×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

282 comments

dotCrime Bubbles (5, Interesting)

fembots (753724) | more than 8 years ago | (#14133399)

Yeah sure, they'd better party like it is twenty-zero-five, sooner or later they'll run out of idiots like dotcoms ran out of VCs.

Cybercrime requires constant training, otherwise your hacking skills can be out of date in just a few months. On the contrary, a crowbar-trained criminal can still make a living in today's high-tech security world.

I foresee in 5-10 years' time, traditional crimes will go mainstream again as many cyber-criminals will be out of jobs^H^H^H^Hcrimes by then.

Re:dotCrime Bubbles (4, Insightful)

FooAtWFU (699187) | more than 8 years ago | (#14133492)

In 2010, you will probably still be able to send the same sorts of pretty messages pretending to from be J Random AOLer's bank or John Q Public's eBay account, which link you to a site that looks almost excactly the same, and which scrape their email and passwords. The exact same message? Probably not. But take a look at the dozens of Nigerian-419 scams which are still basically unchanged since their inception...

Petty crime has plenty of 'local' variables like where the police hang out, which places have alarms and electronics, et cetera, but most have similar principles; electronic crimes have different rootkits and different websites to fake and emails to send and addresses to harvest and spam filters to bypass, but again, most have similar principles. Unless you're manufacturing the (crowbar|rootkit/botnet) things won't change much.

Re:dotCrime Bubbles (0, Flamebait)

FudRucker (866063) | more than 8 years ago | (#14133704)

some of that cyber crime and fraud is none other than the web portols millions of users visit everyday, including but not limited to Yahoo.com

Curbing malware and cyberthreats (3, Insightful)

Sheetrock (152993) | more than 8 years ago | (#14133410)

I've been around the Internet for a long time -- since the early 90s in fact -- and am thus quite aware of the ruinous activities it has been subjected to by the typical user since then. You know, things like people popping into a random USENET group and treating it like a tech support line, or in the larger picture basically assuming the entire network is there to serve as some form of entertainment.

When I started, the USENET application would inform me that my message would be spread across tens of thousands of computers at immeasurable cost as a subtle hint to keep things interesting, and Internet Chat required some basic knowledge of Makefiles and attention to documentation before you could run a client. Frankly, things became unmanageable at the point the Internet was made accessible to anybody with a web browser; anybody who's been around this long knows what I'm talking about.

It's a short hop to realizing that the problems we're experiencing with virii and worms are the same problem. Intimate knowledge of x86 assembly used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires fifteen minutes and an Effective VBScript In Fifteen Minutes manual. Every document is now a program, and e-mail doubles as FTP.

Many experts believe we should raise the barrier of entry by requiring programmers to undergo education, certification, and maybe even an oath to do no harm as part of the certification process if going into a security field. It used to take years to do what kids today can do in months; additionally, a would-be programmer who spends a few months picking up Visual Basic or whatever has hardly learned the fundamentals of programming any more than someone who reads a manual about his DVD player has become a laser engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers (by means of pricing and with the cooperation of the open source community) and by separating macros or other executable content from documents.

It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate" passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to computers?

Re:Curbing malware and cyberthreats (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14133489)

You know, your sig isn't really accurate. 'Effect' can be used correctly as a verb. For example, I can hope to effect a change in something.

Re:Curbing malware and cyberthreats (1)

Seumas (6865) | more than 8 years ago | (#14133543)

I'm sure you're trolling, but you AFFECT a change in something. The result of what you do would be the EFFECT.

Re:Curbing malware and cyberthreats (0, Offtopic)

Hayzeus (596826) | more than 8 years ago | (#14133610)

Um, no. Check a dictionary:

From mw online:

Function: transitive verb
1 : to cause to come into being
2 a : to bring about often by surmounting obstacles

Re:Curbing malware and cyberthreats (1)

6OOOOO (600000) | more than 8 years ago | (#14133636)

But you can "effect change," where effect is a verb meaning to expedite or to actualize. So, don't know what you're getting at, but it looks like you misunderstood, as the parent was quite right.

Re:Curbing malware and cyberthreats (0, Offtopic)

jeblucas (560748) | more than 8 years ago | (#14133695)

Actually, you're wrong. I started a thread about this in a Pet Peeves poll a few months ago. Check it out. [slashdot.org] Affect and effect can be used as nouns or adjectives. Admittedly, most folks here still screw them up.

Re:Curbing malware and cyberthreats (5, Funny)

maelstrom (638) | more than 8 years ago | (#14133541)

I agree completely. I've noticed a similar problem on Slashdot which your solution seems to solve nicely. I recommend we limit posting access to all users who have a greater than 3 digit ID. Maybe raising the barrier of entry will prevent me from having to read half cocked ideas like limiting access to compilers.

