> To my mind, the old proverb “opportunity makes the thief” describes the main issue with cybercrime quite well – the internet is a very “target-rich” environment, and it is incredibly easy/cheap to create a simple piece of malicious code or launch a basic attack.
It's also consequence-free. You can do on the Internet whatever the fuck you want, but unless you anger the wrong people (e.g. you hack a mega corporation or a hospital) nothing will be done.
A large part of the "cheapness" of cybercrime is that even though we know where a lot of the bad agents are coming from:
- enemy nation states like Iran, North Korea, Russia and China where the government itself has hacker groups or tolerates their activity
- neutral nations like India or Turkey where local law enforcement is bought off by scammers and other criminals so the masterminds get warned of raids in time
- domestic agents like ISPs who don't give a shit about abuse reports if there is no legal liability attached to them (i.e. everything but CSAM and copyright) because they don't bother to hire enough qualified staff to follow up on reports and get bad actors (e.g. people with compromised IoT or other devices) cleaned up or disconnected
... absolutely nothing is done against them, even if identified.
And on top of that: if you drive an unsafe car on the road, you'll get fined for being a danger to other motorists. If you have an Exchange server not patched in years reachable from the Internet, you're a danger to other systems on the Internet, and yet nothing can be done against you.
Our collective governments need to get their act together: nation states must be told to either clean up their act or get disconnected from the Internet and the global financial system, ISPs must face regulation requiring at most 6h response time for abuse reports and evidence of corrective action taken, and people being grossly negligent in keeping up with patches must feel consequences.
It's time for the laxness towards criminals and bad actors to end once and for all. We don't tolerate gangs of bullies intimidating grandmas on the street into extortion schemes, we shouldn't allow their cyber equivalents to do the same.
> It's also consequence-free. You can do on the Internet whatever the fuck you want, but unless you anger the wrong people (e.g. you hack a mega corporation or a hospital) nothing will be done.
definitely not consequence free if you don't know how to cover your tracks, and only consequence free if you're in a country that doesn't extradite.
Iran / Russia / NK / China / etc. can play dirty because they're moving on a nation-state level and geo-politics, up to and including nuclear weapons, are a discussion topic.
The average kidde re-using Indrik Spider code is gonna get some easy wins but will eventually get nailed.
It's also consequence-free. You can do on the Internet whatever the fuck you want, but unless you anger the wrong people (e.g. you hack a mega corporation or a hospital) nothing will be done.
A large part of the "cheapness" of cybercrime is that even though we know where a lot of the bad agents are coming from:
- enemy nation states like Iran, North Korea, Russia and China where the government itself has hacker groups or tolerates their activity
- neutral nations like India or Turkey where local law enforcement is bought off by scammers and other criminals so the masterminds get warned of raids in time
- domestic agents like ISPs who don't give a shit about abuse reports if there is no legal liability attached to them (i.e. everything but CSAM and copyright) because they don't bother to hire enough qualified staff to follow up on reports and get bad actors (e.g. people with compromised IoT or other devices) cleaned up or disconnected
... absolutely nothing is done against them, even if identified.
And on top of that: if you drive an unsafe car on the road, you'll get fined for being a danger to other motorists. If you have an Exchange server not patched in years reachable from the Internet, you're a danger to other systems on the Internet, and yet nothing can be done against you.
Our collective governments need to get their act together: nation states must be told to either clean up their act or get disconnected from the Internet and the global financial system, ISPs must face regulation requiring at most 6h response time for abuse reports and evidence of corrective action taken, and people being grossly negligent in keeping up with patches must feel consequences.
It's time for the laxness towards criminals and bad actors to end once and for all. We don't tolerate gangs of bullies intimidating grandmas on the street into extortion schemes, we shouldn't allow their cyber equivalents to do the same.