Links
Archives
Intersection of computers and crime
Tuesday, April 20, 2004
Economics of Cybercrime
Just what is the cost of computer crime? The 2003 CSI/FBI report puts the average loss at $800,000 per respondent. For an interesting overview of computing the financial cost and what metrics to use to measure the results of a security program, see an article by Lawrence Gordon and Robert Richardson. Should you use NPV, ROI or do you look at externalities? Martin P. Loeb also examines in the same article the true cost of cybercrime. The conclusion-direct costs such as overtime for IT personnel, lost productivity but also the real financial damage from breaches of confidence-ultimately a loss in market value. The article also references a paper by L. Jean Camp, Kennedy School of Government, on Pricing Security.
Just what is the cost of computer crime? The 2003 CSI/FBI report puts the average loss at $800,000 per respondent. For an interesting overview of computing the financial cost and what metrics to use to measure the results of a security program, see an article by Lawrence Gordon and Robert Richardson. Should you use NPV, ROI or do you look at externalities? Martin P. Loeb also examines in the same article the true cost of cybercrime. The conclusion-direct costs such as overtime for IT personnel, lost productivity but also the real financial damage from breaches of confidence-ultimately a loss in market value. The article also references a paper by L. Jean Camp, Kennedy School of Government, on Pricing Security.
Wednesday, April 14, 2004
Cybercrime Treaty
The cybercrime treaty signed in November 2001 has been ratified according to ZDNet UK. For the treaty to come into effect, only 5 countries (including 3 member States of the Council of Europe) that had signed in 2001 were needed to ratify it. Ratification was by Croatia, Albania, Estonia, Hungary, and Lithuania. None of the major powerhouse governments had ratified the treaty perhaps signaling that they were not in total agreement with the final version. From the beginning the treaty has been an object of controversy including the fact that much of the original negotiation was done in secret and was not released until demands by private organizations. Many still believe that the treaty has a large affect on privacy concerns that have not been addressed by the treaty or the writers. Since the original signing an additional protocol has been integrated into the treaty addressing the concerns of xenophobia and racism. For further background on the treaty, see the cybercrime treaty website here. The US, Japan, South Africa, and Canada (not members of the Council of Europe) were asked to participate in the creation of the treaty.
The treaty will come into effect on July 1, 2005.
The cybercrime treaty signed in November 2001 has been ratified according to ZDNet UK. For the treaty to come into effect, only 5 countries (including 3 member States of the Council of Europe) that had signed in 2001 were needed to ratify it. Ratification was by Croatia, Albania, Estonia, Hungary, and Lithuania. None of the major powerhouse governments had ratified the treaty perhaps signaling that they were not in total agreement with the final version. From the beginning the treaty has been an object of controversy including the fact that much of the original negotiation was done in secret and was not released until demands by private organizations. Many still believe that the treaty has a large affect on privacy concerns that have not been addressed by the treaty or the writers. Since the original signing an additional protocol has been integrated into the treaty addressing the concerns of xenophobia and racism. For further background on the treaty, see the cybercrime treaty website here. The US, Japan, South Africa, and Canada (not members of the Council of Europe) were asked to participate in the creation of the treaty.
The treaty will come into effect on July 1, 2005.
Tuesday, March 09, 2004
Cyberviruses
In a follow-up to the battle between worm writers, the author of the NetSky worm is bowing out (according to a story in The Globe). The current variant of NetSky is the 11th in less than a month but this one contains a message in the code "We want to destroy malware writers' business, including MyDoom and Bagle ... to F-Secure and so on, we do not want damage systems ... We have respect of your work (Your heuristic scan is not good enough! Make it better). This is the last version of our antivirus. The source code is available soon." Netsky is different in that it has not appeared to be a malicious one unlike MyDoom and Bagel. Bagel is up to the L version. There is some speculation that MyDoom and Bagel are written by the same group of writers.
In a follow-up to the battle between worm writers, the author of the NetSky worm is bowing out (according to a story in The Globe). The current variant of NetSky is the 11th in less than a month but this one contains a message in the code "We want to destroy malware writers' business, including MyDoom and Bagle ... to F-Secure and so on, we do not want damage systems ... We have respect of your work (Your heuristic scan is not good enough! Make it better). This is the last version of our antivirus. The source code is available soon." Netsky is different in that it has not appeared to be a malicious one unlike MyDoom and Bagel. Bagel is up to the L version. There is some speculation that MyDoom and Bagel are written by the same group of writers.