Re:Curbing malware and cyberthreats (2, Insightful)

unitron (5733) | more than 8 years ago | (#14133722)

"I recommend we limit posting access to all users who have a greater than 3 digit ID."

So in order to have posting access you'd have to abandon your #638 account and get another one?

I wonder if Cmdr Taco has already reserved # 1,000,000 for himself to avoid being trapped in the 1-999 ghetto.

Re:Curbing malware and cyberthreats (0)

Anonymous Coward | more than 8 years ago | (#14133566)

This is the dumbest post on /. I've seen in at least 10 minutes. Even rn didn't necessarily warn you prior to posting that your post was about to go out to "thousands of users" -- this behavior was often turned off. No knowlege of makefiles was required to do IRC unless you needed to build the client from source.

Licensing works for electricians (sort of) because there are customers involved who might file a complaint. This is not the case for a virus-writer -- there's no customer. This is leaving aside the impossibility of actually restricting compiler availability.

Finally, "effect" can be used as a verb (to effect a change). "Affect" can be used as a noun "the patient's affect was flat".

Sheesh.

Re:Curbing malware and cyberthreats (3, Insightful)

Eli Gottlieb (917758) | more than 8 years ago | (#14133578)

Things are so difficult when it comes to computers because people are so insistent on having their own computers for their own data but don't want to learn how keep those computers secure. They are voluntary fools.

However, I do agree that we have no reason to put executable code in documents.

Re:Curbing malware and cyberthreats (2, Funny)

the-build-chicken (644253) | more than 8 years ago | (#14133593)

you're 100% correct...history has shown that limiting the number of thinkers that have access to a problem is a sure fire way to obtain the best solution

Re:Curbing malware and cyberthreats (1)

servognome (738846) | more than 8 years ago | (#14133632)

Many experts believe we should raise the barrier of entry by requiring programmers to undergo education, certification, and maybe even an oath to do no harm as part of the certification process if going into a security field.

That doesn't work for doctors and lawyers, why would it work for programmers?
 
  I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers (by means of pricing and with the cooperation of the open source community) and by separating macros or other executable content from documents
 
Doing so via pricing is called collusion, and I doubt any intellectual community would ever want to have the tools of its trade limited by legislation. Do we outlaw word processors which can be used to write HTML for Neo-nazi websites?

Don't be such an ass. (4, Insightful)

jabbo (860) | more than 8 years ago | (#14133669)

> I suggest that the field and the general user experience would be greatly enhanced by
> limiting access to compilers/assemblers (by means of pricing and with the cooperation of
> the open source community) and by separating macros or other executable content from
> documents.

[eg. the premise: artificially raise the cost of compilers and nastybad people will stop writing viruses, etc. just like gangsters in New York improvised zip guns when guns cost too much... oh, wait, that's a bad analogy... bad people just make do.]

You should also consider separating "clueless" from "malicious" in your thought process. HTH.

> Think about it; in what other field do we "educate" "users"?

Other than prenatal care, disaster response, home safety, poison control, vehicular operation, wildfire control, diabetes management, power tools, gun storage, and how to program your VCR? Can't think of any offhand...

> We don't try to educate people
> with electrical outlets and let any curious individual perform as a licensed electrician.

But we'll sell wire cutters and conduit to any moron at Home Depot, along with a Hole Hawg and a 3 foot masonry bit. Surprisingly, a license is not required to burn down your house as a DIY repairman, nor is it required to pack a thousand pounds of fertilizer, some gasoline, and some nails into the back of a van, detonate it, and cause much worse harm.

Cars are deadly weapons, as are guns; both require a license to operate, but in neither case does that eliminate fatalities caused thereby. (In fact, on the evening news last night, I noticed that a Class C licensed bus driver rolled over an embankment, killing 2 people and one fetus, injuring the other 39 people on the bus. More than likely, a smaller percentage of licensed commercial drivers do this than, say, unregulated Pakistani mountain bus jockeys, but I have no useful measure of the protective effect conferred by this certifying process.)

Bad people will still be bad people, and "the cooperation of the opensource community" is not something I think you can depend on for this venture. (cf. PGP and SSL export restrictions)

Stack protection, virtualization, perhaps legal penalties for willfully distributing software known to pose a risk to the users without their awareness or education (cf. the Theramed); maybe an overhaul of the communications system, and use of (NON-unicode) certificates required for financial communications. I don't know for certain, but I do believe that your rant about compilers holds little relevance to phishing at this point in time.

Full disclosure: I learned to program on an HP-80 and a Timex-Sinclair ZX-81. I was using Usenet before AOL 'broke' it. And I still think you're chasing the wrong idea.

