An attention-grabbing report by an Internet security company plays with figures to declare that cyber crime is bigger than drug trafficking — but the numbers don’t add up.
The report from security firm Norton estimates the size of cyber crime last year as $388 billion across the 24 countries surveyed. This outweighs the $288 billion in earnings from illicit trafficking of marijuana, cocaine and heroin, the report states, citing statistics from the United Nations Office on Drugs and Crime (UNODC).
The report’s estimate that cyber crime is worth $388 billion, however, is actually made up of two figures: $274 billion, Norton’s estimate of the value of time lost to cyber crime in the past year; added to $114 billion, said to be the industry’s “direct cash costs.” That is, the amount of money “spent on resolving cyber attacks” and the amount of money directly stolen by the “cyberthugs.”
The $388 billion figure, then, is not in fact an estimate of the total value of the earnings brought in by cyber attackers. This would probably be as difficult to accurately estimate as the total global value of the drug trade, which, according to the UNODC, is valued at over $400 billion.
It does no good to report Norton’s findings as a measurement of the profits made by cyber crime. The company has been making similar claims about cyber crime bringing in higher profits than drug trafficking since at least 2009. At best, the report gives some idea for the scale of the problem, before leading to the inevitable conclusion that concerned consumers should not “get angry, but get Norton.”
The report is helpful, however, in shedding some light on how common cyber crime is becoming in Latin America. Norton found that 83 percent of those surveyed in Mexico have been victims of cyber crime, compared to 80 percent in Brazil. The two are among the six most affected countries surveyed in the report, which dubs Mexico and Brazil among the cyber crime “capitals” of the world, due to the prevalence of computer virus and malware attacks.
Cyber crime refers to a wide range of activities, from the minor (individuals or small groups who execute phishing schemes and spread malware and spam) to the more serious (organized groups capable of large-scale monetary gain via identity theft), to those considered as national security threats. As highlighted by Norton, the type of cyber crime apparently most prevalent in countries like Brazil and Mexico is that involving malware, phishing or viruses. So far, cases of large-scale cyber crime — like the Romanian scheme which brought in tens of millions of dollars through highly organized, coordinated cyber scams, or the U.S. hacker who stole 40 million debit and credit card numbers — are rare in Latin America.
But the prevalence of malware and phishing scams in Latin America points to the very real possibility that the region may soon begin seeing more serious security breaches. And judging from the success that “hackivist” groups like Anonymous and LulzSec have had against government websites like Colombia’s main intelligence agency, the website of the Brazilian president, and other government sites in Chile, amongst others, government servers are easy targets for denial-of-service (DoS) attacks.
As James Bosworth at Bloggings by Boz points out, part of the problem with government website security is that federal employees frequently opt to use commercial e-mail providers like Hotmail or Yahoo, instead of the slower and prone-to-crash government services. InSight Crime has observed that the same problem is widespread in Colombia: based on anecdotal evidence alone, this is one sign that governments in the region still need to take simple steps towards providing the most basic web security measures. This is one conclusion that the Norton report, despite its obvious bias and fudged numbers, would probably agree with.