The Pebble and the Avalanche

Is Terrorism Effective?

This paper argues that "disaggregating the terrorist campaign by objective type" shows that terror campaigns against civilians are generally ineffective.

I actually don't agree with the author because he failed to disaggregation far enough. For example, the author accepts the English-language version of the stated goals of Islamist terror organizations, whereas these organizations often issue more radical versions of their objective in Arabic; it's necessary to separate and analyze these two different versions of objectives. And, of course, people who commit massive acts of murder in the hope of (eventual) favorable publicity are not necessarily forthcoming about their true objectives...

Topics:  · security

Link to this story · Leave comment or trackback

Ghost Mortgages: Was New Century Plagued by Fraud?

This is a tale of disaggregation, fraud, and meaningless numbers.

First, the disaggregation. New Century Financial Corporation, which is now struggling in its subprime mortgage market niche, specialized in the financial end of the mortgages and relied on hundreds of small brokerage firms to actually sell the mortgage. This is familiar business model — the disaggregation of sales, marketing, and manufacturing — and often a quite successful one.

But what happens if the mortgages are made to ghosts? According to the Wall Street Journal [the online version is subscription only, sorry!], a substantial fraction of the mortgages were made to people who never even made their first payments:

Borrowers failed to make even the first payment on 2.5% of New Century's loans.

Since most people who borrow in good faith will typically make at least a few payments before defaulting, the Journal raises the suspicion that New Century was careless in its selection of mortgage brokers and as a result suffered fraud.

I'm going to raise two different issues. First, disaggregation almost always requires some feedback, some way of tying the disaggregated parts together. If I decide to make bolts in one factory and nuts in another, I need to find a way to test to make certain the nuts and bolts fit together. Similarly, if New Century decides to allow outside brokers to sell New Century mortgages, then New Century must make certain that the mortgages these brokers generate meet New Century's standards.

Secondly, the number "2.5%" is utterly meaningless without any context. What is the first-payment default rate for "normal," non-sub-prime mortgages? What is the rate for other sub-prime mortgage lenders? Without any context, I don't know if this shocking number represents the worst in the entire sub-prime loan industry — or the very best. And given that New Century turned a profit until its recent problems, it may be that their business model allowed them to absorb the costs of a higher-than-usual rate in return for a higher number of profitable mortgages. That is, they knowingly accepted a higher rate because it permitted them to capture higher profits by reducing overall costs and increasing overall sales.

So, while the Journal article is filled with the usual pathos of senior citizens who can't afford their mortgage payments, one of the central indictments of the article — that New Century allowed itself to be defrauded, and that the fraud they permitted was bad for the company — remains unsupported to date.

Topics:  · finance · security

Link to this story · Leave comment or trackback

Comments: 1, Trackbacks: 0

Another Minute Passes

The mainstream press distinguishes itself from the blogosphere by touting its reliability; a news story read by a man in a high-priced suit on television, or by a trained speaker over the radio, is supposed to carry more weight than a story put out by some random individual typing away in his bedroom slippers late at night.

Except that I haven't seen any evidence for this when it comes to vetting the advertising I hear on the radio. Even Chicago's premier news stations have oddball advertising. I've heard advertising for homeopathic medications with outlandish claims, and get-rich-quick schemes that I'd toss aside in a moment if they'd arrived by email. Clearly, no one at the radio station spends any time thinking about the quality of advertising they accept. Advertisements that I'd reject as utterly bogus are played time and again.

The latest of these is a series of ads that touts another get-rich-quick scheme: buying and selling Internet domain names. My first reaction when I heard the ad was that the business of buying and selling Florida swamp land has been disaggregated from any real property and moved to the virtual reality of the Internet.

In my opinion, anyone who participates in such a scheme just proves that another minute has passed ("there's a sucker born every minute"); but what I fail to understand is why local radio stations play these ads. Are they oblivious, are they avaricious, or are they just sloppy? It's not just that I think the people who participate in this scheme will, for the most part, lose money; that's Darwin at work and I can even argue that it's a good thing to fleece fools of their money. But I suspect that the Internet will suffer collateral damage as dimwits join the current crop of — shall we say marginally honest? — individuals who use Internet names in a mostly vain attempt to make money fast.

