Cracking open the cybercrime economy

Hacking for fun has evolved into hacking for profit, and created a business model that is nearly as sophisticated as that of legal software

"Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don't think we are really winning this war."

As director of antivirus research for F-Secure, you might expect Mikko Hypponen to overplay the seriousness of the situation. But according to the Finnish company, during 2007 the number of samples of malicious code on its database doubled, having taken 20 years to reach the size it was at the beginning of this year.

There seems to be some serious evidence then for the idea of an evolution from hacking and virus writing for fun to creating malicious code for profit. Security experts are increasingly pointing to the existence of a "black" or "shadow" cyber-economy, where malware services are sold online using the same kinds of development methods and guarantees given by legitimate software vendors.

It is difficult to establish exactly how organised this malware economy is but, according to David Marcus, security research manager, McAfee Avert Labs, it's relatively straightforward to buy not only the modules to build malware, but also the support services that go with it.

"From Trojan creation sites out of Germany and the Eastern bloc, you can purchase kits and support for malware in yearly contracts," says Marcus. "They present themselves as a cottage industry which sells tools or creation kits. It's hard to tell if it's a conspiracy or a bunch of autonomous individuals who are good at covering their tracks."

As well as kits and support, legions of compromised computers, or botnets, can be hired for nefarious purposes — usually for spam runs, or to perpetrate denial of service attacks. One of the most successful botnets of 2007 has been "Storm", so-called due to the hook-line used to trick victims into opening emails containing the Trojan. In January this year, the first malware was sent out with the tagline "230 dead as storm batters Europe".

The Storm botnet, estimated now to contain millions of compromised computers, has advanced defences. The servers that control the botnet use so-called fast-flux Domain Name System (DNS) techniques to constantly change their location and names, making them difficult to locate and shut down. And security researchers who have attempted to find the command and control servers have suffered denial of service attacks launched by the controllers of the botnet.

"Storm has been exceptionally successful," says McAfee's Marcus. "It's used for spam runs, and researchers attempting to locate Storm command and control servers have come under attack. The hardest part is finding the key to those channels. They're not always easy to detect and find. Some of the communications are encrypted, while some are difficult to detect from a network point of view. I hate to use the word evolution, but they're certainly learning from their successes and failures. If it weren't for Storm, bots would be in significant recession. Some days we're seeing 1,000 different variants a day."

Weathering the Storm
Joe Telafici, director of operations at McAfee's Avert labs, says Storm is continuing to evolve. "We've seen periodic activity from Storm indicating that it is still actively being maintained. They have actually ripped out core pieces of functionality to modify the obfuscation mechanisms that weren't working any more. Most people keep changing the wrapper until it gets by [security software] — these guys changed the functionality."

In the past year, the development of illegal malware has reached the point where it is almost as sophisitcated as the traditional software-development and sales channel, according to Telafici.

"We've seen platform development, middleware, solutions sellers and hosting — all types of software and companies, with the same level of breakdown," says Telafici.

One indication of the maturity of the black economy, according to Telafici, was the recent case of a hacker who wrote a packer [software used to bypass antivirus protection], "threw in the towel recently as it wasn't profitable enough — there's too much competition. They opened the source code and walked away."

Security vendors seem to be powerless to take any action against the groups in control of botnet networks, especially those who use fast-flux techniques to move the location of command and control servers.

"With botnets, we are unlikely to make a dent unless we find the guy who controls the command and control server," says Telafici.

While law-enforcement agencies have a headstart in tracking cybercriminals, due to their experience of dealing with economic crimes such as fraud, many of the crimes are seemingly small, not warranting police attention.

"The majority of cybercriminals are small players for small dollars and short bursts of traffic," says Telafici. "On the flip side you see the amount of effort and money spent protecting spam relays [as in Storm]. If [security researchers] aren't careful they get Ddossed [distributed denial of service attack] by a chunk of the spam network. That the guys are protecting their turf indicates that in aggregate the amount of money that is changing hands is significant."

Game theory, a branch of applied mathematics that models how adversaries maximise their gains through adapting to each other's strategies, features heavily in security assessments of the black economy. As one player becomes stronger, the other increases its efforts to gain the upper hand.

"I view it as we're locked in a Darwinian power struggle," says Telafici. "As we up the ante, the black economy adjusts to that, and it in turn ups the ante."

Anatomy of the 2007 black economy
Peter Gutmann, a security researcher at the University of Auckland, says that malware via the affiliate model — where you pay others to infect users with spyware and Trojans — has become more prevalent in 2007.

The affiliate model was pioneered by the iframedollars.biz site in 2005, which paid webmasters six cents per infected site. Since then this has been extended to a "vast number of adware affiliates", says Gutmann. For example, one adware supplier pays 30 cents for each install in the US, 20 cents in Canada, 10 cents in the UK, and one or two cents elsewhere.

