Does Cybercrime Really Cost $1 Trillion?

by Peter Maass and Megha Rajagopalan ProPublica, Aug. 1, 2012

Gen. Keith Alexander is the director of the National Security Agency and oversees U.S. Cyber Command, which means he leads the government's effort to protect America from cyberattacks. Due to the secretive nature of his job, he maintains a relatively low profile, so when he does speak, people listen closely. On July 9, Alexander addressed a crowded room at the American Enterprise Institute in Washington, D.C., and though he started with a few jokes 2014 his mother said he had a face for radio, behind every general is a stunned father-in-law 2014 he soon got down to business.

Alexander warned that cyberattacks are causing "the greatest transfer of wealth in history," and he cited statistics from, among other sources, Symantec Corp. and McAfee Inc., which both sell software to protect computers from hackers. Crediting Symantec, he said the theft of intellectual property costs American companies $250 billion a year. He also mentioned a McAfee estimate that the global cost of cybercrime is $1 trillion. "That's our future disappearing in front of us," he said, urging Congress to enact legislation to improve America's cyberdefenses.

These estimates have been cited on many occasions by government officials, who portray them as evidence of the threat against America. They are hardly the only cyberstatistics used by officials, but they are recurring ones that get a lot of attention. In his first major cybersecurity speech in 2009, President Obama prominently referred to McAfee's $1 trillion estimate. Sen. Joseph Lieberman, I-Conn., and Sen. Susan Collins, R-Maine, the main sponsors of the Cybersecurity Act of 2012 that is expected to be voted on this week, have also mentioned $1 trillion in cybercrime costs. Last week, arguing on the Senate floor in favor of putting their bill up for a vote, they both referenced the $250 billion estimate and repeated Alexander's warning about the greatest transfer of wealth in history.

A handful of media stories, blog posts and academic studies have previously expressed skepticism about these attention-getting estimates, but this has not stopped an array of government officials and politicians from continuing to publicly cite them as authoritative. Now, an examination of their origins by ProPublica has found new grounds to question the data and methods used to generate these numbers, which McAfee and Symantec say they stand behind.

One of the figures Alexander attributed to Symantec 2014 the $250 billion in annual losses from intellectual property theft 2014 was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.

McAfee's trillion-dollar estimate is questioned even by the three independent researchers from Purdue University whom McAfee credits with analyzing the raw data from which the estimate was derived. "I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large," said Eugene Spafford, a computer science professor at Purdue.

Spafford was a key contributor to McAfee's 2009 report, "Unsecured Economies: Protecting Vital Information" (PDF). The trillion-dollar estimate was first published in a news release that McAfee issued to announce the report; the number does not appear in the report itself. A McAfee spokesman told ProPublica the estimate was an extrapolation by the company, based on data from the report. McAfee executives have mentioned the trillion-dollar figure on a number of occasions, and in 2011 McAfee published it once more in a new report, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF).

In addition to the three Purdue researchers who were the report's key contributors, 17 other researchers and experts were listed as contributors to the original 2009 report, though at least some of them were only interviewed by the Purdue researchers. Among them was Ross Anderson, a security engineering professor at University of Cambridge, who told ProPublica that he did not know about the $1 trillion estimate before it was announced. "I would have objected at the time had I known about it," he said. "The intellectual quality of this ($1 trillion number) is below abysmal."

The use of these estimates comes amid increased debate about cyberattacks; warnings of a digital Pearl Harbor are becoming almost routine. "A cyberattack could stop our society in its tracks," Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said earlier this year. Bloomberg reported just last week that a group of Chinese hackers, whom U.S. intelligence agencies referred to as "Byzantine Candor," have stolen sensitive or classified information from 20 organizations, including Halliburton Inc., and a prominent Washington law firm, Wiley Rein LLP.

There is little doubt that a lot of cybercrime, cyberespionage and even acts of cyberwar are occurring, but the exact scale is unclear and the financial costs are difficult to calculate because solid data is hard to get. Relying on inaccurate or unverifiable estimates is perilous, experts say, because it can tilt the country's spending priorities and its relations with foreign nations. The costs could be worse than the most dire estimates 2014 but they could be less, too.

Computer security companies like McAfee and Symantec have stepped into the data void. Both sell anti-virus software to consumers, and McAfee also sells a range of network security products for government agencies and private companies, including operators of critical infrastructure like power plants and pipelines. Both firms conduct and publish cybercrime research, too. "Symantec is doing outstanding work on threat analysis," said Thomas Rid, a cybersecurity expert at Kings College London. "But still, of course they have a vested interest in portraying a more dangerous environment because they stand to gain for it."

The companies disagree. Sal Viveros, a McAfee public relations official who oversaw the 2009 report, said in an email to ProPublica, "We work with think tanks and universities to make sure our reports are non-biased and as accurate as possible. The goal of our papers [is] to really educate on the issues and risks facing businesses. Our customers look to us to provide them with our expert knowledge."

Symantec said its estimates are developed with standard methods used by governments and businesses to conduct consumer surveys and come from "one of the few, large, multi-country studies on cybercrime that asks consumers what forms of cybercrime they have actually experienced and what it cost them."

