Hack: risk and reward

If hacking into web sites and databases is so rampant, if the government, military and intelligence folks are unable to stop it, unwilling to discuss it, even, to share the data on the risks and are they worth the rewards, what are we to do or say about it?  Over at Infoworld, Roger Grimes shares some interesting tidbits about the risk reward analogies and the story may surprise you. Roger examines the FBI’s own data online  to compare for example the chance of getting caught holding up a bank, looking at “In 2010, bank robbers

Contrast the numbers with “identity thieves almost never get caught. For instance, from 2003 to 2006 (the years for which I can find trend data), the FBI was able to arrest between only 1,200 and 1,600 identity thieves, and about a third of those cases resulted in convictions, much less jail time. To put this in further perspective, these crimes affected 8.3 million victims, nearly 4 percent of the entire U.S. adult population. This means that one identity thief was convicted for every 20,750 victims.”

Bottom line report for FBI performance against hackers:  “from 303,809 complaints, 1,420 prepared criminal cases resulted in a mere six convictions. That’s one jailed cybercriminal for every 50,635 victims, and these are just the cases significant enough to be reported to the FBI.”

Roger claims it’s not the FBI’s fault, and that laws on evidence and national boundaries make it tough.  Yet we live in a nation where just about every other person we meet who isn’t a criminal, is somehow or other involved in enforcing somebody’s laws or rules.  At some point we have to come to terms with the fact that the money spent on law enforcement is a huge waste.

We read all the time about far out strategies from law enforcement on allowing gangs to smuggle drugs, we even sell them weapons and launder money for them for years, maybe decades, all for the idea that one day it will put these criminals behind bars.  Here are some links if you are not familiar with these stories:




There are lots of tools to secure web sites.  Otherwise, there would be no Ecommerce of growth of the Internet, but it is abundantly clear the businesses, that are able to stay safe, get hit, and get dissed, because of our government’s inability to do their job and to educate the masses on what to do.  We’ve blasted the leadership on making online security a mandatory subject for grade school kids and teaching them how to hack responsibly, instead of having to hire off shore personnel who know the business.  It falls on deaf ears because as we know, politicians either haven’t a clue, or are too busy raising money.

No comments yet.

Leave a Reply