Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

McAfee Regrets "Flawed" Trillion Dollar Cyber Crime Claims

samzenpus posted about a year ago | from the price-of-things dept.

The Almighty Buck 39

Techy77 writes "McAfee's chief technology officer Mike Fey has admitted that he regrets his own company's estimates, which once pinned global losses from cyber crime at more than $1 trillion. From the article: 'A more recent report commissioned by the security company, and released last month, reduced those estimates to as low as $US300 billion globally, but specifically noted the difficulty of determining exactly how much companies, governments and individuals could lose if subject to an attack. “It’s very difficult to put a dollar figure on it,” Mr Fey said. “When you meet an engineer that has spent a good chunk of his life working on some innovation and it’s stolen overnight, you get a good feeling for what [intellectual property] loss means. It is the shift in a moment’s instance from an innovative company set strategically, to loss. It becomes difficult for that company to invest in innovation."'"

cancel ×

39 comments

Sorry! There are no comments related to the filter you selected.

Wow, an article about McAfee Inc (2, Insightful)

Anonymous Coward | about a year ago | (#44608181)

Wow, an article about McAffee Inc and not McAfee the loon. Well done Slashdot!

Re:Wow, an article about McAfee Inc (0)

Anonymous Coward | about a year ago | (#44608257)

But...

John McAfee is my personal hero. ;_;

Re:Wow, an article about McAfee Inc (3, Interesting)

lxs (131946) | about a year ago | (#44608437)

Yeah. I was disappointed as well. Turns out this guy is equally delusional.

Re:Wow, an article about McAfee Inc (1)

gl4ss (559668) | about a year ago | (#44608599)

well mcafee isn't so loon to claim 1 trillion and then downgrade it to mere 300 billion(which in these units I suppose is 3/10th of trillion.

as if that number was based on any reality any more! I mean, as a number it's right up there with the one trillion claim.

Re: Wow, an article about McAfee Inc (2)

jd2112 (1535857) | about a year ago | (#44609143)

He has a Masters degree in mathematics from RIAA University.

Re: Wow, an article about McAfee Inc (2)

Samantha Wright (1324923) | about a year ago | (#44610709)

Given that the RIAA and MPAA invented a bogus organization called the Federation Against Copyright Theft just so they could put "Source: FACT" in the fine print on their propaganda, I'm guessing their university would be called something like Teaching Ruthlessly that Understanding Theft Hurts.

Re: Wow, an article about McAfee Inc (1)

Samantha Wright (1324923) | about a year ago | (#44610967)

...wait, wait, wait, don't stop reading; I've got like a hundred of these. "Trying Responsibly to Understand Technology is Hard," "Tarnished Relics Uselessly Transmitting Hubris," "Transportation Replication = Ugly Truth of Humanity," "Treacherous Republicans Unwisely Thwarted Heaven..."

Re: Wow, an article about McAfee Inc (0)

Anonymous Coward | about a year ago | (#44616023)

Completely Useless Non-Technical Scumbags?

Re: Wow, an article about McAfee Inc (1)

Samantha Wright (1324923) | about a year ago | (#44618911)

That was probably in the run-off for the naming contest, yeah.

Re:Wow, an article about McAfee Inc (0)

Anonymous Coward | about a year ago | (#44609841)

Funny when a virus scan flagged McAfee anti-virus program as a virus. So then wouldn't the McAffee program then have commited cyber crime by being a computer virus costing wasted time to remove it?

STAND BY IT (0)

For a Free Internet (1594621) | about a year ago | (#44608187)

crime is rugs or carpets, and synthetic onboard. PROTECT YOUR COMPOTORE! and it the flew plot of seam?

real answer (2)

slashmydots (2189826) | about a year ago | (#44608223)

Let me paraphrase: "Sorry, we were all sniffing really freaky McAfee-brand bath salts while we came up with that number"

Re:real answer (1)

bluefoxlucid (723572) | about a year ago | (#44608307)

I particularly lied the part about intellectual property theft being so toxic. It's like saying: "When you meet a girl who has spent her whole life living to Christian values, and she in college when she's 23 gives an old school friend she's known for 15 years who has had an STD test in the past month and came up clean a blow job and immediately contracts HIV and her life is ruined overnight, you get a good feeling for what the dangers of STDs mean."

