catseyenu
Ack Pfft
Premium
join:2001-11-17
Fix East
| Computer crime costs $67 billion, FBI says
»news.com.com/Computer+crime+cost···946.html
quote:
Responding to worms, viruses and Trojan horses was most costly, followed by computer theft, financial fraud and network intrusion, according to the survey. Respondents spent nearly $12 million to deal with virus-type incidents, $3.2 million on theft, $2.8 million on financial fraud and $2.7 million on network intrusions.
|
|
major marco
Res Firma Mitescere Nescit
Premium
join:2003-02-13
Stepford, CA
clubs:
| Is that like the same "billions and billions" that the feds said that Mitnick stole. Buncha bullshit. The feds jack up the alleged costs so they can justify putting away people like Mitnick for a decade or better meanwhile the true criminals in grand Halliburton fashion continue looting the national treasury robbing the taxpayers blind and getting away with it.
--
You work hard to put food on your family...shouldn't the pResident speak the words you want to hear? »www.wimp.com/presidential |
|
catseyenu
Ack Pfft
Premium
join:2001-11-17
Fix East
| Not necessarily, that's as in the billions in documented losses suffered by theft of resources, data and time in cleaning up after the mess.
This isn't about Mitnick's dead horse. This is about a documentable trend of criminal activity that we are all paying for.
Headlines about cybercrime profits surpassing the illegal drug trade:
»www.msnbc.msn.com/id/10682795/site/newsweek/
quote:
Identity thieves are expected to steal more than $1 trillion.
Cybercriminals are making so much money—more than the illegal drug trade last year, according to the U.S. Treasury—that they've been doing their own R&D.
Or, if you like, do a search on infection rates of whatever flavor of the week hijacker/exploit you want. |
|
major marco
Res Firma Mitescere Nescit
Premium
join:2003-02-13
Stepford, CA
clubs:
| reply to catseyenu
That there are documented losses I have no doubt. That there are dollar amounts associated with said losses I have no doubt. What I take issue with is the incredible amount of time and resources that are put into this matter when there are about a thousand other more egregious and damaging issues to the republic in which we live currently taking place and aren't being noticed.
--
You work hard to put food on your family...shouldn't the pResident speak the words you want to hear? »www.wimp.com/presidential |
|
catseyenu
Ack Pfft
Premium
join:2001-11-17
Fix East
| Your in the wrong forum to argue politics. 
The outrageous costs associated with massive CC fraud and Identity theft are being passed to the consumer because CC companies allow these crimes to continue. It's cheaper to pass the cost off onto you and I than to admit there's a problem.
Take a look into the "Spam, Scam and Charge Busters" forum and you'll see the tip of the iceberg. Criminals brazenly stealing, who and where they are is the "easy" part. Getting legislation to protect the consumer is the hard part.
I don't see this as being a separate issue from prosecuting other high profile cases of public theft, in fact I believe them to be the same thing.
It's not "okay" to exploit the public whether you are a bot master, CC Co. or the CEO of Enron. |
|
inTulsa
Premium
join:2002-02-24
1 edit | reply to major marco
said by major marco  :Is that like the same "billions and billions" that the feds said that Mitnick stole. Buncha bullshit. The feds jack up the alleged costs so they can justify ... You're about a million miles off target! There's a multitude of people who have suffered real damages beyond their wildest nightmare that would strongly disagree with your opinion. I'm surprised you're not aware of any.
There's a whole lot of fraud infiltrating the internet. Unfortunately it's been paying off for the dark side. It's costing more and more for companies to try to defend themselves. We're all paying for it one way or another even if our own identity and CC doesn't get ripped.
Here's a link that highlights some of the documented security breaches: »www.emergentchaos.com/archives/c···hes.html
One link in the Sam's (WalMart) breach highlighted that it costs a credit union about $3.50 to issue a customer a different CC. So when the list of potential customers is large, there's real costs even if all of the cards aren't used to steal things. Plus there's the credit monitoring that has to accompany each one. |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
1 edit | reply to catseyenu
Personally, I think that if companies were required to encrypt data files which contain personal information, this would solve the massive loss of entire customer databases.
While this would not offer total protection, it would complicate using lost backup media and raw files located on lost laptops, as well as compromised systems.
The excuse that this could not be done because this or that software is 3rd party created is at best laughable.
At some point, the cost justify the means, I think that justification has been present for many years, but companies will need litigation, fines and civil suits in some cases before they justify implementing secure data concepts.
Sooner or later, if that does not work, they can expect Federal laws to help motivate them.
As far as email, internet and other social engineering based methods used to trick people into providing personal information there really is no solid method other than common sense that can protect people form them self.
After All, if companies can be allowed to protect their music by not allowing it to be copied, and have laws that seem to allow them to do this using any methods they choose.
One would think this loss has far exceeded any loss the music industry could hope to have, now or in the distant future.
So it becomes hard to claim the technology is not present to protect ones personal data, at least as equally well, if not more. Unless of course the goal is too exceed 100 Billion before your personal data approaches the value of a song.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
inTulsa
Premium
join:2002-02-24
| said by ZOverLord :Personally, I think that if companies were required to encrypt data files which contain personal information, this would solve the massive loss of entire customer databases. Companies are currently and have been required to encrypt content. Those that don't comply aren't allowed to process most major credit cards. See reference to CISP and PCI in: »usa.visa.com/business/accepting_···ers.html
But for everything encrypted, there's a need to decrypt by some application or processes.
quote:
So it becomes hard to claim the technology is not present to protect ones personal data, at least as equally well, if not more.
The internet is providing new methods to breach security. Years ago you'd have to steal a physical tape or printed report. With all the new technology the bad guys are finding better ways to steal money that doesn't involve holding a gun or even being in the same country.
Your bank would probably have your card information stored encrypted, yet you can still see it online from your own home or workplace. Applications are better targets than raw storage because they already have the ability to decrypt the content.
Steve has some good info if you want to read more about secure storage of CC data: »www.unixwiz.net/techtips/secure-cc.html |
|
catseyenu
Ack Pfft
Premium
join:2001-11-17
Fix East
1 edit | Wow! Good information for businesses that need to get with the program.
Are there any federally mandated minimum privacy/data protection guidelines for the credit industry such as HIPPA for the health care industry? |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
| reply to inTulsa
I think I can safely say the vast majority of cases where data in the past has been compromised, in these cases, with credit/debit card information, as well as other personal data, did not require the use of decrypting it, it was in fact found and used in raw form.
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com |
|
inTulsa
Premium
join:2002-02-24
| reply to catseyenu
said by catseyenu :Are there any federally mandated minimum privacy/data protection guidelines for the credit industry such as HIPPA for the health care industry? Not sure. When there's big money involved the lawyers seem to use the N word a lot (negligence). PCI is the common standard, and there's anual auditing as part of that. Visa has a list of docs including the PCI security standard: »usa.visa.com/business/accepting_···faq.html
I think it's more like SOX than HIPPA. The card issuers police the system more than the feds. Maybe if the feds helped stop more of the foreign portion of internet-based security problems there might be a better chance of slowing some of it down. |
|
catseyenu
Ack Pfft
Premium
join:2001-11-17
Fix East
| said by inTulsa :The card issuers police the system more than the feds. The "card issuers" hemorrhaging the data at our expense don't want this public any more than the thieves robbing us.
Some pea-brained bean counter has figured out how it's cheaper to write the burden off than to protect the customer and management has bought into it.
It will catch up to them and there will be a day of reckoning. |
|