Topics:  · security

Link to this story · Leave comment or trackback

Privacy in Philadelphia

A group of college students in Philadelphia have created a map of five hundred video cameras in the vicinity of their college.

Here in Chicago, Mayor Daley continues to work toward augmenting the present network of city owned cameras by linking to privately-owned cameras; this would give the police the ability to select cameras that focus on the hallways of apartment buildings.

Privacy — the distinction between your private acts and your public ones — may not be dead, but it's slipping away quickly.

Topics:  · privacy · security

Link to this story · Leave comment or trackback

Making Your Reputation on eBay

An excellent reputation on eBay adds significant profits to sellers, so it's not surprising the unscrupulous individuals will try to find a way to boost their reputation. Brown and Morgan of UC Berkeley published research that shows how a "market" for reputations sprang up on eBay. A series of transactions for just one cent generates positive feeback; that positive feedback enhances the reputation of each buyer and seller. I find it interesting that a cooperative market to artificially enhance reputations emerged from nowhere; who says thieves have no honor?

Brown and Morgan suggest that the problem of artificial reputations can be solved in part by assigning different contributions to a reputation based on the dollar value of the transaction. I'd like to go a step further and suggest disaggregating reputation scores based on the value of the transaction. Brown and Morgan cite the case of thelandseller, who applied a reputation gained in penny sales to real-estate transactions that cost over ten thousands dollars each. If a potential buyer knew, through a disaggregated reputation that showed reputations in each price range, that thelandseller's excellent initial reputation was based entirely on penny sales, perhaps buyers would exercise more diligence.

Topics:  · security

Link to this story · Leave comment or trackback

Hostile Takeover

Here's an article about a hostile takeover of some "hacker" web sites — actually, web sites used by criminals to trade stolen credit-card data — by another criminal who simply stole all the data. I can't really feel sorry for anyone except the victims of the credit card fraud.

This story struck home for two reasons. First, I had a bit of a scare over the weekend about an unexplained credit-card charge; given the compromise of the Investor's Business Daily subscription database, I worried that data had fallen into the wrong hands. In the end, I discovered that the charge was legitimate.

Second, the sheer audacity of thieves and spammers. A spam post to another blog — one I don't manage, but one to which I consult and contribute — advertised bogus credit-card numbers. I have to admit that it's beyond me why anyone would purchase fake credit-card numbers from a spammer, but I suppose there's one born every minute.

My thanks to Bruce Schneier for bringing this article to my attention.

Topics:  · security

Link to this story · Leave comment or trackback

Investor's Business Daily Newspaper Subscription List Stolen

Investor's Business Daily, the second-largest print and online newspaper devoted to financial news and information in the United States, has had at least a portion of its subscriber list stolen. As a result, subscribers receive unsolicited email marked "Finance.com" and "Quote.com" that offer tips about penny stocks; as you might imagine, I would rather heap my money up in a pile and set it on fire than purchase stocks based on these tips. These email messages have been arriving for about a week and show no sign of stopping anytime soon.

This email problem may also be related to phishing attacks against Investor's Business Daily customers, who receive email that purports to be from the newspaper but is actually sent by criminals. Investor's Business Daily placed a notice on their home page to warn their subscribers about the phishing attacks, but I see nothing on their web site about loss of subscriber information.

The evidence for the theft of Investor's Business Daily's email information is straightforward. As I've noted here and elsewhere, when a company asks me for an email address I create one for the exclusive use of that company. If the company misbehaves I can turn off that email address; and I can also determine how that email address is used. The recent spam messages touting penny stocks came from various fake addresses, but they were all addressed to an email address that was assigned for the exclusive use of Investor's Business Daily.