Hackers also piggyback malware on legitimate software. According to the researcher, versions of coolwebsearch co-install a mail zombie and a keystroke logger, while some peer-to-peer and file-sharing applications come with bundled adware and spyware.

While standard commercial software vendors sell software as a service, malware vendors sell malware as a service, which is advertised and distributed like standard software. Communicating via internet relay chat (IRC) and forums, hackers advertise Iframe exploits, pop-unders, click fraud, posting and spam. "If you don't have it, you can rent it here," boasts one post, which also offers online video tutorials. Prices for services vary by as much as 100-200 percent across sites, while prices for non-Russian sites are often higher: "If you want the discount rate, buy via Russian sites," says Gutmann.

In March the price quoted on malware sites for the Gozi Trojan, which steals data and sends it to hackers in an encrypted form, was between $1,000 (?500) and $2,000 for the basic version. Buyers could purchase add-on services at varying prices starting at $20.

In the 2007 black economy, everything can be outsourced, according to Gutmann. A scammer can buy hosts for a phishing site, buy spam services to lure victims, buy drops to send the money to, and pay a cashier to cash out the accounts. "You wonder why anyone still bothers burgling houses when this is so much easier," says Gutmann.

Anti-detection vendors sell services to malware and botnet vendors, who sell stolen credit-card data to middlemen. Those middlemen then sell that information to fraudsters who deal in stolen credit-card data and pay a premium for verifiably active accounts. "The money seems to be in the middlemen," says Gutmann.

One example of this is the Gozi Trojan. According to reports, the malware was available this summer as a service from iFrameBiz and stat482.com, who bought the Trojan from the HangUp team, a group of Russian hackers. The Trojan server was managed by 76service.com, and hosted by the Russian Business Network, which security vendors allege offered "bullet-proof" hosting for phishing sites and other illicit operations.

According to the University of Auckland, there are many independent malware developers selling their wares online. Private releases can be tailored to individual clients, while vendors offer support services, often bundling anti-detection. For example, the private edition of Hav-rat version 1.2, a Trojan written by hacker Havalito, is advertised as being completely undetectable by antivirus companies. If it does get detected then it will be replaced with a new copy that again is supposedly undetectable.

Hackers can buy denial of service attacks for $100 (?50) per day, while spammers can buy CDs with harvested email addresses. Spammers can also send mail via spam brokers, handled via online forums such as specialham.com and spamforum.biz. One dollar buys 1,000 to 5,000 credits, while $1,000 (?500) buys 10,000 compromised PCs. Credit is deducted when the spam is accepted by the target mailserver. The brokers handle spam distribution via open proxies, relays and compromised PCs, while the sending is usually done from the client's PC using broker provided software and control information.

"This is a completely standard commercial business," says Gutmann. "The spammers even have their own trade associations."

Ready-made tools for creating phishing emails, such as fake requests for bank details, are fairly easy to buy, with many independent vendors selling them. Bulletproof hosting is also easily available, while phishers engage spam services to lure users to their sites.

Carders, who mainly deal in stolen credit-card details, openly publish prices, or engage in private negotiations to decide the price, with some sources giving bulk discounts for larger purchases. The rate for credit-card details is approximately $1 for all the details down to the Card Verification Value (CVV); $10 for details with CVV linked to a social security number; and $50 for a full bank account.

How is the money laundered?
Scammers use a variety of ways to launder cash. Compromised bank accounts can be used to launder funds, or struggling companies can be bribed to turn the money into ready cash. Scammers can find businesses with a debt of $10,000 (?5,000), and agree to pay them $20,000 (?10,000) if they agree to cash out 50 percent of the funds. Dedicated cashiers, also known as "money mules", can also take up to 50 percent of the funds to move the money via transfer services.

Money can also be laundered by buying and selling merchandise on the wider black market. Shipper rings can ship PCs to scammers via intermediaries, which can then be resold.

What is the cost to legitimate business?
As the malware economy grows in sophistication, so do the losses sustained by legitimate businesses. According to the 2007 Computer Security Institute computer crime and security survey, these losses have seen a sharp increase this year.

Robert Richardson, director of the CSI, says the average annual loss among US businesses due to cybercrime has shot up to $350,424, from $168,000 in 2006. "Not since the 2004 report have average losses been this high," says Richardson.

This year's survey results are based on the responses of 494 computer security practitioners in US corporations, government agencies, financial institutions, medical institutions and universities.

Almost one-fifth (18 percent) of those respondents who suffered one or more kinds of security incident said they had suffered a targeted attack aimed exclusively at their organisation, or organisations within a small subset. Khalid Kark, a principal security analyst at Forrester, says targeted attacks against companies and institutions are becoming more common.

