When it comes to password security, two Microsoft researchers ask whether everything we know about password stealing is wrong.
They offer somewhat provocative thoughts, such as:
“Getting in and getting out with money is a far harder problem than simply causing destruction. If the goal were mayhem and destruction rather than money-making we might be a great deal worse off.”
The researchers also say you should have no faith in the financial figures quoted about losses due to cybercrime:
“Those who have had an email password stolen to send spam know what a miserable experience that is, and it is little consolation to hear that the hacker probably earned very little.”
Of course, those suffering from identity fraud and identity theft will tell you that it takes years to clear up their credit reports — so the actual amount the hacker earned is of little importance to victims.
Still, the controversial, eye-opening report — “Sex, Lies and Cybercrime Surveys” — explains in more detail why sometimes “cybercrime, like sexual behavior, defies large-scale direct observation and the estimates we have of it are derived almost exclusively from surveys.”