Periodically I get emails from readers looking for reliable statistics about cybercrime. Because my own searches have always raised more questions than answers, I just respond: If you find some let me know. Now the investigative reporters at Pro Publica \u2013 which you really owe it to yourself to read and support \u2013 have yet more proof that these numbers are utter bovine feces.\n\tLike me, they wondered about claims made by NSA boss Keith Alexander earlier this month that cybercrime costs the world $1 trillion. Putting a lot of faith in that number, Gen. Alexander said, "In my opinion, it's the greatest transfer of wealth in history."\n\tAs reporters\u00a0Peter Maass\u00a0and\u00a0Megha Rajagopalan point out:\n\t\n\t\t"He [Alexander] cited statistics from, among other sources, Symantec Corp. and McAfee Inc., which both sell software to protect computers from hackers. Crediting Symantec, he said the theft of intellectual property costs American companies $250 billion a year. He also mentioned a McAfee estimate that the global cost of cybercrime is $1 trillion. 'That\u2019s our future disappearing in front of us,' he said, urging Congress to enact legislation to improve America\u2019s cyberdefenses."\n\n\tThat $1 trillion figure has been cited by a lot of people in government in claiming we need to spend more money on our cyber-bureaucracy.\n\tBack in May, I pointed out the nonsense that lies behind these cybercrime claims. They are nonsense because they are usually based on numbers basically pulled out of someone\u2019s random number generator. (I was going to use a single word in place of that last phrase. I\u2019ll let you guess what it was.)\n\tAs researchers\u00a0Dinei Florencio and Cormac Herley discovered, "It turns out, however, that such widely circulated cybercrime estimates are generated using absurdly bad statistical methods, making them wholly unreliable."\n\tWhile Florencio and Herley trashed most cybercrime stats en masse, the Pro Publica crew got specific and tried to find out where two of the most used numbers -- $250 billion in annual losses from IP theft and the $1 trillion \u2013 came from in the first place. Turns out not even the researchers whose work was cited as the basis for them know.\n\tAbout the $250B:\n\t\n\t\t"Although Symantec mentioned the $250 billion estimate in a 2011 report, "Behavioral Risk Indicators of IP Theft," the estimate is not Symantec's. The report mentions the figure in passing, sourcing it in a footnote to a legal paper, where, as it turns out, the $250 billion number is not mentioned at all. Eric Shaw, one of two forensic psychologists Symantec retained to research the "Behavioral Risk" report, told ProPublica the footnote was a mistake. Instead, it should have referred to\u00a0a different paper\u00a0that points to\u00a0a 2003 speech by FBI Director Robert S. Mueller. The figure is also cited in old FBI news releases available via the\u00a0Internet Archive. An agency spokeswoman said that although she believed FBI officials used a reliable source for the number, the FBI had neither developed the number nor claimed to have done so."\n\n\tOuch.\n\tNow for that $1 trillion figure:\n\t\n\t\t"McAfee\u2019s trillion-dollar estimate is questioned even by the three independent researchers from Purdue University which McAfee credits with analyzing the raw data from which the estimate was derived. "I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large," said Eugene Spafford, a computer science professor at Purdue."\n\n\tRoss Anderson, another of the researchers, said:\n\t\n\t\t"He did not know about the $1 trillion estimate before it was announced. "I would have objected at the time had I known about it," he said. "The intellectual quality of this ($1 trillion number) is below abysmal."\n\n\tBut wait \u2026 it gets dumber.\n\tSal Viveros, a McAfee public relations official who oversaw the 2009 report, said McAfee was never told by Purdue that the number could not be supported by the survey data. The company moved ahead with the news release and, Viveros noted, the trillion-dollar estimate "got a life of its own."\n\tIt was just one of those things. Could happen to anyone.\n\tAnother great, damning quote:\n\t\n\t\t"A StrategyOne spokesman, asked if the Symantec estimates could be called scientific, responded, 'Yes, as much as any survey or poll that relies on consumers to estimate their losses based on recall.'"\n\n\tAnd by yes, he means no.\n\tTo be clear: No one is saying that cybercrime isn't a big problem, just that these figures are pure marketing crap.\n\tCrime statistics \u2013 whether physical or cyber \u2013 are always problematic. At their best they only measure reported crimes. In the physical world we know crimes are under-reported because victims often don't report them to the authorities. The victims don't think it will do any good or, in crimes like rape, they think reporting them may be too traumatic.\n\tCybercrime statistics are even worse because frequently the victims (people or companies) don't even know they've been hacked and even when they do they don\u2019t want anyone to know because of the possible impact on the bottom line.\n\tEven if they were legit to begin with, no one ANYWHERE has come up with a way to calculate how much they cost companies. Want an accurate count? Go ask a unicorn.