Monday, March 08, 2004
Cyberviruses
With all of the news that has been forthcoming in the last few weeks, just what is the cost of viruses, worms, and malicious emails? A recent story in The Globe reported some answers from a white paper " Worms Gobbling Broadbrand Profits" written by Sandvine, Inc. The white paper claims that North American ISP's will see as much as $245 million in profits eaten by worms. They claim that over 5% of the residential subscribers are infected by worms and are propagating them daily through their activities online. In fact, home users are the weakest uncontrolled point in the internet. Besides eating up bandwidth, worms cause an increase in labor for the ISPs with a base of 32 man-hours with an additional man-hour per 10,000 subscribers.
In a related story, is it possible that spring breaks give some college-age hackers too much time on their hands for a week. Currently many security officials are seeing what they call BugWars on-line. The Globe is reporting on a cyberwar by the authors of the MyDoom, NetSky, and Bagel worms as they fight for on-line supremacy. Text has been extracted from the source code where the authors are calling each other names and attempting to disable the other.
With all of the news that has been forthcoming in the last few weeks, just what is the cost of viruses, worms, and malicious emails? A recent story in The Globe reported some answers from a white paper " Worms Gobbling Broadbrand Profits" written by Sandvine, Inc. The white paper claims that North American ISP's will see as much as $245 million in profits eaten by worms. They claim that over 5% of the residential subscribers are infected by worms and are propagating them daily through their activities online. In fact, home users are the weakest uncontrolled point in the internet. Besides eating up bandwidth, worms cause an increase in labor for the ISPs with a base of 32 man-hours with an additional man-hour per 10,000 subscribers.
In a related story, is it possible that spring breaks give some college-age hackers too much time on their hands for a week. Currently many security officials are seeing what they call BugWars on-line. The Globe is reporting on a cyberwar by the authors of the MyDoom, NetSky, and Bagel worms as they fight for on-line supremacy. Text has been extracted from the source code where the authors are calling each other names and attempting to disable the other.
Sunday, February 08, 2004
Cybercrime Units
Switzerland is the latest country to actively move to the forefront in fighting cybercrime. They have launched a special unit, Cyco, to police the Internet. Currently they are receiving over 500 complaints a month about website content with over 50% of the complaints about pornography. Persons can "report Internet suspect matter" such as to Cyco: hardcore pornography, depiction of violence, extremism, racism, unlawful entry into IT systems, spreading of computer viruses, destruction of data, credit card misuse, violation of copyrights, and illegal arms trade. The yearly budget for the unit is about 1.5 million Swiss Francs and has nine people on staff. What is interesting is that the Canton of Zurich has refused to participate in the project. Cyco works to monitor websites and often copies the entire site onto their computers. They then check the websites "including links or references to Switzerland to determine if their authors could be legally prosecuted." The Canton authorities receive dossiers from Cyco should any of the authors be living in that area. Cyco also passes on any relevant information to other countries.
Switzerland is the latest country to actively move to the forefront in fighting cybercrime. They have launched a special unit, Cyco, to police the Internet. Currently they are receiving over 500 complaints a month about website content with over 50% of the complaints about pornography. Persons can "report Internet suspect matter" such as to Cyco: hardcore pornography, depiction of violence, extremism, racism, unlawful entry into IT systems, spreading of computer viruses, destruction of data, credit card misuse, violation of copyrights, and illegal arms trade. The yearly budget for the unit is about 1.5 million Swiss Francs and has nine people on staff. What is interesting is that the Canton of Zurich has refused to participate in the project. Cyco works to monitor websites and often copies the entire site onto their computers. They then check the websites "including links or references to Switzerland to determine if their authors could be legally prosecuted." The Canton authorities receive dossiers from Cyco should any of the authors be living in that area. Cyco also passes on any relevant information to other countries.
Cybercrime-Appropriations
President Bush has released his budget request for the 2005 fiscal year which includes $59.8 billion for information technology, according to ZDNet. Over $80 million would be distributed to the Department of Homeland Security's National Cyber Security Division. The Department of Justice would see an increase from $157 million to $265 million for cybercrime. The budget request can be seen in it entirety at the Office of Management and Budget. The San Francisco Chronicle has a reader friendly version of how the monies would be spent at the Department of Homeland Security.
President Bush has released his budget request for the 2005 fiscal year which includes $59.8 billion for information technology, according to ZDNet. Over $80 million would be distributed to the Department of Homeland Security's National Cyber Security Division. The Department of Justice would see an increase from $157 million to $265 million for cybercrime. The budget request can be seen in it entirety at the Office of Management and Budget. The San Francisco Chronicle has a reader friendly version of how the monies would be spent at the Department of Homeland Security.
Cybercrime
A student identified as distributing a variant of the Blaster virus has been indicted in Romania according to the Miami Herald. The student is charged with distributing the Romanian version of the Blaster virus that infected 27 computers at a university. Romania, which only last year passed their first cybercrime law, has one of the strictest-the student could be spending up to 15 years in prison.
