CyLab Seminar: Measuring Cybercrime

Time: October 19, 2012 - 1:00 PM - 2:00 PM

Location: DEC@CIC, Carnegie Mellon University, Pittsburgh

Description:

CyLab is pleased to host Richard Clayton, security researcher at the University of Cambridge. The talk is titled "Measuring Cybercrime."

The CyLab seminar takes place every Monday at noon during the semester, typically in the INI Distributed Education Center classroom at the Collaborative Innovation Center (DEC@CIC). Free pizza is provided for lunch.

Speaker: Richard Clayton

Talk Abstract:

Dr. Richard Clayton is a security researcher at the University of Cambridge. He is a software developer by trade, his software house produced operating systems and word processors used by millions in the 1980s. In the 1990s he worked for the largest UK ISP, then in 2000 returned to Cambridge for a PhD on "Anonymity and Traceability in Cyberspace." He has stayed on as an academic because "it is more fun than working," concentrating on studying ecrime generally and particularly phishing.

Richard Clayton was one of eight authors of what is believed to be the first systematic study of the costs of cybercrime, presented at WEIS 2012. Previous studies had hyped the problem into many billions or even a trillion dollars--to general disbelief. This new study distinguishes traditional crimes that are now "cyber" because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what we might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims directly. The data shows--as far as direct costs are concerned--that traditional offences such as tax and welfare fraud cost the typical citizen in the low hundreds of dollars a year; transitional frauds cost a few dollars; while the new computer crimes cost in the tens of cents.

Speaker Bio: This talk will discuss this study and the policy conclusions that can be drawn from it, along with some of its known limitations ... To this will be added some snippets from other work which shed new light on the specific cybercrime of phishing and which has provided, for the first time, a plausible estimate of the number of criminals that are involved.