Re:Curbing malware and cyberthreats (1)

Kjella (173770) | more than 8 years ago | (#14133698)

So.... your argument is that the VB novice is the cause of all the security problems around. Why I'm certainly glad we're not blaming the highly skilled and experienced developers at large multinational corporations with 40 billion or so in the bank. You seem to miss the fact that a lot of the time, the application only does what a typical application does, but in a malicious way. Malicious coders will create programs to do this, and gullible users will run it. The other half is that computers have pretty much been in hell ever since you could get machines to work for you over the internet. It didn't matter how über-infected a PC you loaded by floppies and maybe dialed a BBS was, because it couldn't do anything useful for the creator. As long as people download random apps from the Internet, it'll continue to be this way. That is in fact one reason I think Linux can prevail - each distro typically has a massive library of software which are typically safe. If users can accept that as a "self-contained sandbox" they should be quite fine. It's certainly the only place I'd teach my parents how to install programs (or the support nightmare begins).

Kjella

Re:Curbing malware and cyberthreats (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14133712)

This is a disturbing post. Not only is it completely infeasible to restrict programming knowledge (they can't even control music), the suggestion is revolting. I can't even begin to quantize how pompous this is. The general public, less educated as they may be, are not yours to restrict so that you can have a cleaner usenet experience.

Re:Curbing malware and cyberthreats (4, Funny)

reynaert (264437) | more than 8 years ago | (#14133782)

I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers

Hah! I shall SAVE THE WORLD with my carefully hidden away TURBO PASCAL 5.0 floppy!

Oil (5, Interesting)

Seumas (6865) | more than 8 years ago | (#14133416)

Yet, I bet both of them combined aren't as lucrative when it comes to funding terrorism as hitting your local gas station for a fill-up.

Re:Oil (1)

ozmanjusri (601766) | more than 8 years ago | (#14133604)

Yet, I bet both of them combined aren't as lucrative when it comes to funding terrorism as hitting your local gas station for a fill-up.

I dunno, Microsoft seem do be doing all right with their version of the same thing.

Re:Oil (4, Insightful)

nycguy (892403) | more than 8 years ago | (#14133719)

While I have no love for the regimes of oil-producing countries in the Middle East and South America, the notion that importing less oil will seriously affect the funding of global terrorism is nonsense. According to the 9/11 commission, the attacks on the US were funded with only about $500,000 (link [cnn.com]). I would venture that the global "budget" for terrorism is only in the low tens of millions of dollars, which is a drop in the barrel compared to the many billions of dollars oil exporters are making. A better argument for importing less oil is that we should not support the prosperity of regimes that have turned a blind eye on terrorism and that deprive their populations of democratic institutions (even if free democracy might result in theocratic leadership in the short term). However, I think that just working to ensure that the income generated by oil is more evenly distributed among the populations of exporters would go much further toward eliminating terrorism than trying to indirectly strangle the funding of groups that can already do quite a bit of damage on a shoe-string budget.

No new law needed (5, Interesting)

dada21 (163177) | more than 8 years ago | (#14133421)

Cybercrime pisses off U.S. black market businesses because it outsources a huge income potential to other countries.

All kidding aside, I don't personally believe in cybercrime. Some cybercrime victims are merely stupid users, and no law can fix them. Other cybercrimes that do disturb one's property should be covered by laws already in place.

My fear is that defending the cybercrime idea will only help make more wealthy lawyers and give politicians more abusive power.

Re:No new law needed (0)

Anonymous Coward | more than 8 years ago | (#14133557)

What does your "believing" in it have anything to do with whether it exists?

Re:No new law needed (3, Insightful)

dada21 (163177) | more than 8 years ago | (#14133622)

What does your "believing" in it have anything to do with whether it exists?

Belief means placing trust or confidence in something. I don't believe (trust) that cybercrime exists beyond the basic property crimes we already have laws against.

Drugs (1)

Nadsat (652200) | more than 8 years ago | (#14133431)

Drugs and prostitution should not be cyber crime. Neither should crimes relating to information freedom... so all that leaves are the phishers?

MOD THE TROLL DOWN!!! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14133434)

MOD THE TROLL DOWN!!!

So, when I (2, Interesting)

GmAz (916505) | more than 8 years ago | (#14133436)

SO when I make an MP3 to put on my PDA to listen to at work, is that considered a cyber crime? And technically, what makes a drug a drug? What about perscription, cigarettes, alcohol? Those are all mind altering and bad for you. I also bet its all the druggies out there that are commiting cybercrimes so they can get more money for drugs.

Feeding my paranoia (1)

olddotter (638430) | more than 8 years ago | (#14133437)

Great! I'm already worried about identity theft. This will just feed my paranoia.

Re:Feeding my paranoia (1)

Hal_Porter (817932) | more than 8 years ago | (#14133833)

Worried about identity theft?

Identity theft is a growing problem on the internets. Bud Scoliosis of Hound's Breath Missouri lost his life savings to a cheap huckster in Shanghai. Abe Scrotum of Alabama was amazed when his pickup truck was reposessed without warning one sunny Sunday morning. He had missed the payments, because all his bank accounts had been emptied by evil internet criminals.

But a solution is at hand. Send us your Social Security number, name, passport, bank account details and any passwords, credit cards etc and we'll keep them safe for you. You can even destroy any records you have, for added safety.

But hurry! If you reply within 24 hours you get Identity Protection PLATINUM Cover FREE for 12 MONTHS!!!! After that, it will go back to the regular price of $199 per month!

Save over THREE THOUSAND DOLLARS, and get a FREE GUN RACK or CARRIAGE CLOCK, only if you apply now. Operators are standing by. Call 01186-PEACE-OF-MIND.

I'm in the top 4% !!! (0)

Anonymous Coward | more than 8 years ago | (#14133457)

... I knew my mom wasn't lying when she told me I'm special!

Re:I'm in the top 4% !!! (3, Funny)

eurleif (613257) | more than 8 years ago | (#14133507)

Actually, that message wasn't really from your mom, it was a phishing attempt.

10% (2, Interesting)

GigsVT (208848) | more than 8 years ago | (#14133463)

I once read that 10% of all trade worldwide is underground, dollar for dollar (or peso for peso or whatever). That's trillions of dollars.

I wonder if aggregate underground economy percentages have increased, or if more traditional underground trade has just moved online.

Re:10% (1)

drinkypoo (153816) | more than 8 years ago | (#14133597)

I once read that for every above-board economy, there is a black market of equal size. I wonder which statement is more accurate...

Dealers tell the media how much they make? (4, Insightful)

RealisticCanadian (850967) | more than 8 years ago | (#14133470)

I've yet to understand the supposed principle that the Powers That Be or the Media could possibly figure out any kind of accurate figures on illegal activites.

Dunno 'bout the rest of you guys here, but I never told the police or the press how much profit I made back when I was a small time dealer (can't touch me, young offenders act! :p)

If I didn't, you can be damn sure that big-time or organized criminals do not share these figures either.

Neither do the users. (How many crack-heads report the amount they spend on their habit?)

So what the hell is the premise on which these "statistics" have ever been based on?

I can think of a few ways to fudge up some statistics about people screwed outta their money on the net, but I can't see a way to truly gauge that either. Again, if I fell for the "send me a grand and I'll send you a million" I sure as hell wouldn't tell anyone I was that stupid.

Hence, I dub the entire original article as BS, just like the 'War on Drugs' and even the 'War on Spam' /end rant :p

Re:Dealers tell the media how much they make? (0)

Anonymous Coward | more than 8 years ago | (#14133570)

Looks like the young offenders act was repealed [justice.gc.ca] in 2002

kung grade soon (1)

thelost (808451) | more than 8 years ago | (#14133477)

hah you wait till there is kung grade ice on the black market, then you'll see the dawn of a new cyber crim the likes of which you've never seen before

does that mean... (0)

Anonymous Coward | more than 8 years ago | (#14133483)

...I'll have to order my dope online now?

Legalize hacking! (1, Funny)

Anonymous Coward | more than 8 years ago | (#14133490)

So far, the only accomplishment of the War on Drugs has been to increase drug crime through by creating an artifical scarcity and high demand for product on the street.

This is equally true for cybercrime. If hacking were legalized, the seedy underworld associated with illegal hacking would wither away and vanish.

Re:Legalize hacking! (2, Insightful)

fafalone (633739) | more than 8 years ago | (#14133589)

Huge difference there. Hacking directly infringes on anothers persons rights; the drug war attempts to legislate control over what people do with their own bodies. If drugs were legalized, doing things like slipping a girl roofies would still be illegal. Drugs hurt others only to the extent that other freedoms, such as speech, can.

min wage (4, Informative)

Jeffrey Baker (6191) | more than 8 years ago | (#14133493)

According to the book Freakonomics, drug dealers make less than the minimum wage, on average. It would not be hard to beat that level of productivity in any undertaking, criminal or not.

As for the phishing problem, I really don't understand why people fall for those. Your bank, or eBay, or Paypal, will never, ever, ever, ever, ever send you an email asking you to disclose any account information. If those people want to contact you for an important reason, they will either call or send you actual mail. This seems like a simple rule to remember, doesn't it?

