Company in the newsKemesa: Solving the identity theft problem

Published 10 August 2009

The ideal solution to the online identity theft problem is to not transmit personal information to Web sites in the first place; with Kemesa’s Shop Shield, personal information can not be stolen because it is never revealed during the online transaction process

Willie Sutton (1901-1980), when asked why he chose to rob banks as a career, is purported to have said, “Because that’s where the money is.” Today the question is: How much money is there in cybercrime? There is a fierce debate on this issue (see 27 March 2009 HSNW). Typically, the number of $1 trillion is mentioned — as in “cybercrime now generates $1 trillion a year for cybercriminals” - often accompanied by the comment that cybercrime now brings in more money than the drug trade.

Thus, Ed Amoroso, senior vice president and chief security officer of AT&T, told a Congressional committee on 20 March 2009 that cybercrime was a $1 trillion a year business. The assertion was made not only in Amoroso’s responses to questions, but also in written testimony. The end of paragraph 5 of the written submission to the Senate Commerce, Science, and Transportation Committee states:

Last year the FBI announced that revenues from cyber-crime, for the first time ever, exceeded drug trafficking as the most lucrative illegal global business, estimated at reaping more than $1 trillion annually in illicit profits.

The same figure of $1 trillion appeared earlier, in a September 2007 speech by the chief executive of McAfee, David DeWalt. The figure also features in statements by cybersecurity firms. Security firm Finjan, for instance, says that “In our Q1 2009 report on cybercrime, for example, we revealed that one single rogueware network are raking in $10,800 a day, or $39.42 million a year…. If you extrapolate those figures across the many thousands of cybercrime operations that exist on the Internet at any given time, the results easily reach a trillion dollars.”

Since estimates of the drug trade peg annual revenues at about $400 billion, then $1 trillion cybercrime revenues would indeed exceed drug trade revenues.

Skeptics argue that the $1 trillion figure is exaggerated. ThreatChaos blogger Richard Stiennon points out that the quoted figure of $1 trillion would make cybercrime bigger than the entire IT industry. The top 10 Fortune 50 firms turned over $2 trillion in 2008. Put another way, revenues from cybercrime exceed those of AT&T ($119 billion in 2008) by a factor of around eight. John Leyden writes that it would be mindblowing to think that cybercrime revenues exceed the GDP of Saudi Arabia ($555 billion in 2007), with all its oil income.

Regardless of the precise figure of