I recently posted an essay about how and why you should protect yourself from the NSA with encryption.
What people often forget is that the NSA is not the only entity you need to protect yourself from.

Recently it was revealed at a Russian criminal gang stole 1.2 Billion username password combinations, plus another 500 million email addresses.
   You do the math. Chances are that more than one of you who are reading this had your password stolen.

  How did they steal so many passwords? With botnet computer viruses, and the computers most attacked are home computers.
  I know what some of you are thinking. I'm careful. I'm different. I have an anti-virus.

 What if I was to tell you that you aren't nearly as safe as you think? Don't believe me? You shouldn't. I could be anybody.
   However, you should listen to Symantec's senior vice president Brian Dye.

 Earlier this week, Symantec's senior vice president Brian Dye declared to the Wall Street Journal that antivirus "is dead." ...
    Not only that, Dye bemoaned that they simply can't keep hackers out. In the interview, Dye estimated that AV only catches 45 percent of cyber attacks.

 The article goes on to point out that lots of cybersecurity experts disagree with the vice president of world’s biggest IT security company.
   Dye didn't say not to use an anti-virus, and no one else is saying that either. The point is that anti-virus software simply isn't very effective.

 Amichai Shulman, Imperva’s chief technology officer, and a group of researchers collected and analyzed 82 new computer viruses and put them up against more than 40 antivirus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent.

 Translated, anti-virus software simply can't detect a virus until it has been discovered by the anti-virus makers. That's a big deal because virus writers are so prolific.
   In 2000 there were less than a million new strains of malware. By 2010 there were 49 million new strains.

'The traditional signature-based method of detecting malware is not keeping up.'
 - Phil Hochmuth.

Even this underestimates the problem. The assumption is that anti-virus companies discover them quickly, but that isn't true. The Flame virus went two years without being discovered. It took more than a year to discover Stuxnet virus.
   These aren't typical cases, but then there doesn't have to be many before its a problem.

  Some of you might be thinking that once the virus is detected then the problem is over, but that isn't true either.
  A popular strain of banking malware is called Zeus.

 "For some perspective, we're analyzing about 400,000 binaries per week, and of that malware, about 92 percent is Zeus or Zeus-based," Cohen says. According to the Zeus Tracker, as of June 30, there were 1,149 known Zeus C&C servers being tracked. Meanwhile, only about 40 percent of Zeus malware was being detected by antivirus products, which is a selling point for fraudsters seeking a free crimeware toolkit.

 As Dye pointed out, only 45% of cyber attacks are blocked. Symantec's own internal report says their product only detects about 70% of virus in the wild. Microsoft Security Essentials only catches 61% of malware.

Cyber-crime is a VERY big deal

  The mistake many people make is applying too much attention to the wrong danger. For instance, people walk around scared of terrorists despite the fact that you are 8 times more likely to be killed by a cop.
   A similar thing is how people are afraid of having their cars stolen, but not their ID.

 Identity theft victims suffered more than $24.7 billion in direct and indirect losses in 2012 -- that's more than the combined $14 billion in losses consumers experienced from other types of theft (burglary, motor vehicle theft and other property theft) in the same period.
   The Bureau of Justice Statistics highlighted these and other staggering statistics in its 2012 Victims of Identity Theft report, which was released this month. About 16.6 million U.S. residents ages 16 and older were victims of at least one incident of identity theft last year. That's about 7 percent of the population in that age group, and they most often experienced misuse of existing bank and credit card accounts.

 Let that sink in for a moment: Identity theft is nearly twice as big of criminal activity than all other types of theft combined.

  So many IDs are being stolen that there is a glut of stolen IDs on the market and it is driving prices down.
   I've read about websites you can visit where they have databases so you can select the type and area of the ID you want to steal, as if you are shopping at Amazon.com. It's insane!

 Just in time for the holidays, the price of a stolen identity has dropped as much as 37 percent in the cybercrime underground: to $25 for a U.S. identity, and $40 for an overseas identity.
    For $300 or less, you can acquire credentials for a bank account with a balance of $70,000 to $150,000, and $400 is all it takes to get a rival or targeted business knocked offline with a distributed denial-of-service (DDoS)-for-hire attack. Meanwhile, ID theft and bank account credentials are getting cheaper because there is just so much inventory (a.k.a. stolen personal information) out there.

 The market for traditional illegal cyberactivity has gotten so saturated, that criminals are branching out into extortion.
   They are stealing sensitive information and threatening to disclose it unless their victims pay hundreds or even thousands of dollars in ransom.
   They've also infected the computers of small businesses and locked up the systems, then brazenly demand ransom to undo the damage.
1 in 6 Windows computers in the world have no anti-virus. In the United States nearly 20% have no virus protection.
  Between 30% of computers in the United States are already infected to 48%. As many as half of the people reading this have malware on their computer.
  99.4% of virus are made for the Windows operating system.

It doesn't end with your laptop

Cell phone security is a joke. Specifically Android.

It's not Windows and its not Apple. Because of its business model, it may be the least secure of them all.
  Malware written for Android is growing by leaps and bounds. In fact, between 79% and 99% of all malware for mobile is written for the Android OS.
   As people move from using computers to mobile devices, criminal gangs are following.

 “Cyber crime is moving to mobile but people are not aware. It’s still not as big as computer crime but it’s growing fast. The trend is a very dangerous situation,” Kaspersky said, noting that it took the Chernobyl virus in 1998 for people to properly protect their computers. “I expect something really bad to happen to change people’s minds and awareness.”
   Sonatype CEO Wayne Jackson and New Enterprise Association General Partner Harry Weller shared similar sentiments in a Fox Business interview, which detailed more than 718,000 malicious Android apps have been discovered, up to June 2013.

The money in the bank isn't safe

 When an ATM in Kiev started spitting out cash whether customer were in front of it or not, a Russian cybersecurity firm, Kaspersky Lab, was called to investigate. They discovered that the ATM was the least of the problems.

 The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.
   Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts set up in other countries.

 The heist involved around 100 banks and financial institutions in 30 countries. The amount estimated stolen is up to $1 Billion.
 To put this into perspective, the Great Brink's Robbery was less than $3 Million.

The bank computer hacking crime just keeps getting bigger, and even before the extent of damage has been fully assessed the idea of a taxpayer bailout is being floated.

 Bankers and U.S. officials have warned that cyber-terrorists will try to wreck the financial system’s computer networks. What they aren’t saying publicly is that taxpayers will probably have to cover much of the damage.

 Washington never fixed the Too-Big-To-Fail problem (which is also the Too-Big-To-Prosecute problem), thus it is simply assumed that the taxpayer will always be there for the Wall Street banks.

The full extent of the hacks is still being determined. JPMorgan Chase's computer systems were compromised for two full months before it was discovered.

The hackers unleashed malicious programs that had been designed to penetrate the corporate network of JPMorgan -- the largest U.S. bank, which had vowed two months before the attack began to spend a quarter-billion dollars a year on cybersecurity. With sophisticated tools, the intruders reached deep into the bank’s infrastructure, silently siphoning off gigabytes of information, including customer-account data, until mid-August.

 How much damage was done during those two months is unknown. A new report says that "some bank records at JPMorgan were altered and possibly deleted".
   It also turns out that the attack "affected seven financial organizations", not just two as originally reported.

   Easily the most amusing part of this whole event is how JPMorgan Chase reported that it wasn't seeing "unusual fraud" in its investigation.
   We can only assume that "unusual fraud" is different from the "regular fraud" that JPMorgan Chase typically engages in. JPMorgan has paid around $27 Billion in fines in the last few years from its "regular fraud".

Now that we have some idea of how serious this hacking event was, let's get back to the taxpayer bailout trial balloon.

 The government might have little choice but to step in after an attack large enough to threaten the financial system. Federal deposit insurance would apply only if a bank failed, not if hackers drained accounts. The banks would have to tap their reserves and then their private insurance, which wouldn’t be enough to cover all claims from a catastrophic event, DeMarco and other industry officials said.
   Discussions about the government’s role in cleaning up after a catastrophic cyber assault have centered on the Terrorism Risk Insurance Act, or TRIA. States are also pressing Washington to clarify how the Stafford Act, the main statute for relief from natural disasters, would factor in.
  The insurance law, enacted after the 2001 attacks, authorizes the government to provide financial support for insurance companies in the wake of terrorism. It is up for renewal this year. Under TRIA, insurers cover a fixed amount of losses from terrorist attacks with the government backstopping additional costs up to $100 billion. The law gives the Treasury secretary broad latitude to invoke the backstop.
    In private meetings, Treasury officials have told insurance industry lobbyists that the department would treat cyber-terror like a physical attack under TRIA, said the people involved with the talks, who spoke on condition of anonymity because the discussions were private.

 So there you have it. Wall Street will be protected from its own incompetence by the taxpayer because terrorists.