A couple or advanced references...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apologies for the noise, but I'd like to go ahead and provide references for a couple of data points which I plan to mention tomorrow during my brief presentation -- they are not referenced in my presentation slides, but they do highlight the issues I'm trying to address. Each are very recently announced studies, papers, or announced statistics. The first one is a study conducted by the fine folks at Google, wherein they "...investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware". The paper is located here: "All Your iFrame Are Point to Us" http://research.google.com/archive/provos-2008a.pdf ...and associated blog entry here: http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point- to-us.html This study reinforces what we are seeing -- literally hundreds of thousands of compromises on the web and server -side. Second, is a paper recently jointly released/presented by Ga. Tech and Google on the the rampant escalation of rogue/malicious DNS resolution paths: http://www.citi.umich.edu/u/provos/papers/ndss08_dns.pdf The numbers are somewhat... staggering. The two issues above contribute directly, and overlap, more than most people are aware. And thirdly is a figure that some folks may already be aware of; the fact that identity theft was the number one source of consumer fraud complaints submitted to the U.S. Federal Trade Commission in 2007. According to the agency's yearly report on fraud complaints for 2007, of 813,899 total complaints received in 2007, 258,427, or 32 percent, were related to identity theft: http://www.ftc.gov/opa/2008/02/fraud.pdf According to the FTC, total consumer fraud losses totaled $1.2 billion, with the average monetary loss for an individual at $349. Credit card fraud was the most common form of reported identity theft at 23 percent, followed by utilities fraud at 18 percent, employment fraud at 14 percent, and bank fraud at 13 percent. Now, there is a certain "fudge factor" in these numbers, of course, but I only mention these issues as a preface for the topics that I plan to solicit the NANOG community's assistance in addressing. Thanks, and see you tomorrow! :-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHunbjq1pz9mNUZTMRAri9AKD8wY2qH07AMhpDc2dZpJkdFAHVFQCdEa+t uI1Cwhy1TlHjI6DlQHy5SCM= =V9Dm -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Tue, 19 Feb 2008 06:27:52 GMT "Paul Ferguson" <fergdawg@netzero.net> wrote:
And thirdly is a figure that some folks may already be aware of; the fact that identity theft was the number one source of consumer fraud complaints submitted to the U.S. Federal Trade Commission in 2007.
According to the agency's yearly report on fraud complaints for 2007, of 813,899 total complaints received in 2007, 258,427, or 32 percent, were related to identity theft:
http://www.ftc.gov/opa/2008/02/fraud.pdf
According to the FTC, total consumer fraud losses totaled $1.2 billion, with the average monetary loss for an individual at $349.
Credit card fraud was the most common form of reported identity theft at 23 percent, followed by utilities fraud at 18 percent, employment fraud at 14 percent, and bank fraud at 13 percent.
Right, but that may or may not have anything to do with the Internet; see http://www.schneier.com/blog/archives/2007/11/identity_theft_6.html (among many others). --Steve Bellovin, http://www.cs.columbia.edu/~smb
On 19 feb 2008, at 7:27, Paul Ferguson wrote:
According to the FTC, total consumer fraud losses totaled $1.2 billion, with the average monetary loss for an individual at $349.
Credit card fraud was the most common form of reported identity theft at 23 percent,
In many countries in Europe, people pay with debit cards that have a PIN number. You need to both copy the magnetic strip on the card and obtain the PIN to get at someone's money. And that's 1990s, if not 1980s, technology. The other issue is that banks and credit card companies don't have any interest in getting rid of fraud: as long as there is fraud, they can sell you the service of compensating you for that, which of course we all pay for through the credit card commissions on our purchases. And in many cases, the vendor ends up eating the loss rather than the bank, anyway. If you want stuff to work, you need to align the costs and benefits. See growth of the routing table: the community pays for the larger routers, the users of PI space get the benefits. BTW, about identity theft: if someone takes out a bank loan in my name, how is that my problem and not the bank's?
On Tue, Feb 19, 2008, Iljitsch van Beijnum wrote:
On 19 feb 2008, at 7:27, Paul Ferguson wrote:
According to the FTC, total consumer fraud losses totaled $1.2 billion, with the average monetary loss for an individual at $349.
Credit card fraud was the most common form of reported identity theft at 23 percent,
In many countries in Europe, people pay with debit cards that have a PIN number. You need to both copy the magnetic strip on the card and obtain the PIN to get at someone's money. And that's 1990s, if not 1980s, technology.
And defrauding that is now a bulk produced scam - companies in .asia mass-producing bar scanning and key input devices customised for various ATM models. Adrian
In article <E8246AAA-AC28-4C1D-B262-739659CCED1E@muada.com>, Iljitsch van Beijnum <iljitsch@muada.com> writes
BTW, about identity theft: if someone takes out a bank loan in my name, how is that my problem and not the bank's?
Because of the time it takes you to persuade other banks [1] that the first bank's report that you are bad debtor was mistaken. Of course, there may be "credit repair" products you can buy to help you. [1] And even the first bank's debt collectors. -- Roland Perry
participants (5)
-
Adrian Chadd
-
Iljitsch van Beijnum
-
Paul Ferguson
-
Roland Perry
-
Steven M. Bellovin