A student identified as distributing a variant of the Blaster virus has been indicted in Romania according to the Miami Herald. The student is charged with distributing the Romanian version of the Blaster virus that infected 27 computers at a university. Romania, which only last year passed their first cybercrime law, has one of the strictest-the student could be spending up to 15 years in prison.
Cybersecurity
From The Globe, in the aftermath of the MyDoom virus, several security experts are questioning how future virus attacks can be stopped. It appears that the current technology is unable to slow down the propogation of the viruses particulary when most home computer users do not bother to install antivirus software while over 99% of corporations do. The current method of attacking incoming viruses is to download updates from current companies such as Symantec and McAfee. It is estimated that over 2 million PC's were infected by MyDoom. Based on how fast the virus spread, the question is how should users and companies defend themselves against the next virus or worm?
From The Globe, in the aftermath of the MyDoom virus, several security experts are questioning how future virus attacks can be stopped. It appears that the current technology is unable to slow down the propogation of the viruses particulary when most home computer users do not bother to install antivirus software while over 99% of corporations do. The current method of attacking incoming viruses is to download updates from current companies such as Symantec and McAfee. It is estimated that over 2 million PC's were infected by MyDoom. Based on how fast the virus spread, the question is how should users and companies defend themselves against the next virus or worm?
Monday, February 02, 2004
Cybercrime-Worm
MyDoom.A has struck the SCO website as anticipated. Reuters has the details. What is interesting about the attack is that it was scheduled to hit at 1609 GMT Sunday-apparently so many people have their computer clocks incorrectly set, that the hits were set-off hours earlier before 1609 GMT. This is one of the largest Denial of Service attacks to date-over 1 million computers are believed to be infected. Others reporting the story include: Wired-"Early Worm Gets SCO Bird," and CNET-"MyDoom downs SCO site."
Something to ponder: are wide-scale worm attacks the wave of the future as means of showing the dislike for a company's business or ideological stance?
MyDoom.A has struck the SCO website as anticipated. Reuters has the details. What is interesting about the attack is that it was scheduled to hit at 1609 GMT Sunday-apparently so many people have their computer clocks incorrectly set, that the hits were set-off hours earlier before 1609 GMT. This is one of the largest Denial of Service attacks to date-over 1 million computers are believed to be infected. Others reporting the story include: Wired-"Early Worm Gets SCO Bird," and CNET-"MyDoom downs SCO site."
Something to ponder: are wide-scale worm attacks the wave of the future as means of showing the dislike for a company's business or ideological stance?
Friday, January 30, 2004
Cybercrime-Viruses
Rewards and mutants are in the news. Daily Press is reporting a story of a reward of $250,000 that has been offered by Microsoft Corp. for those who help law enforcement to capture the designer of the "MyDoom.B" virus. The MyDoom.B virus is a mutant of the MyDoom virus that was spawned last week. MyDoom originally was to create Denial of Service (DOS) attack on The SCO Group which has been involved in litigation over the last year. MyDoom.B is to launch a DOS attack against Microsoft on Tuesday and will also prevent victims of MyDoom.B from visiting websites of leading antivirus companies. The SCO Group is also offering a reward of $250,000 for information leading to the arrest and conviction of individuals responsible for the creation of the MyDoom virus.
European Tech Wire is reporting that the leading anti-virus software company in Russia, Kaspersky, has identified the creator of the MyDoom virus as coming from a Russian ISP. The Moscow Times had the original story on the Russian link.
And if having your computer infected with MyDoom isn't enough, SMH out of Australia is reporting that credit card scams are following in the wake of the virus. MiMail is asking receivers to update credit card information-the email appears to be coming from Microsoft. To date, the global economic cost of the virus appears to be $29.7 billion US dollars.
Rewards and mutants are in the news. Daily Press is reporting a story of a reward of $250,000 that has been offered by Microsoft Corp. for those who help law enforcement to capture the designer of the "MyDoom.B" virus. The MyDoom.B virus is a mutant of the MyDoom virus that was spawned last week. MyDoom originally was to create Denial of Service (DOS) attack on The SCO Group which has been involved in litigation over the last year. MyDoom.B is to launch a DOS attack against Microsoft on Tuesday and will also prevent victims of MyDoom.B from visiting websites of leading antivirus companies. The SCO Group is also offering a reward of $250,000 for information leading to the arrest and conviction of individuals responsible for the creation of the MyDoom virus.
European Tech Wire is reporting that the leading anti-virus software company in Russia, Kaspersky, has identified the creator of the MyDoom virus as coming from a Russian ISP. The Moscow Times had the original story on the Russian link.
And if having your computer infected with MyDoom isn't enough, SMH out of Australia is reporting that credit card scams are following in the wake of the virus. MiMail is asking receivers to update credit card information-the email appears to be coming from Microsoft. To date, the global economic cost of the virus appears to be $29.7 billion US dollars.
