Sorry!! The article you are trying to read is not available now.

Cybercrime Doesn't Pay as Well as You'd Think, Microsoft Warns

Print comment Post Comments

As a decent way to make a living, cybercrime is pretty much on par with being a poet. Or, as two Microsoft (MSFT) researchers would have it, being a fisherman.

In a New York Times op-ed piece, Dinei Florêncio and Cormac Herley conclude that, while victims of cybercrime may lose plenty of money, time, and cellphone minutes trying to sort things out, their pain almost never translates into a corresponding windfall for the perps.

While it may be tempting to look at crime only through the restrictive lens of the law-abiding, the researchers expand our view of the economy by focusing on the bottom line for those in this line of work. In short, they say, "Cybercrime billionaires are hard to locate because there aren’t any."

In fact, the two point out, even victims of cybercrime are hard to locate, despite loss estimates that can range to nearly $1 trillion annually. This figure is wildly exaggerated, they say, because estimates are always based on self-reporting, which skews toward outliers:

In a 2006 survey of identity theft by the Federal Trade Commission, two respondents gave answers that would have added $37 billion to the estimate, dwarfing that of all other respondents combined. This is not simply a failure to achieve perfection or a matter of a few percentage points; it is the rule, rather than the exception. Among dozens of surveys, from security vendors, industry analysts and government agencies, we have not found one that appears free of this upward bias.  

Economically, cybercrime's disappointing returns make perfect sense. It's relatively low-risk, which often translates to low reward, and there's "little training or capital outlay required.” In other words, “Almost anyone can do it."

This means that stealing passwords and sending money-generating spam, like unregulated fishing (the researchers resist going for the easy lay-up, "phishing"), suffers from ever more entrants into an ever-shrinking pool.

As the researchers see it, the main problem with inaccurate estimates is that it encourages more criminals to enter the pool looking for a quick fix -- and thus engenders more irretrievable time spent on hold with customer service reps, while not actually significantly benefiting the underground economy.

This opinion hasn't stopped Microsoft from fighting the good fight against anyone who actually does make money. On Monday, the company revealed it had set up a sting operation against a group of cybercriminals who used the Zeus network to infect 13 million computers and extract $100 million over the last five years.

A Microsoft digital crimes unit attorney told reporters that while the network wasn't exactly gone, the company had made it harder and less profitable for the criminals to continue. Whether that $100 million is a reliable estimate or not we'll leave to the researchers to decide.
POSITION:  No positions in stocks mentioned.