Re:min wage (1)

thelost (808451) | more than 8 years ago | (#14133556)

of course the one thing that is simple as that rule you stated is the other rule that people who aren't habitual computer or internet users treat them as if they are the devils magic, and do not approach them in any rational way. Look for instance at the number of chain emails that are constantly sent by people; Do you yourself recieve them from your friends? I do. As long as there are people out there who are not very tech-rational or tech savvy as say for instance people who read /. then there will always be targets for phishing. I dare say that some of the /. readership itself might have even been conned.

Re:min wage (1)

duffbeer703 (177751) | more than 8 years ago | (#14133639)

"Your bank, or eBay, or Paypal, will never, ever, ever, ever, ever send you an email asking you to disclose any account information."

They say that, but they ask me to sign into my account to see the latest balance transfer offer or to sign up for "account guard" all of the time.

Re:min wage (1)

Breakfast Pants (323698) | more than 8 years ago | (#14133663)

How about when "Amazon" sends you a $25 coupon--just click here! It takes a bit more to realize you are on www.amazon.com.bleh.meh/coupon instead of amazon.com when you enter your login information. And Amazon does send those kinds of emails.

Re:min wage (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14133699)

Ummm, the only year I kept records, I made over $250,000.00. That is more than any of my high school senior classmates made. It was actually more than half of them made combined. I only make about half that now...... but it is all legit.

Re:min wage (1)

fougasse (79656) | more than 8 years ago | (#14133753)

I think the conclusion wasn't that drug dealers make an average of $5/hour but that the typical drug dealer makes that amount. Median salary rather than mean. Obviously there are several fabulously wealthy drug dealers; it's just that there are scores of footsoldiers who make very little.

So overtaking drug earnings is still big news.

Re:min wage (1)

Kjella (173770) | more than 8 years ago | (#14133800)

According to the book Freakonomics, drug dealers make less than the minimum wage, on average. It would not be hard to beat that level of productivity in any undertaking, criminal or not.

But is the average drug dealer a full time dealer or on top of other income? And by other income I also mean social security and other things you won't get along with a regular job. Is it their way of being able to afford their own habit, instead of being a hobo because they're stoned and couldn't keep a real job? Or are they just selling a little, chilling the rest? You have to put it into some context, because I find it hard to believe that dealers make less per hour than flipping burgers at McDonalds.

The only valid phishing emails... (1, Funny)

Anonymous Coward | more than 8 years ago | (#14133497)

...come with the verified certificate of the Nigerian Verification Association. Accept no other phishing emails.

Aw c'mon... (1)

the_skywise (189793) | more than 8 years ago | (#14133504)

Read the fine print...

"No country is immune from cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy, said Valerie McNiven, who advises the U.S. Treasury on cybercrime."

So "child porn" and "piracy" makes more money than the drug trade? I don't think so...

Huh? (0)

Anonymous Coward | more than 8 years ago | (#14133585)

I don't understand your comment. Child porn and piracy were listed as just two examples of "cybercrime" as per their definition, not the only two.

Re:Aw c'mon... (1)

McNally (105243) | more than 8 years ago | (#14133605)

"No country is immune from cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy, said Valerie McNiven, who advises the U.S. Treasury on cybercrime."

So "child porn" and "piracy" makes more money than the drug trade? I don't think so...
Sure they do. Let's use the numbers favored by the RIAA and MPAA, the foremost industry advocacy groups dealing with this scourge of "cybercrime."

50,000,000 American teenagers * $1,000,000 in economic damage per pirated MP3 file made available through P2P filesharing = $50,000,000,000,000, or approximately $10,000,000,000,000 more than estimated 2004 world GDP. Clearly it's a serious problem!

Seriously, though, get used to the idea that sensationalist studies like this often use inflated and unverifiable claims and add them up into highly dubious totals..

Re:Aw c'mon... (1)

fafalone (633739) | more than 8 years ago | (#14133626)

If you look at what the Industry thinks its losses from piracy are, its plausible. Of course, it does bring up the problem that the drug trade fuels cost estimates for piracy, since they've gotta have alot of analysts smoking crack to come up with the piracy losses they claim.

That's my point... (1)

the_skywise (189793) | more than 8 years ago | (#14133657)

It's ONE thing to say that piracy causes the RIAA/MPAA to have "lost revenues". That's at least an arguable point.

It's ANOTHER to say that piracy has more INCOME than the drug trade.

Now, pirated items "sold" over the internet like actual goods, yeah, that's revenue. But I highly doubt that number has overtaken the drug revenue number. But you KNOW they're including all the free traders on the p2p services in those numbers just so they can scare people into tighter legislation.

