[2011.10.13]丈量邪恶之网

引用 renjie 2011-10-18 10:10

欢迎拍砖

引用 echo.chan 2011-10-18 10:39

BIG numbers and online crime 这两个词是并列的，网络犯罪和犯罪收益并驾齐驱。 go together. One well-worn--意思不见了？ assertion is that cybercrime revenues exceed those from the global trade in illegal drugs. Another nice round number is the $1 trillion-worth of intellectual property that, one senator claimed earlier this year, cybercriminals snaffle annually.

网络犯罪的收入现在达到了天文数字。过去一直都有一个结论：网络犯罪的收益已超过了全球非法毒品交易。今年早些时候一位参议员表示网络犯罪每年窃取的知识产权价值约达到了1万亿美元。

It is hard to know what to make of these numbers. Online crooks, like their real-world brethren, do not file quarterly reports. In the absence of figures from the practitioners, experts tend to fall back on surveys of victims, often compiled by firms that sell security software. These have a whiff of self interest about them: they are the kind of studies that get press released but not peer reviewed.

这些数字从何而来我们很难知晓。网络骗子与真实世界的片子一样，两者都不可能（如企业一样）作出每个季度的报表。因为缺少这一方面的数据，专家都倾向于对受害者的角度入手调查，这些数据一般都由软件公司收集。它们的自身利益也受到了些许影响：这些研究常常会公之于众但并不进行同行审议。

A paper by two researchers at Microsoft, Dinei Florencio and Cormac Herley, shows why: because losses are unevenly distributed. Most people never have their bank accounts raided by cyber criminals, but an unfortunate few do, and lose a lot. This means that per capita losses, which the surveys calculate before extrapolating to a national figure, are dominated by a handful of big online heists. Errors in the reporting of such infrequent crimes have a huge effect on the headline figure. In a 1,000-person survey in America, for example, exaggerating the impact of a single crime by $50,000 would add $10 billion to the national figure.

微软公司的两名研究人员Dinei Florencio与Cormac Herley的一份论文给出了原因：因为这些损失的分布存在不均衡性。大部分人的银行账户从未遭受过网络罪犯的突然袭击，只有极少不走运的损失了大笔的钱。这就说明，这些调查研究中计算出的人均损失（在类推到全国范围之前）其实只是由少数的几宗大型网络抢劫造成的。这些犯罪发生几率不大，相关报道中出现的错误会极大地影响到最后公布到新闻媒体上的数字。比如，美国一项一万人大调查中，一项犯罪只要虚报的损失多出5万美元，类推到全国损失就会变为100亿美元。

Other data can be skewed this way too. But those who analyse it take precautions to protect their results. Few cybercrime surveys cite the methodology they used. Those that do expose their plumbing do not convince the Microsoft authors.

其它数据也会以这种方式被歪曲，但是分析者为了保证调查结果的有效性也会采取预防措施。网络犯罪调查中人们几乎很少提及他们所使用的研究方法。很多人即使告知了探究过程页很难使微软的这两位作者信服。

The few researchers who have observed cyber criminals in action are similarly sceptical about the industry’s estimates. In the latest instalment of a mammoth four-year exercise Chris Kanich of the University of California, San Diego, and colleagues tracked around 20 outfits that use spam to advertise illegal online pharmacies. First they secretly monitored the spammers’ payment systems. Then they obtained logs from one of the servers that power the illegal pharmaceutical sites. They even ordered (and—perhaps surprisingly—received) some of the non-prescription drugs on sale.

有些网络罪犯的研究人员同样也对这一领域的估计量---换成估计数字吧？持怀疑态度。来自加州大学（圣迭戈校区）的Chris Kanich与同事一起对使用垃圾邮件为非法网上药店作宣传的20个团伙进行了追踪。首先他们对垃圾邮件制作者的支付系统进行监控，进而获得了非法制药网址的其中一台服务器的运行记录，最后甚至还廉价订购到一些非处方药---廉价订购到呢，是他的本事，也有可能是当点打折，但是他们订购的就是商店本身廉价出售的药品。

Their findings suggest that only two of the 20 or so operators bring in $1m or more per month. The criminals behind fake security software appear to reap similar rewards, say Brett Stone-Gross and colleagues at the University of California, Santa Barbara. Their study, due to be presented at next month’s eCrime 2011 conference in San Diego, puts the annual revenue of each criminal group at a few tens of millions of dollars. As with Mr Kanich’s study, it is not clear how much of this is profit.

