North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: A couple or advanced references...

  • From: Paul Ferguson
  • Date: Tue Feb 19 02:40:32 2008

Hash: SHA1

- -- "Steven M. Bellovin" <[email protected]> wrote:

>> Credit card fraud was the most common form of reported identity
>> theft at 23 percent, followed by utilities fraud at 18 percent,
>> employment fraud at 14 percent, and bank fraud at 13 percent.
>Right, but that may or may not have anything to do with the Internet;
>(among many others).

Right -- which why I mentioned "fudge factor". ;-)

While I don't disagree completely with those studies, I do think
that they may not be currently accurate (but I have no way of knowing
that, of course -- the people who underwrite the losses keep this
information very much out of the public eye).

In any event, the level of "professionalized" effort and sophistication
employed in all levels of these criminal endeavors indicates that
there is indeed a financial incentive to pursue their efforts.

And unfortunately there seems to be enough "low hanging fruit" for
it to make it financially fruitful.

My angle really has very little to do with ISP-level mitigation of
these issues -- unfortunately, it has become an issue of incident
handling, notification, and response.

This has become a major issue in most of the Internet -- an issue
which most ISPs themselves are fairly insulated from (with the
exception of ISPs who administer residential broadband networks).

If ISPs think the only problem "out there" are DDoS attacks, they are
woefully naive.

- - ferg

Version: PGP Desktop 9.6.3 (Build 3017)


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 ferg's tech blog: