When a 0% Success Rate is Worthwhile
There’s an article in Zaman.com, about “Turkish Hacker Depletes 10,000 Bank Accounts ” [link to http://www.zaman.com/?bl=national&alt=&trh=20061220&hn=39364 no longer works]
A criminal enterprise comprised of 10 individuals who drained the accounts of 10,580 customers by sending virus-infected e-mails was busted in Istanbul.
…
The suspects reportedly sent virus-infected emails to 3,450,000 addresses, and subsequently drained 10,850 bank accounts.
That’s a hit rate of 0.314%. Which I’m not going to analyze today.
Additional resources, all in Turkish: “İnternet dolandırıcıları yakalandı,” [link to http://www.ntv.com.tr/news/394609.asp no longer works] “İnteraktif banka dolandırıcılığı” [link to http://www.cnnturk.com/HABER/haber_detay.asp?PID=318&HID=1&haberID=275357 no longer works] both seem to be “TSI” agency stories, and “10 bin müşteri hesabını boşalttılar” [link to http://mali.iem.gov.tr/basinda/detay.asp?id=218 no longer works] seems to be a gov.tr site with additional details. Do any readers speak Turkish?
A prevalent theory of terrorist organizations operates under similar expected success metrics…
Similar attack on a Swedish bank: http://news.zdnet.co.uk/security/0,1000000189,39285547,00.htm