Security expert Bruce Schneier recently noted an important article about "targeted" viruses, i.e., a deliberate attempt by a virus writer to selectively attack a lucrative target, which yields important information but avoids the attention that accompanies a large-scale attack against the entire Internet. I certainly don't know how Investor's Business Daily lost control of their subscription list, but I do know that if I were investigating this problem, a targeted attack is the first thing I'd check.

Topics:  · security · web

Link to this story · Leave comment or trackback

Another Arrogant Attack by Microsoft

Before the invention of the videotape recorder, local broadcast stations controlled your TV. Sure, you paid for the television set; but what appeared on the set was under the control of the station owners. All that changed with the advent of videotape recorders; VCRs took schedule and content authority away from the station owners and gave it to the TV owners.

Now there's Microsoft, which views your computer as an appliance that you own but they control. The lastest manifestation of this is Microsoft's draconian "Windows Genuine Advantage" program, now renamed the "Windows Software Protection Platform."

This isn't a virus protection scheme for your benefit: it's a Microsoft protection scheme. If Microsoft's watchdog software — "spyware" is probably not too harsh a term — suspects your computer is running an unauthorized copy, "Windows Software Protection Platform" automatically disables your system and will even boot you off the computer without warning. And of course Microsoft never makes a mistake, right?

What's most distressing about the SPP [Windows Software Protection Platform] announcement is Microsoft's continued insistence that its anti-piracy tools are nearly perfect and that innocent victims never suffer from errors in their code.

I can just see this happening to me on a business trip to Europe or Asia; wouldn't it be fun to scramble and try to fix this problem? Do I get to bill Microsoft for my time as I work to clean up their mess?

Windows Software Protection Platform is another attempt by Microsoft to run the wheels backwards — to reverse the benefits of disaggregation and assert total control over how you use your computer. I stand by my chapter title: "Marx, Lenin, and Gates: Failed Counterrevolutions."

Topics:  · computing · microsoft · security

Link to this story · Leave comment or trackback

Another Mortgage Scam

During a lecture I gave earlier this year, I was asked about the effects of disaggregation on the finance industry, and I answered by pointing to the increasing specialization in the industry.

As might be expected, criminals have found gaps in the system. An article in the Wall Street Journal and elsewhere details an alleged mortgage scam in Virginia. After you disaggregate, you must take care that your interfaces remain intact:

Fraud has proliferated as lenders increasingly deal with borrowers through brokers and other intermediaries rather than having face-to-face relationships. "Lending is becoming more anonymous," says Rachel M. Dollar, a Santa Rosa, Calif., attorney... A lawsuit filed in December 2004 in federal court in New York by South Brooklyn Legal Services, a nonprofit law clinic, alleged that Argent Mortgage made a $425,000 loan arranged by participants in a foreclosure fraud scheme even though the application was incomplete and a title-insurance company warned the lender something was amiss with the deal... "The red flags were as strong as you can get," says Jessica Attie, a staff attorney with the clinic's Foreclosure Prevention Project. In court papers, Argent denied it was at fault in the case, which it settled in April.

The problem goes beyond brokers and the lack of face-to-face meetings. Banks now have dozens of branches, and the days of just a handful of bankers in any given town — a small group who could sense when something was wrong — are long gone. In today's market, companies originate mortgages, others purchase them from the originators, still others package them and even sell the principle and the interest separately. Title companies, home inspectors, credit bureaus, and others all play a part. Leaving aside the issues of moral culpability or legal culpability of the mortgage originators, the losses they will take in this case argue that it's time to look to how they manage the disaggregated pieces of their businesses.

Topics:  · finance · security

Link to this story · Leave comment or trackback

Police and the Mentally Ill

The Wall Street Journal discusses new police tactics to deal with the mentally ill, who compromise a good percentage of the total prison population. The standard police routine of extreme rudeness ("shock and awe") works poorly with the mentally ill. By varying their approach based on their assessment of whom they are dealing with, the police hope to reduce the number of mentally ill individuals who are injured or killed by the police.

Topics:  · government · security

Link to this story · Leave comment or trackback