"As banks and companies have increased security levels, the hacker community is casting a much wider net," says Khalid. "Instead of hacking into something right away, now it's low and slow. They're determining attack avenues, taking their sweet time to find holes, and then using stealth [to steal data]."

Financial services companies are being attacked more and more, says the analyst, while the attacks are increasing in number and complexity.

But while the black cyber-economy is maturing, at the moment its main practitioners seem to be individuals or small groups acting within a loose web of affiliations that can be quickly established and broken to evade detection.

F-Secure's Hypponen blames a lack of international co-operation and political and social problems for the current situation. "In many cases these are people with skills but without opportunities," says Hypponen. "What if you are born with IT skills in rural China, or in the middle of Siberia? There is no legal way of making use of the skills they have."

While law-enforcement co-operation with government and the IT community is paramount in addressing the problem in the short term, longer-term solutions must be found. One way to address the issue of the growth of the "black cyber-economy" in the long term is to harness the IT talent in developing countries that otherwise might be co-opted into illegal activity.

"We have to make it more attractive to be in the white economy than in the black — when that happens we will turn a corner. We're starting to see that happen as companies look to less expensive economies as places to put people. In Eastern Europe and Asia there are highly skilled people where there are less opportunities — this is where the black economy is fuelled now," says McAfee's Telafici.

Story URL: http://resources.zdnet.co.uk/articles/features/0,1000002000,39291463,00.htm

Copyright © 1995-2008 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.

Accenture's king of blue-sky thinking

Some companies profess to put out-of-the-box thinking at the heart of their operations. Apple and Google, for example, claim to thrive on leaving no stone unturned when it comes to innovation. For instance, the search giant tries to ensure its developers have 20 percent of their time available for pursuing personal projects, even though they might not come to anything.

But being disruptive and innovative is easier in some industries than others. Financial services is one place where innovation equals risk, which is usually best avoided. However, even those companies in that sector which have embraced a so-called "culture of innovation" still face the dilemma of choosing which areas of technology to focus research efforts and resources on.

While Accenture is best known for its IT consultancy work, the firm also invests in research and development. Martin Illsley, director of research at Accenture Technology Labs, based in Sophia Antipolis, France, spoke to ZDNet.co.uk about innovation and some of the big developments in technology that should be on every business's radar.

Q: What are the main challenges facing businesses at the moment in terms of practical application of technology?
A: There are choices dragging people apart about how to balance the physical and the virtual. Bank branches are back but, on the other hand, the virtual is going to the extreme — look at Second Life. Assuming you can do everything virtually, what do you choose to do virtually and what do you choose to do physically? With technology, we have the choice to be antonymous. With inventories, you could put an RFID tag on every chair in the building and, at the press of a button, you could do the inventory. You can drive a car which has a bleeper on the front that lets you go through toll gates at the moment on the continent. On the other end of the scale, mass people participation is important — wikis and blogs, for example. You can have everyone involved, from the policies you put out, to product design, customer feedback and service.

Could you expand on that?
Amara's Law, which also goes by other names, is that people overestimate the short-term effects of an action or technology, while underestimating the long-term effects. Evel Knievel is a case in point of overestimating the short term: he thought he could jump 27 buses and couldn't. We do the same with respect to new technologies; we think we've done it all and that it's going to happen tomorrow. We also underestimate the long term, like Evel Knievel. I'll bet he'd never have guessed that by now he would have given up riding motorcycles and become very religious. He's now riding pillion with God.

It's the same with technology; we underestimate the long-term effects. Take the iPod, for example. We still haven't fully understood its effect on the production of music — it has huge longer-term implications. RFID is not just about tags; it has huge implications for how businesses operate, and how society accepts the potential of being tracked. It's the same with the iPhone. Sure, at the moment, it's being hyped up to fever pitch about what it can do, but the longer-term impact will probably be quite profound. Whether it will lead to a completely convergent device — who knows? It may have an impact on whether people want specialist devices like cameras.

What do you think are going to be the main trends when it comes to development of technology over the next five years?
Firstly, we predict more use of virtualised infrastructures. If you have infrastructures like data centres, you have a choice. You can go to companies like Google and Amazon and buy the capabilities — buy the data centre by how much you use. It's the same with web capabilities. With hosting organisations like 1&1, you get part of a machine somewhere, and they host on a scale that's very economical. Organisations have to think: do we do it ourselves, or buy it? Google is doing virtualised infrastructure on an unprecedented scale, with a proprietary approach that spreads the load over thousands of machines. Many organisations won't have the scale to support it, and virtualised infrastructure will move up the value chain. Infrastructure is moving from cables to machines, systems and applications; organisations can add more on top.

