Measuring the black web

Is cybercrime as big as its foes fear?

BIG numbers and online crime go together. One well-worn assertion is that cybercrime revenues exceed those from the global trade in illegal drugs. Another nice round number is the $1 trillion-worth of intellectual property that, one senator claimed earlier this year, cybercriminals snaffle annually.

It is hard to know what to make of these numbers. Online crooks, like their real-world brethren, do not file quarterly reports. In the absence of figures from the practitioners, experts tend to fall back on surveys of victims, often compiled by firms that sell security software. These have a whiff of self interest about them: they are the kind of studies that get press released but not peer reviewed.

A paper by two researchers at Microsoft, Dinei Florencio and Cormac Herley, shows why: because losses are unevenly distributed. Most people never have their bank accounts raided by cyber criminals, but an unfortunate few do, and lose a lot. This means that per capita losses, which the surveys calculate before extrapolating to a national figure, are dominated by a handful of big online heists. Errors in the reporting of such infrequent crimes have a huge effect on the headline figure. In a 1,000-person survey in America, for example, exaggerating the impact of a single crime by $50,000 would add $10 billion to the national figure.

Other data can be skewed this way too. But those who analyse it take precautions to protect their results. Few cybercrime surveys cite the methodology they used. Those that do expose their plumbing do not convince the Microsoft authors.

The few researchers who have observed cyber criminals in action are similarly sceptical about the industry’s estimates. In the latest instalment of a mammoth four-year exercise Chris Kanich of the University of California, San Diego, and colleagues tracked around 20 outfits that use spam to advertise illegal online pharmacies. First they secretly monitored the spammers’ payment systems. Then they obtained logs from one of the servers that power the illegal pharmaceutical sites. They even ordered (and—perhaps surprisingly—received) some of the non-prescription drugs on sale.

Their findings suggest that only two of the 20 or so operators bring in $1m or more per month. The criminals behind fake security software appear to reap similar rewards, say Brett Stone-Gross and colleagues at the University of California, Santa Barbara. Their study, due to be presented at next month’s eCrime 2011 conference in San Diego, puts the annual revenue of each criminal group at a few tens of millions of dollars. As with Mr Kanich’s study, it is not clear how much of this is profit.

Such hauls fall well short of extravagant claims from the security industry that some spammers make millions every day. Stefan Savage, Mr Kanich’s PhD supervisor, says that the security industry sometimes plays “fast and loose” with the numbers, because it has an interest in “telling people that the sky is falling”.

None of this means that the threat of cybercrime can be written off as pure invention, or that people should turn off their spam filters. But in the grand scheme of criminal threats, hacker kingpins do not appear to be on a par with Colombian drug lords—even if the security industry would wish it otherwise.


Everything Computes on a Smarter Planet
Follow IBM SMrtrCmptng
The challenge of managing mountains of information #biggerdata
1 hour 58 min ago
RT @IBMVirt: Alex Yost from #IBM tells why architecture matters. #VMworld. 15:00 rm B5-M1
2 hours 14 min ago
What's a bigger threat to business growth, the economy or cost/supply of energy?
2 hours 23 min ago
Need for great business efficiency means that things like #cleantech become mainstream
2 hours 27 min ago
According to Facebook, 27 of our fans like Coldplay. No answer to that really.
5 hours 5 min ago
Every business needs: Flexible, efficient and agile IT infrastructure
5 hours 9 min ago
See us at #VMWorld 3-4pm "architecture matters…when you’re working in the cloud" with Alex Yost
7 hours 6 min ago
New capabilities from IBM to improve business efficiency
7 hours 9 min ago
The Smarter Computing Daily is out! ▸ Top stories today via @carolinerfinlay @ibmsaas @mirv_pgh @mac_devine
22 hours 23 min ago
You'll find us at VMWorld this week
1 day 46 min ago
IBM Continues To Drive Storage Efficiency - Network Computing - In its fall storage announcement, IBM...
1 day 54 min ago
The Smarter Computing Daily is out! ▸ Top stories today via @mattrmorrison @stevendickens3 @subhashishpaul @vijayakumar
1 day 22 hours ago
The Smarter Computing Daily is out! ▸ Top stories today via @mattiaspersson @ibmsaas
2 days 22 hours ago
The Smarter Computing Daily is out! ▸ Top stories today via @aka_stumic @arrowecs_ibmsw @subhashishpaul @midmarketibmca
3 days 22 hours ago
Marketing Patterns from Analytics for the CMO? Yes. An automated coach? Perhaps. by @ajbowles
4 days 18 hours ago
The Smarter Computing Daily is out! ▸ Top stories today via @ibmsteph @mainframesnjose @ibmimpact @riahyman
4 days 22 hours ago
Cloud Computing Now Makes It Easier (and Cheaper) to Innovate: Study - Forbes
4 days 22 hours ago
Video: IBM CMO Study aka Why CMO need smarter computing (by IBMIBV)
4 days 23 hours ago
RT @ibmevents: IBM will be at VMWorld in Copenhagen, Oct 18, #virtulization #cloud #vmware
5 days 41 min ago
RT @IBMcloud: Q2: What criteria do companies use to choose either PaaS or IaaS for a specific situation? #cloudchat
5 days 18 hours ago
Smarter Computing and Breakthrough IT Economics A new era of computing - smarter computing - can deliver breakthrough economics for your IT. Click here to see how.Smarter Computing Premise-Setting Op-Ad, on
Read why Smarter Computing is essential for a Smarter Planet, and the innovative opportunities it offers for businesses and the world at large today.
Articles from The Economist
Information technology goes global: Tanks in the cloudCloud computing: A market for computing powerTechnology firms and health care: Heads in the cloud
Latest blog posts - All times are GMT
So happy together
From Free exchange - 47 mins ago
Le trahison des CPAs
From Democracy in America - 1 hour 13 mins ago
Struggling to catch MICE
From Gulliver - 1 hour 24 mins ago
Nut cluster
From Baobab - October 19th, 11:00
European science stemmed
From Babbage - October 19th, 10:59
Tying the hands of speculators
From Schumpeter - October 19th, 10:41
More from our blogs »
Products & events
Stay informed today and every day

Subscribe to The Economist's free e-mail newsletters and alerts.

Subscribe to The Economist's latest article postings on Twitter

See a selection of The Economist's articles, events, topical videos and debates on Facebook.


Screen reader users: Please switch to forms mode for this link.
Click here to
rate this page