You don't get it (1)

Kohath (38547) | more than 8 years ago | (#14133662)

This includes piracy. The movie, record, and software industries routinely claim extremely, ridiculously high losses from piracy to cover up the fact that they make crap that no one wants.

In other words, this article is almost certainly BS, which you could have just assumed when you saw Reuters.

4% is bogus (3, Informative)

jhliptak (619614) | more than 8 years ago | (#14133518)

I took the e-mail test and I "failed" it, identifying two "legitimate" e-mails as bogus. In both of those cases, the explanation said it would better not to follow the links in those two e-mails.

Re:4% is bogus (0)

Anonymous Coward | more than 8 years ago | (#14133559)

same here. Plus, it's a bit tricky to figure out where the links go when you only have a screenshot (albeit one with one URL at the bottom of the window) to go on...

Re:4% is bogus (1)

Tribbles (218927) | more than 8 years ago | (#14133611)

I did that - the two that I said were bogus were because the domain names weren't the same as the originating organisation's domain name (which was a sensible move).

Re:4% is bogus (2, Insightful)

mysqlrocks (783488) | more than 8 years ago | (#14133613)

I took the test and got all but one correct. I identified one legitimate e-mail as a phishing attempt. When given the choice I guess it's better to err on the side of caution. Anyways, it's not very realistic. The one I got wrong had the last four digits of an account number in it. If I'd gotten the e-mail I'd open up my wallet and see if my account number matched.

Re:4% is bogus (2, Insightful)

remahl (698283) | more than 8 years ago | (#14133692)

So what if the phisher had intercepted a previous mail from your bank, containing the bank account number suffix?

If they gain control of a large mail server or active router, they could easily and reliably associate thousands of account digits with the correct email addresses, and use that information to gain credibility. Email that's this important should be sent encrypted for the receiver and the signature verified against a certificate exchanged when the account or service was established.

Re:4% is bogus (1)

remahl (698283) | more than 8 years ago | (#14133616)

Me too, (I'm guessing we fell for the same examples).

Showing that the financial institutions are doing their part in confusing people. There were definite evidence of phishing in those messages (bank name being a sub domain of an obscure domain and a variation of the primary name). Why does Bank of America point its customers to bankofamerica1.com if they're aware of phishing issues?

Even with edge-cases like this removed, I doubt the results would be much more encouraging. But 4 % success rate is worse than chance, so there must be something phishy going on.

Re:4% is bogus (1)

remahl (698283) | more than 8 years ago | (#14133638)

Ok ok, so it isn't worse than chance no matter how you calculate it, but it _was_ a good pun. ;-) My bad.

Re:4% is bogus (2, Insightful)

KenAndCorey (581410) | more than 8 years ago | (#14133796)

I think most of us failed the same two: #3 and #9 I believe. One of the legit emails had a link to a different domain AND went to a non-standard port (8082). I'm sorry, but just because something is technically legitimate doesn't mean I should have trusted it. I don't open ANYTHING that tries to open a non-standard port. Also, I find it really easy to spot phishing since I don't have an account at Capital1 or EBay or Bank of America.

But a Problematic Comparison (1)

screwballicus (313964) | more than 8 years ago | (#14133529)

It's somewhat unsurprising that a variety of con artistry should overtake a variety of contraband trafficking and sale in profits without too much trouble, when it comes down to it. After all, a good deal of cybercrime doesn't actually provide a service or a product, in order to acquire its profits, while markets in contraband goods, being markets after all, need to contend against competitive pricing and provide a product subject to some degree of genuine scarcity (varying greatly, depending on the product).

Is this real? (1)

Debiant (254216) | more than 8 years ago | (#14133542)

I mean 105 billion US dollars from cybercrime?

If we take away spam and lot of phisphing attemps, what does it leave. 100 billion maybe?
Where does the rest come from?

Are these numbers calculated by the idea that any crime that has something to do with computer and network is a cybercrime? So if I happen to be a columbian drug lord using excel, I guess my heinous activies are cybercrime too?

If so small wonder cybercrime is taking over drug related crime.....
 

Drugs (1)

JanneM (7445) | more than 8 years ago | (#14133550)

AFAIK, unless you're higher up the chain, like heading a wholesale distributor or "importer" or similar, drugs are supposedly not all that profitable. I read (but don't have the link to) an analysis that showed a street dealer or small-scale distributor didn't actually make any more money per hour worked than usual low-level white-collar jobs. And there is no risk premium for the very real chance of getting killed, or maimed, or for going to prison for a number of years (which really puts a dent in your earnings).

Re:Drugs (1)

VAXman (96870) | more than 8 years ago | (#14133617)

The drug industry has always baffled me. I'm not sure what the $105 billion is - retail level revenue or something further up, but by comparison IBM's revenues last year were $96 billion. So I find it pretty amazing that the drug industry causes so much trouble (i.e. murders, corruption, tons of people doing jail time, pay-offs, threats, etc. ...) when one company makes as much the whole thing.

