit with, your warned them of the insufficiency of their current antivirus, you repeatedly told them that we have to upgrade from Outlook Express to a real email program, you warn that they need a much more reliable and secure email server with modern filtering capabilities, and they refuse to acquiesce to any of those recommendations?

Would you take it upon yourself, an outside consultant, to purchase licenses for them, and then go to each workstation and perform the necessary upgrades/changes without management approval on your time and your dime? I highly doubt it.

The one thing I've learned in this business is that people with unlimited funds will do the above without question. The other 90% of businesses operate on shoe-string budgets and will gladly pay the fireman fee if and when a problem arises but don't want the business upset of having to overhaul anything or the "unnecessary" costs.

FOSS could have been the solution (1)

logicassasin (318009) | more than 2 years ago | (#40872793)

A lot of what you have described could be mitigated with open-source software. A good consultant would have made those recommendations.

Re:You should be fired! (0)

Anonymous Coward | more than 2 years ago | (#40872959)

Please stop giving him reason to flail his epeen around, it's very small. Don't you know it's very hard to clean viruses off of PCs? It takes years of expertise to use boxed software, one can't figure it out in 2 minutes like my Grandma did..Un Possible! Besides, he told you it's hard so it has to be true.. you are reading it on the Internet!

Re:The Costs May Be Justified If You Consider..... (0)

Anonymous Coward | more than 2 years ago | (#40872143)

You could point the finger at the bonehead who opened the attachment or the non-functioning antivirus software, but the root cause was the sending of the virus in the first place.

If you remove the person who sent the virus someone else will send a virus and the problem remains. If you remove the retard who opened the attachment the problem is solved.

Re:The Costs May Be Justified If You Consider..... (1)

guitardood (934630) | more than 2 years ago | (#40872401)

Agreed! Unfortunately not my call.

We see the actual money thefts (1)

skidisk (994551) | more than 2 years ago | (#40871751)

I work for a company that analyzes transactions and detects account takeovers and thefts at banks. Banks call us when they suffer a loss or series of losses. When they call us these losses are typically over $300,000 and the largest attack we've seen is for about $1.5M. We do NOT deal with the biggest banks, mostly regional and local banks. In case you didn't know, there are about 15,000 banks and credit unions in the U.S., so there are a lot of targets for criminals. Not all these banks have assets worth stealing, and not all of them are even on line. By our estimate, roughly 6,000-8,000 of these banks are sufficiently interesting and available to be targets of criminals.

So can I give you a real number? No, because we don't deal with the biggest banks and we also don't talk to all 15,000 banks. But I can tell you that having worked with several hundred banks, these so-called cybercriminals are stealing a lot of money. Yes, true, the banks that call us self-select, so I am NOT saying that every bank is losing $1M/year. But we do see hundreds of banks with losses that seem to indicate that the criminals are stealing tens of millions, and possibly hundreds of millions of dollars. FWIW.

P.S. They are also successfully stealing a lot of money from brokerage houses, so that gets added to their haul, also.

Re:We see the actual money thefts (1)

gl4ss (559668) | more than 2 years ago | (#40871913)

you know, even one billion dollars is pretty far from one trillion dollars.
by the way this cybercrime doesn't include apparently wire fraud, which certainly existed before "cyber" as well.

this one trillion dollars isn't mainly even based on real dollars the companies held in their hands, but on IMAGINARY POTENTIAL PROPERTY value. they estimate that their new widget is worth 23 millions and that they lost that due to breach and that would have been included in the study, never mind that there weren't enough cash floating around for them to actually make those profits.

"The companies surveyed estimated they lost a combined $4.6 billion worth of intellectual property last year alone, and spent approximately $600 million repairing damage from data breaches," the release said. "Based on these numbers, McAfee projects that companies worldwide lost more than $1 trillion last year." The release contained a quote from McAfee’s then-president and chief executive David DeWalt, in which he repeated the $1 trillion estimate. The headline of the news release was "Businesses Lose More than $1 Trillion in Intellectual Property Due to Data Theft and Cybercrime."

Pffft 1 Trillion? That's nothing! (2)

DarthVain (724186) | more than 2 years ago | (#40871807)

RIAA have this science down pat. I mean they sued Limewire for 51$ Trillion dollars! (insert pinky)

All these companies come up with BS numbers to push their own agenda. Oh and you can bet every study done by the MPAA and RIAA, were all done by "independent" sources... I mean I recall a number used for piracy being used in Canadian lobby, that was so self refreential it was neigh impossible to figure out where it came from. When they finally did, it was an unsourced, no details presentation, done by RIAA themselves, pass on from them to others, to studies, etc...

Just like the Academy of Tobacco Studies, the Moderation Council, and SAFTY were all unassoicated with their terrible industry overlords...

Re:Pffft 1 Trillion? That's nothing! (1)

lavagolemking (1352431) | more than 2 years ago | (#40872663)

The "Academy of Tobacco Studies" is a made-up industry trade group in the satirical film Thank You for Smoking [imdb.com] . You're probably thinking of the Tobacco Institute [wikipedia.org] .

Re:Pffft 1 Trillion? That's nothing! (0)

Anonymous Coward | more than 2 years ago | (#40876109)

"neigh impossible"
horse shit

mjod d0wn (-1)

Anonymous Coward | more than 2 years ago | (#40872403)

Knows for sure what this 1exploitation,

Ironic (1)

PingXao (153057) | more than 2 years ago | (#40873173)

Microsoft is calling others out on inflated numbers? Talk about the pot calling the kettle black. In 2009 people viewed BSA's $53 Billion Lost to Piracy [ecommercetimes.com] claim with a healthy dose of skepticism. So which companies are in BSA? Oh look! Microsoft, Symantec and McAffee [bsa.org] (among others).

Maybe McAfee, which TFA credits with the Trillion Dollar figure, is just applying what they've learned from their dealings with Microsoft and BSA.

I remember that woman, formerly with World Bank . (1)

sgt_doom (655561) | more than 2 years ago | (#40874493)

. . .a UK citizen, last I heard she was with the state gov't of Colorado, who pulled a hundreds of billions of dollars figure out of her butt while she was at some talk in Saudi Arabia --- pure BS as she was and probably still isn't -- at her age -- any type of computer science industry expert, etc. Frequently repeated, with no validation nor verification whatsoever --- typical of the Amerikan non-media.

FUD From FUD (0)

Anonymous Coward | more than 2 years ago | (#40875821)

McAfee and Symantec Norton are the source of maleware and virus programs!

They must be in order to benefit. Its their Business Model!

LOL

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?