他们的研究发现告诉我们：20个非法经营者中大约只有两个月收入达到一百万美元。来自加州大学（圣塔芭芭拉校区）的Brett Stone-Gross与同事称，以虚假安全软件作保护的罪犯每月几乎也能达到同样的数字。他们的研究要在下个月举行的圣迭戈2011电子犯罪会议发布，其中作出了估计：每个犯罪组织的年收入会达到了几千万美元。与Kanich先生的研究一样，他们对利润所占的比例--直接说利润有多少不行么？利润所占比例，我还愣了一下并不知晓。

Such hauls fall well short of extravagant claims from the security industry--证券行业？下面还有几个 that some spammers make millions every day. Stefan Savage, Mr Kanich’s PhD supervisor, says that the security industry sometimes plays “fast and loose” with the numbers, because it has an interest in “telling people that the sky is falling”.

这样的数据与证券行业过度的索赔要求相比远远不够，一些垃圾邮件制造者每天都会有几百万美元进账。Stefan Savage博士是Kanich先生的督学，他称证券行业有时会玩弄数字游戏，因为它热衷于“告诉人们天要塌了”。

None of this means that the threat of cybercrime can be written off as pure invention, or that people should turn off their spam filters. But in the grand scheme of criminal threats, hacker kingpins do not appear to be on a par with Colombian drug lords—even if the security industry would wish it otherwise.

但这些都不能说明网络犯罪带来的威胁纯粹是人们捏造出来的，人们也不应该关掉自己垃圾邮件过滤器。这两句都是means后的内容，后面一句似乎和mean没关系了一样但是在大型犯罪的筹划方面，黑客头子并不能与哥伦比亚的大毒枭相提并论——即使证券行业希望如此。

引用 xskuaiyan 2011-10-18 13:14

不会是因文章短小吧？好多人翻译哟

引用 renjie 2011-10-18 13:19

xskuaiyan 发表于 2011-10-18 13:14
不会是因文章短小吧？好多人翻译哟

多谢关注 要是能提出具体意见就更好了

引用 kool 2011-10-19 02:26

security industry would wish it otherwise.

这里明显是 computer security industry 啊

引用 kool 2011-10-19 02:36

本帖最后由 kool 于 2011-10-19 02:41 编辑

they are the kind of studies that get press released but not peer reviewed.

press release, 新闻发布【会】

In a 1,000-person survey in America,

The few researchers who have observed cyber criminals in action are similarly sceptical about the industry’s estimates.

few 和 in action 的意思没有翻译出来
the industry 指的是业界自己的估算（IT 业？）

They even ordered (and—perhaps surprisingly—received) some of the non-prescription drugs on sale.

这里说的是非处方药，按法律必须有处方才能买。
所以他们订购了一些非处方药，由于是通过垃圾邮件发广告的非法交易，根本就没有指望能真的收到。

引用 herethere 2011-10-19 03:16

In the latest instalment of a mammoth four-year exercise
漏翻
在最近一个实施四年的庞大的计划中。。。。

引用 林木木 2011-10-19 10:30

第二段
often compiled by firms that sell security software
这些数据一般都由软件公司收集。
安全软件

网络骗子与真实世界的骗子一样，两者都不可能（如企业一样）作出每个季度的报表
网络骗子与真实世界的骗子一样，都不可能（如企业一样）作出每个季度的报表

They even ordered (and—perhaps surprisingly—received) some of the non-prescription drugs on sale
最后甚至还订购到一些廉价出货的非处方药
这里似乎没写廉价，而且and—perhaps surprisingly—received落下了

Their findings suggest that only two of the 20 or so operators bring in $1m or more per month.
20个非法经营者中大约只有两个月收入达到一百万美元
or more落下了

以虚假安全软件作保护的罪犯每月几乎也能达到同样的数字
以虚假安全软件作掩护的罪犯每月几乎也能获得同样的收入

引用 renjie 2011-10-19 10:33

林木木 发表于 2011-10-19 10:30
第二段
often compiled by firms that sell security software
这些数据一般都由软件公司收集。

多谢多谢

查看全部评论(9)