* * *

Continue reading »

The Arctic ice we all depend on is disappearing. Fast. Soon it could be ice free for the first time since humans walked the Earth. This would be not only devastating for the people, polar bears, narwhals, walruses and other species that live there - but for the rest of us too.

Oil companies are using melting sea ice to drill for more of the oil that is causing global warming in the first place. In fact, Shell’s Arctic fleet will be arriving any day now to begin exploratory drilling off the coast of Alaska this summer. That's just madness. It's time for us to take back sanity from those who have lost the plot.

Our leaders won't listen to her, but they'll listen to you. What do you have to say to those who want to destroy the Arctic?

Greenpeace, Jude Law, Radiohead and hundreds of thousands of people around the world are coming together to demand we save the Arctic from oil drilling, industrial fishing and militarization. Join us at http://www.savethearctic.org

JPMorgan Chase has disclosed $2 billion in lossesfrom a trading group’s credit investments, causing the bank’s share price to plummet in after-hours trading.

Via:

Jamie Dimon, the chief executive of JPMorgan, blamed “errors, sloppiness and bad judgment” for the loss, which stemmed from a hedging strategy that backfired.

The trading in that hedge roiled markets a month ago, when rumors started circulating of a JPMorgan trader in London whose bets were so big that he was nicknamed “the London Whale” and “Voldemort,” after the Harry Potter villain.

The losses are expected to take a toll on the bank’s larger earnings, with the corporate group expected to lose $800 million in the second quarter, the company said today in its quarterly securities filings. JPMorgan had previously estimated that it would report a net income of roughly $200 million. The final report will depend on if the company can recover, though Dimon said things could “easily get worse.”

Via:

Given Dimon’s resistance to the ban and new regulations, “he’s got a lot of egg on his face right now,” said Craig Pirrong, a finance professor at the University of Houston. “Any chance they had of getting a relative loosening of Volcker rule, anything of that nature, that’s out the window.”
...
“It’s classic Wall Street hubris, which we’ve seen so many times before,” said Simon Johnson, a former chief economist at the International Monetary Fund who now teaches at the Massachusetts Institute of Technology. “What’s particularly ironic here is that Jamie presents himself, and is believed by others to be, the king of risk management.”

In an emailed correspondence, Senator Carl Levin, D-Mich., chairman of the Senate Permanent Subcommittee on Investigations and co-author of the Merkley-Levin language establishing the Volcker Rule, issued the following statement Thursday in reaction to news that JP Morgan had suffered a $2 billion trading loss:

“The enormous loss JP Morgan announced today is just the latest evidence that what banks call ‘hedges’ are often risky bets that so-called ‘too big to fail’ banks have no business making. Today’s announcement is a stark reminder of the need for regulators to establish tough, effective standards to implement the Merkley-Levin language to protect taxpayers from having to cover such high-risk bets.”

The National Economic and Social Rights Initiative along with Amnesty International are asking the U.S. to step up its efforts to address the foreclosure crisis, including by giving serious consideration to the growing call for a foreclosure moratorium and other forms of relief for those at risk, and establishing a housing finance system that fulfills human rights obligations.

New government census reports have revealed disturbing information that details the cold, hard numbers of Americans who have been deeply affected by the state of our economy, and bank foreclosure practices:

In the last few days, the U.S. government census figures have revealed that 1 in 2 Americans have fallen into poverty or are struggling to live on low incomes. And we know that the financial hardships faced by our neighbors, colleagues, and others in our communities will be all the more acutely felt over the holiday season.

Along with poverty and low incomes, the foreclosure rate has created its own crisis situation as the number of families removed from their homes has skyrocketed.

Since 2007, banks have foreclosed around eight million homes. It is estimated that another eight to ten million homes will be foreclosed before the financial crisis is over. This approach to resolving one part of the financial crisis means many, many families are living without adequate and secure housing. In addition, approximately 3.5 million people in the U.S. are homeless, many of them veterans. It is worth noting that, at the same time, there are 18.5 million vacant homes in the country.

The stark realities that persist mean that millions of families will be facing the holidays in temporary homes, or homes under threat, and far too many children will be wishing for an end to the uncertainty and distress their family is facing rather than an Xbox or Barbie doll.

Housing is a basic human need and a fundamental human right. Yet every day in the United States, banks are foreclosing on more than 10,000 mortgages and ordering evictions of individuals and families residing in foreclosed homes. The U.S. government’s steps to address the foreclosure crisis to date have been partial at best.

The depth and severity of the foreclosure crisis is a clear illustration of the urgent need for the U.S. government to put in place a system that respects, protects and fulfills human rights, including the right to housing. This includes implementing real protections to ensure that other actors, such as financial institutions, do not undermine or abuse human rights.

There is a link available at the Amnesty International website for anyone who is interested and would like to join the call on the Obama administration and Congress to urgently step up efforts to address the foreclosure crisis, including by seriously considering the growing call for a foreclosure moratorium and other forms of relief, and establishing a housing finance system that fulfills human rights obligations.

[Via Amnesty International]