Re:Drugs (1)

Lehk228 (705449) | more than 8 years ago | (#14133818)

the value estimates are totally off that is how.

around here a few years ago there was a big pot bust, something along the lines of 50- 100 plants worth *millions*

they derived the value by weighing the entire plant, including root ball and soil in the root ball. then multiply that by the cost of an ounce of smokable buds and voila drug estimates RIAA style

Inflated numbers (3, Interesting)

thinmac (98095) | more than 8 years ago | (#14133561)

These numbers are almost certainly very sketchy. They list piracy and stock manipulation as part of the total funds brought in by cybercrime. If they just mean people selling pirated software that's one thing, but if they mean people downloading MP3's, then that's different; nobody makes a dime when someone downloads the newest pop hit off the internet, as much as the record companies would like you to think someone just pocketed $15 of their money.

With the stock manipulation, this is also a pretty nebulous number. Did they include only verified cases of people doing this? What did they consider manipulation? The article is very thin.

Definition of 'cybercrime' (4, Interesting)

sielwolf (246764) | more than 8 years ago | (#14133563)

cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy

That's a pretty open-ended definition. So is old-school white collar insider trading or shenanigans now Cyber-Crime just because they do it from a workstation? It'd be interesting to see just what is a cyber-crime now and how it breaks down into that total 150 billion dollars they just throw out there. Of course such data might pop the balloon of FUD as delicious as this.

fishing survey is bullshit (4, Funny)

Geekboy(Wizard) (87906) | more than 8 years ago | (#14133567)

if you mark all of them as fraud, you 'fail' the test.

I consider all email from commercial entities as fraudulent.

Re:fishing survey is bullshit (2, Insightful)

Quiet_Desperation (858215) | more than 8 years ago | (#14133606)

I have to agree here. Accidently considering a genuine commercial email as fraud is not an "error" under any realistic sensibility. You know they did the test that way intentionally just to get an artificially low number.

That 'IQ' test is largely pointless (1)

aurelian (551052) | more than 8 years ago | (#14133582)

Because what gives a lot of phishing attempts away - certainly the better ones - is information in the mail header or URLs linked in the text. But we're not shown any of that, so unless they have loads of grammatical errors etc, it's impossible to tell if they are genuine or not.

4% of phising (1)

Mr. Flibble (12943) | more than 8 years ago | (#14133592)

I looked at that test, and it was annoying. I doubt I could have got 100% on it, yet, I have never been nailed by phishing spam.

What was annoying? I was supposed to judge the validity of the emails from a jpeg - not from looking at the acutal links on the email. I mean, if I get an email from my bank, and the URL that they send me is NOT the same as my banks - then I know it is phishing spam. I do this because I can tell by the domain/subdomain in the links - not by how the mail "looks".

Having said that, I have barely seen mails from my OWN bank, but many phishing spams from others.

Looking at the URL (and understanding how domains and subdomains work) certanly helps with phishing spam - not just knowing that "your passw3rd hazz expireddc" is probably not valid.

The test is bad (4, Insightful)

jmv (93421) | more than 8 years ago | (#14133603)

In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent

Had a look at the test [mailfrontier.com] and this is not surprising. Basically, they just take a screenshot of the mail reader window, ripping out any info (headers, html source) that could be of any help. Not to mention that as long as you assume anything you get from your bank/ebay/paypal/... is *potentially* a phishing e-mail, you don't have to actually be able to tell the difference. Education should not be about recognizing phishing emails because phishers will always be ahead. However, if you *never* click on a link and always use bookmarks (to bank and all) you have, then there's nothing a phisher can do. Of course, education should also be for institutions like my bank which includes its website URL in emails they send me (they're encouraging their customers to learn bad habits).

Bad test (1)

jone_stone (124040) | more than 8 years ago | (#14133607)

The Phishing IQ Test [mailfrontier.com], on which this survey is based, is not a good gauge for the ability to detect Phishing emails. It presents you an image of questionable messages and asks you to decide whether they're trying to trick you. I don't know about you, but I use a lot more than the text and visual properties of a message to decide whether it's a fake. My first line of defense (and usually a very good one) is to look at the URLs that the message's links point to. I can weed out 99% of fraudulent email in a few seconds that way, and never even have to read what they're trying to sell me. Sometimes I'm even surprised to find that a suspicious message is actually genuine. The Phishing IQ Test denies me the URL-snooping that's available in just about every email reader and web browser, so it is by no means an accurate measurement of real-world detection skills.

