Just stumbled into a CNet editorial/story on California botnet-creator J. Ancheta.
The article lede hints that Americans are cashing in on hacking as much or more than the russians. Cool, I thought, they're gonna discuss the money trail *back* to corporate America (you have noticed that Disney and travel agencies and others sub-sub-subcontract click-thru contracts that rely on popups and bots to drag users to their sites, haven't you?). Like with spyware and spam, the people that profit of adware and identity-oriented crimes are close enough to USE our information profitably, not the Russians and Bulgarians. But the big money is in extorition. I'd heard rumblings of this last week from SANS Research VP, Allen Paller, and hoped that this story would at least call attention to Americans' role as the financiers of botnets and trojans. I was wrong.
Instead, the article takes Ancheta's case and tries to handwave it into something big like Spamford Wallace or other spam kings. But along the way, it lies with the statistics. Well, not exactly *lies*.... CNet editor Rob Vamosi just hopes you won't pay attention:
"Given his modest aspirations, Ancheta lived a rather luxurious lifestyle, often seen driving his 1993 BMW and spending upward of $600 a week on new clothes and car parts."
"Overall, Ancheta is said to have made about $60,000 over a six-month period."
"The above crimes are not the result of a mafia crime syndicate. This is the work of one kid employed at an Internet cafe in Downey, California, suddenly living a life of luxury."
A kid that still fixes his own car?! Priceless!! A profit value that probably ties back to the indictment (and prosecuters always inflate damages!!!). I mean, c'mon! The kid drives a 12-year-old beemer. Ho. Lee. Shit. That is the best tie-in to US involvement in internet crime they could find!? Even Deputy Dawg would fall asleep over this guy's criminal spree.
Meanwhile, internet crime is officially a Big Deal. Paller's most-conservative estimate on the size of the organized internet crime economy is $5 Billion. Other experts hint that the numbers may be in the tens of billions. But even at $5 billion, it'd take 83,000 little pissant bot-farmers to make those numbers. That's pretty unlikely.
What we're really up against is more likely a handful of crime syndicates locking a dozen hackers apiece up at gunpoint and using their handiwork to extort $100k or more per vulnerability out of online casinos, fortune 500 firms, online giants like eBay and Amazon, and the likes.
What a travesty of reportage. I miss the days when CNet aspired to be the online news of record for the tech industry.