One of the problems with trying to determine the amount of any given criminal activity is that most of the estimates, such as the amount of drugs being smuggled into the country, are based on the volume of that activity that law enforcement stops.
For instance, the government would assume that the various agencies at work trying to curtail drug smuggling are effective 10 to 20 percent of the time. So that would means that the amount of drugs being smuggled into the United States is about 80 to 90 percent higher than what the authorities are able to intercept.
Some similar thinking goes into trying to ascertain how much criminal activity there is on the Web. For example, the Internet Crime Complaint Center (IC3) estimates that 8.3 million records were compromised in 2007. About 13 percent of those cases are attributed to malicious activity and that then boils down to about 40,000 cases.
But now Finjan is reporting that it has found one site that in 30 calendar days compromised over 5,000 sets of data. That would imply that the amount of cyber criminal activity in the world is a whole lot more than most people think.
Oddly enough, Finjan reports that the site it discovered housing all this ill-gotten data did a very poor job of securing the site so Finjan was able to discern what type of data had been stolen, which includes medical histories and financial information that appears to have been specifically targeted.
What may be even more troubling to some is the fact that the organizations that pilfer this data are beginning to not only auction the data but also market their ability to gain access to this type of data at will.
While all this may serve as a poignant reminder about the changing nature of security threats on the Web the more compelling question might be how liable are the various international internet service providers that allow criminals to use their services to perpetuate a crime.
According to Finjan CTO Yuval Ben-Itzhak, nothing can prevent nefarious interests from trying to hack into sites. All you can is reduce the risk in the hopes that they will go elsewhere. But the victims of these attacks need to hold ISPs more accountable for allowing criminal organizations to use their pipes to perpetrate cyber crimes. Unfortunately, Ben-Itzhak says most people feel powerless to pursue lawsuits against ISPs that are based in foreign countries. So until the victims get tired of being victims and organize their efforts to fight back, we can pretty much continue to expect a lot more the same than the numbers would suggest that we're willing to admit.