I took this test a while ago and didn't get 100%, even though I'm one of the most internet-savvy people I know. Despite that, I don't know anyone who's been taken in by a phishing scam. Hmmm...

I've always been paranoid (1)

Auckerman (223266) | more than 8 years ago | (#14133608)

Perhaps I'm a luddite, but I was one very early on. I've always had the policy of never putting my credit card number online. In the old days (Early 90s), it was because most "retailers" didn't even bother encrypting the numbers in their database. Hell, there was no way of even knowing that the store even existed in the first place, the earliest form of phishing. Now a days, I assume EVERY email I get that asks for any information is from a criminal.

With the advent of temporary credit card numbers, I feel comfortable purchasing online, but only from proven stores.

People want to assume the best of others. Most people want to beleive that most other people are honest. When it comes to an anonymous medium like the internet, the reverse needs to be assumed as a starting place. The worst part of its, it's getting to the point that you don't even have a choice if your information is online. Whether your info is sold, your bank allows "online banking", a physical store you shopped has online "convience", or anything else, you lose the choice. Your entire credit history can be ruined even if you never go near a computer, all because of the convience of the internet. It's reckless, dangerous and eventually modern society will pay for such activities.

All they had to do is look at Microsoft.... (1)

PenguinBoyDave (806137) | more than 8 years ago | (#14133615)

They have been involved in Cybercrime for years. Each time they force-feed a copy Windows down people's throats. Made them rich.

False Positives (1)

PMuse (320639) | more than 8 years ago | (#14133620)

only 4% of Internet users can flag 100% of phishing e-mails as fraudulent
No. Half the examples in that test require users to identify suspect emails as Legitimate. Sure enough, few people (especially the ones who practice 'safe browsing' by default -- i.e. tell no one nothing ever) will score 100% by trusting all those suspect examples.

Users can be taught to default to "NO". They are learning.

That said, user credulousness would be a problem even if 99% of users had identified all the fraud examples as fraud. That 1% would still be a lot of victims.

Nobody can spot 100% of phishing attempts (1)

Otter (3800) | more than 8 years ago | (#14133624)

The only way to deal with phishing is to *never* give whatever secure information in response to email you didn't initiate. Unless you're Jon Postel (and I believe he's now dead) you simply can't distinguish between legit emails and top quality phishing, no matter how loudly the idiot snobs here insist otherwise.

Singapore (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14133625)

I don't know about America, but in Singapore the only real difference between CyberCrime and Drugs is that hackers and criminals are rewarded with $10,000 prizes [people.com.cn] while drug mules [wikipedia.org] are hung.

The test is misleading. (0)

Anonymous Coward | more than 8 years ago | (#14133642)

The emails shown in the test could be real or fake depending on the links, which you cant check from a screenshot.

Language? (0)

Anonymous Coward | more than 8 years ago | (#14133647)

Only 4% yeah, but does it take into account the main language of the people receiving these emails?
For example I am a native french speaker (from Canada). Every email I receive which is in english ( 99% of my junk mail ) seems suspect to me. It's fairly easy to recognize spam, when you don't recognize the language it is in. Since I receive a lot of english-written spam, and considering that a fairly large part of the internet users are not native-english speakers, I suppose that the 4% figure applied to Americans would be drastically different in another part of the world.

4% and phishing test. (2, Insightful)

RingDev (879105) | more than 8 years ago | (#14133660)

That test is a waste. The 'emails' are image files, so you can't see where the actual links point to, you can't see the email header or the true from address. Anyone who nails 100% is more lucky then savey.

-Rick

Easy solution (1)

ch-chuck (9622) | more than 8 years ago | (#14133665)

The Phish Piss Test.

Just have all new employees and randomly picked existing employees pee in a cup and test it for phishing metaboloids.

Dump your html email (1)

deacon (40533) | more than 8 years ago | (#14133674)

only 4% of Internet users can flag 100% of phishing e-mails as fraudulent

So only 4% are using text only mail readers like pine? And the rest are looking at the Paypal graphic in the HTML email and deciding the email is genuine?

Poor bastards.

More meat and less bun in a mailreader makes fakes trivial to spot.

more lucrative? (1)

bumptehjambox (886036) | more than 8 years ago | (#14133793)

When its 3AM and I want a watch, a television, and some new shoes...
No matter what I do on the internet, it doesnt really help me get there for atleast a day or two.
All I am saying is, don't be foolish and close down your Meth labs cuz of this.

One Level of Commonality (1)

Calibax (151875) | more than 8 years ago | (#14133795)

It occurs to me that only the illegal drug and software industries call their customers "users".

Shit! (0)

Anonymous Coward | more than 8 years ago | (#14133813)

Does this mean my drugs are going to get more expensive?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...