This post is based on my keynote speech at “Technology Watch” held concurrently with the “13th International Symposium on Recent Advances in Intrusion Detection” last September 15–17 in Ottawa, Canada.
Let’s consider two figures who were born a year apart and became famous criminals in the 1930s. John Dillinger was a flamboyant bank robber who spent eight years in prison, escaped from jail twice, and died at the hands of what would become the Federal Bureau of Investigation (FBI) at the age of 31.
Meyer Lansky became known as the “Mob’s Accountant,” set up casinos from Miami to Las Vegas, and never spent a day in jail. He lived to the ripe old age of 80 and, before he died, became one of 400 richest Americans.
On the one hand, you have one of the most flamboyant criminals in American history. On the other, you have someone who was so quiet and unremarkable that his role in the Mafia is still being debated.
What does this have to do with cybercrime, you may ask? Think of John Dillinger as the old-fashioned virus outbreak. Loud and flamboyant, you definitely know what happened to you. Meyer Lansky is a modern-day botnet. Silent, operates in the background, and is perfectly content to work for long-term gains.
The popular conception of cybercrime is of Russian hackers with a pipe into users’ systems that steal all the information they can get. Just as frequently, however, users are not just victims. They’re also unwitting accomplices in cybercrime themselves.
Let’s take a look at one good example—spam botnets. Here’s a chart that shows how many IP addresses in Canada were involved in sending spam: