Andy forwarded me this link from ArsTechnica today, which references the just released “Malicious Software (Malware): A Security Threat to the Internet Economy” report by The Organization for Economic Cooperation and Development (OECD) and the Asia Pacific Economic Co-operative (APEC) – available here.
Basically, what it boils down to is that hacking computers isn’t for fun and games anymore. It’s business. Big business, run by big organizations that make big money. Mostly by taking it away from you and people like you, gentle reader.
These businesses are in the early dot-com stage, so to speak. They’re ramping up hard core. They’re picking up talented programmers who are learning new tricks to the trade and they’re doing it several orders of magnitude faster than the general public is aware. Sooner or later one of these organizations is going to make a mistake, and misplace a zero somewhere in their code, and instead of sneaking small amounts of money out in small frauds from a bunch of different people, they’re going to take enough in one go to really draw some attention. In the immortal words of Alan Rickman in Die Hard: “When you steal $600 dollars you can just disappear, when you steal $600 million they will find you… unless they think you’re already dead.”
It used to be good practice for banks to reimburse their customers when those customers were the victims of identity fraud. With the rate of ID fraud increasing at its current staggering pace, that’s not so much the case anymore. The telling line from the Gartner report referenced in that first link: The percentage of funds consumers managed to recover dropped from 87% in 2005 to 61% in 2006. Banks are pushing the cost onto the customers as the cost starts to affect their bottom line.
You don’t need to walk into a bank to rob it anymore, that’s not where the money is. The money is the machines, and the machines are much easier to get access to than the vault.
Things are going to get worse before they get better.