These kinds of theft-to-ruination stories are so extremely rare we write every single one of them into the history books as monumental events. From the capacitor plans a Taiwanese company's strategic hacker stole (incomplete stabilizer, so they produce the caps that explode on motherboards) to Shitman of Bloodlust Software taking his ball and going home after his source code for NESticle was stolen and released, we've marked them all as major historical events.

Re:real answer (1)

ackthpt (218170) | about a year ago | (#44608345)

I regret their idiocy, too.

How about you?

Re:real answer (0)

Anonymous Coward | about a year ago | (#44609107)

"Major"? No.

Re:real answer (1)

MightyMartian (840721) | about a year ago | (#44608811)

"I kill for cybercriminals for fun, but for bath salts and hooch, I gonna carve him up real nice."

Wow ... (1)

gstoddart (321705) | about a year ago | (#44608277)

So, numbers reported about a threat were inflated by an entity who profits off the perception of that threat.

Gee, I'm totally shocked at this. Nobody would ever put out alarmist numbers.

Part of me suspects that someone knew at the time these numbers were crap, but decided they made for a good story and went with them.

Assholes.

Re:Wow ... (1)

khasim (1285) | about a year ago | (#44609269)

I'm sure that they knew the numbers were crap. Just like they're still going with the crap.

From TFA:

âoeWhen you meet an engineer that has spent a good chunk of his life working on some innovation and itâ(TM)s stolen overnight, you get a good feeling for what [intellectual property] loss means.

And does Mr Fey have the name of that engineer so that others can "meet" him/her? And interview him/her?

Or is that ANOTHER fiction created to help move product?

... but specifically noted the difficulty of determining exactly how much companies, governments and individuals could lose if subject to an attack.

And why are "individuals" grouped together with governments and companies?

Any cumulative losses, he said, would likely ignore data breaches that companies failed to disclose to the public, or those who did not know they had been breached, a problem in itself he said.

So any losses calculated MAY not include losses that were not known to have been losses at the time of the calculation.

âoeIf youâ(TM)re a Fortune 10,000 company, youâ(TM)ve been breached.â

And if you're running McAfee software, you may not even know that you've been cracked. Although, to be fair, the same can be said of Norton and any of the other "anti-virus" software.

Re:Wow ... (1)

halcyon1234 (834388) | about a year ago | (#44610307)

And does Mr Fey have the name of that engineer so that others can "meet" him/her? And interview him/her?

Gabe? [slashdot.org]

Yes yes yes that's an outlier, doesn't fit the term "stolen", blah blah blah. Continue on...

Personal Loss??? (4, Insightful)

SeNtM (965176) | about a year ago | (#44608295)

I have yet to meet an independent engineer who has had work stolen by someone who commits the type of cyber crime that McAfee claims to protect from.

I have met individuals who claim to have had their life's work stolen by corporations, who subsequently patent it and then troll on the patent.

Small companies and corporations seem like more likely targets of that claim, and the perpetrators are likely larger companies....imho.

An associated Law (1)

labradorx (658272) | about a year ago | (#44608329)

Since McAfee is an Intel subsidiary claims like this should have a law, the Moore or Less law.

Re:An associated Law (1)

gstoddart (321705) | about a year ago | (#44608461)

Since McAfee is an Intel subsidiary claims like this should have a law, the Moore or Less law.

I'm going to go with plain old common sense -- never trust the numbers about the scope of a problem from an entity which sells you a product to combat the problem. Because, predictably, those numbers are going to be bullshit.

Similarly, TSA and the spying agencies ... also full of shit when the tell you how good of a job they're doing and all they've achieved.

Re:An associated Law (0)

Anonymous Coward | about a year ago | (#44609025)

Whoooooshhhhhhh

Re:An associated Law (0)

Anonymous Coward | about a year ago | (#44609051)

Just because someone doesn't acknowledge a stupid pun doesn't mean they didn't get the (alleged) joke.

Is "IP loss" really a loss? (-1)

Anonymous Coward | about a year ago | (#44608357)

IP loss = where if someone copies something they wouldn't have bought in the first place, it's still a loss.

Easy solution (0)

houghi (78078) | about a year ago | (#44608549)

When you meet an engineer that has spent a good chunk of his life working on some innovation and itâ(TM)s stolen overnight, you get a good feeling for what [intellectual property] loss means.

If you are worried about people stealing your intellectual property, don't have any intellectual property.
There already is a solution for that AND it gives you the advantage of using the code of all those others that were working on innovations.

Dear management: Next time you send us on some forced team building where we learn how a team is better then an individual: come with us and listen.
Now apply this to other things as well, like multiple companies. Suddenly we are a team working on a solution.

Re:Easy solution (2, Insightful)

Anonymous Coward | about a year ago | (#44608721)

If you are worried about people stealing your intellectual property, don't have any intellectual property.
There already is a solution for that AND it gives you the advantage of using the code of all those others that were working on innovations.

Dear management: Next time you send us on some forced team building where we learn how a team is better then an individual: come with us and listen.
Now apply this to other things as well, like multiple companies. Suddenly we are a team working on a solution.

Can I mod this +1 Incomprehensible?

Re:Easy solution (0)

Anonymous Coward | about a year ago | (#44610375)

It's very straightforward, he's a cyber-hippy. The sort of person who thinks that "costs" and "revenue" are what's really getting in the way of progress on the internet. If we could all just get together and have a drum-midi token-ring network together, we could, like, solve everything that's going wrong, man, on the internet.

chex (4, Funny)

Impy the Impiuos Imp (442658) | about a year ago | (#44608867)

admitted that he regrets his own company's estimates, which once pinned global losses from cyber crime at more than $1 trillion

"The real problem was due to the exchange rate," he said. "We actually estimated losses at over 25 Bitcoins."

Cry me a river (0)

Anonymous Coward | about a year ago | (#44609425)

It becomes difficult for that company to invest in innovation.

So a company fears that their precious IP will be stolen so they stop "innovating," boohoo. Nobody cares, there are 5 billion of us and somebody somewhere will continue to invent and create. 100 years from now nobody will say "if only those thieves hadn't discouraged ZYX Inc. from innovating, we'll all have flying cars now."

"Global" losses? (1)

K. S. Kyosuke (729550) | about a year ago | (#44609467)

When you meet an engineer that has spent a good chunk of his life working on some innovation and it’s stolen overnight...

...then someone else wins, reducing the global losses. Also, it's horrible to try to calculate "losses" from this reasoning. So Xerox executives getting outwitted by the Apple folks regarding GUI also counts as "a global loss"?

Re:"Global" losses? (1)

DidgetMaster (2739009) | about a year ago | (#44609857)

So by your reasoning, if someone steals your car, phone, computer, money...it isn't a loss...because it was someone else's gain??? Even by your calculations, there are real global losses when individuals and companies figure out that their property rights are not protected and thus fail to produce something of value in the first place because the chance of it being stolen are so high.

Re:"Global" losses? (1)

gl4ss (559668) | about a year ago | (#44614163)

that's actually only true if people were saving money because they had nothing else to buy.

that is not true. so the global losses can't be that high, since there is not that big amount of money going to savings. of course you could try to argue that due to the cybeeeeerthreats resources aren't being utilized, but that claim seems a bit far fetched as well.

what mcafee actually meant with the 1 trillion and now with the 300 billion number was quite simply the amount of money they estimate should (in their eyes) be paid to them.

NZIGGA (-1)

Anonymous Coward | about a year ago | (#44609799)

Problem stems central1zed that *BSD 0wned. that has grown up

It was a misprint (1)

jennatalia (2684459) | about a year ago | (#44610351)

That's one hundred trillion dollars! (with Dr. Evil pinkie)

The problem isn't the amount, it's the motive. (1)

SomePoorSchmuck (183775) | about a year ago | (#44611115)

but specifically noted the difficulty of determining exactly how much companies, governments and individuals could lose if subject to an attack. “It’s very difficult to put a dollar figure on it,” Mr Fey said.

So... why put a dollar figure on it? If the number is 4 trillion or 90 billion, what would be the difference in strategies that consumers and organizations should pursue in each case? Fey's language is so obviously just more marketdroid conjuration babble -- "Look! look over here at my right hand! Nothing in it at all! ."

The fact is, Mr. Fey, that the danger of security flaws isn't in the direct dollar amount of damage done by any single incursion, nor in the aggregate sum total of attacks to date. The danger of unsecured machines/networks is cost-neutral, because an unsecured machine/network necessarily implies an infinite relative cost to you -- that is, it is the state of being unsecured which is untenable, not the potential monetary loss. If your neighbor one night digs a trench through your yard and buries an extension cord spliced into your house's electrical power, does it really matter to you whether he is only plugging in his mp3 player to charge it once a week, versus running all his refrigerators and washing machines?

You cannot really put any dollar amount on someone else controlling part or all of your machine/network, because Access is not an object, it is a potentiality. A security hole is a hole is a hole. Patch it up regardless. If on September 10, 2001 some insurance actuary named Smith would have calculated the "loss" experienced in an airplane hijacking by determining the depreciated cost of the plane itself, any cargo it carried, the cost of compensatory marketing to restore consumer confidence, the earning potential of the passengers, etc. The next day, a bunch of black hat social engineering crackers capitalized on a long-unpatched security hole - Access to the cockpit - to pull off an exploit which had an eventual cost far exceeding our actuary's previous estimate by several factors of ten. (And that cost will continue to reverberate/multiply for decades to come.)

The focus on dollar value is simply Mr. Fey's way of opening the haggling process over how much his company wants to charge you. He knows that whatever number "industry experts" give will be quoted and repeated by our infotainment media and by other businesses/consultants wanting to stake their own claim in the network security gold rush. Once the notion enters public consciousness, well what's a $25,000/year enterprise license for software and security services to an individual company when faced with the "common sense" understanding that we're talking about great googly moogly-illions of dollars in Crime. So now he's simply been caught overestimating the number, which is expected in ANY good haggle. Now he's here to tell us "Okay, okay, because you're such a good friend, I'm going to roll it down to $300 billion -- special just for you!"

Don't constantly test and patch flaws because of some dollar amount reported by some "expert study" you read about. Constantly test and patch flaws because a good administrator takes care of business. The number is FUD, but your job is the same either way.

Re:The problem isn't the amount, it's the motive. (1)

tepples (727027) | about a year ago | (#44613655)

Don't constantly test and patch flaws because of some dollar amount reported by some "expert study" you read about. Constantly test and patch flaws because a good administrator takes care of business.

There's some disagreement about what is a "flaw". For at least five companies that I can name, it's a "flaw" if the owner of a computing device that the company manufactured can execute a program that he wrote on the device that he owns.

McAfee costs 1 Trillion (1)

EmperorOfCanada (1332175) | about a year ago | (#44611473)

As far as I'm concerned it is the bloated piled of McAfee that costs piles of money in lost productivity not to mention the number of embedded systems where the "Your subscription is running out" crap pops up on some jumbotron.

Trialware installs of McAfee and Norton AV are the number one reason I long ago told people to stop buying PCs with Windows on them. I don't really mind windows but I got sick of every relative begging for my help to remove all the bloatware for AV, music services, game services, etc that came with their "blank" machines. My windows buddies all say that the Microsoft AV tool is great (and free) so Dell, HP, Toshiba, etc aren't providing a service when they "offer" any of this bloatware.

I don't even like "removing" it as I don't feel that the result is a clean install. There are usually scars and grime left behind.

McAffonomics (0)

Anonymous Coward | about a year ago | (#44612693)

From the article:

Global chief technology officer Mike Fey told The Australian Financial Review that he regretted his own company’s estimates, which once pinned global losses from cybercrime at more than $US1 trillion, and that even recent, more conservative estimates were “hard for me to swallow”.

“I wish we had never put a dollar figure on it,” Mr Fey said. “[It is] very scary to just latch onto the number.

“People take that half-a-trillion number, and say ‘that’s what it’s worth’. What they forget is organisations are spending a very large amount of money to defer attacks today – so there’s an additive number that has to go on top of that. "

So half the 1 Trillion figure is their own estimate of dollar income to themselves and their ilk...

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>