What is your view on the current trend of governments and businesses demanding more from software vendors around interoperability?
We predict seamless interoperability and process-centric IT. The Business Process Execution Language [BPEL] formally specifies what processes are. A flow of processes translates into service-oriented architecture functions. The effect is that we will start to compare, contrast, and manage at process level, like a time and motion study. We will manage at this level, rather than manage at the IT-function level.

We also predict closed loop analytics. Where we're at today, we can do predictive analytics. We can predict what will happen with equipment. However, the key aspect is integration. It's no use knowing if a machine is going to break down in three days' time if you haven't organised getting parts or a maintenance crew. More subtly, if you have limited resources, what is the best course of action to take if you have a situation where this machine will break down in two days, this in one, this in five? It's like when aircraft break down: do you put the passengers in a hotel; do you try to repair the aircraft; what are the consequences of each course? It can get very complicated.

One of Accenture's areas of research is communications. What are your thoughts on convergence?
We predict fluid collaboration platforms. In some organisations you have videoconferencing rooms that lie empty, then some conference calls with 20 or 30 people, and nothing gets done. There's nothing wrong with the tools, there's just no formalisation of the process of inviting the right people integrated into systems. If the object of a meeting is to make certain decisions, tools should make sure the right people are there.

Mobility for enterprise applications will also become important. There's a trend for consumer usage, but there's a lot more that can be done on the enterprise side. As we get 3G video capabilities, there are large implications for business — a field force could send pictures and videos to each other. But people haven't thought through the implications of how to deal with video in a call-centre way.

What can businesses gain from Web 2.0? Should businesses be concerned about the proliferation of new applications that have to be assimilated into their systems?
Web 2.0 has two parts. With end-user computing, it's scary how many mashups are appearing — it reminds me of PowerBuilder, which allowed business users to write and build reports. The IT department had to manage these applications, and maybe didn't know where or what they were. If business users are now creating non-standard applications, the poor old IT department has to manage this. Mashups are a powerful capability, but businesses have to be careful. It's the same with socialising.

What are your views on customer discussion in online forums?
There are lots of benefits of having online forums where customers can hammer out solutions to issues, but this can have a negative side. If there is an issue, it becomes an open, visible thing. If it's not true, it's even worse. It's a matter of getting the balance right.

User content can be used — YouTube and Flickr get tons of content from people. If you're a utility company, you could set up a mass-participation site where people send in pics of damage to infrastructure, cutting down on inspection costs. Okay, 70 percent of the pictures may be rubbish, but 30 percent will be useful. It can be a powerful tool with useful cost benefits. However, it's also publicising the damage.

Organisations need to classify content. They tend to be conservative; they don't go through their data to tag corporate information. They need to define which information can be talked about with which groups. They have to do that before they are too abundant with throwing out information.

Are there other Web 2.0 technologies that could be disruptive?
We predict a greater use of widgets — internet applications with a simple interface that are not part of the browser. We've invented a widget that can be back-ended to an enterprise resource planning system, [and] that can then drag out information and push it onto a mobile device. There's a lot of scope in that — giving access to business systems through this type of technology. As the mobile widgets are sandboxed on the platform, security is not an issue.

What other blue-sky areas of research is Accenture involved in?
The industrialisation of software development. We're interested in code that, with a slight modification, can change itself. At the moment we write code and have to throw it away and build from the ground up to put in another bit. Ultimately we'd like to have code development done only once, then it will handle any changes that need to be made itself. When you build a house, you don't want to knock it down and start again every time you want to make a change, and it should be the same with code development.

So you're talking about code with artificial intelligence capabilities?
Not exactly, but code could track whether it is used or not and, if it wasn't used over time, it would self delete, using an intelligent approach to self correct. This would require a more formal description of what software is supposed to do. You could also monitor services — which are being used and which aren't.

Copyright © 1995-2008 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.

Загубените свободи

Бел. ред. — отдавна чаках отново този Карбовски, който с хъс да откъсне парче от изгнилото месо на ежедневието и да ги подложи на дисекция. И той се върна с тази статия. Никога страданието не е било толкова сладко.

Мартин Карбовски

С отдалечаването на 1989 г. все повече набъбва списъкът на малките граждански свободи, които загубихме. Засега те са около две дузини. Какво пропиляхме дотук за годините на демокрация?

1. Свободата на трафика - да можеш да тръгнеш от точка А до точка Б и да не се задръстиш. Тази точка има важна подточка - загубихме завинаги един човек, който имаше власт на пътя и беше адски полезен. Това е регулировчикът или поне работещият катаджия. За сметка на това имаме днес свободата да караме като идиоти и да минаваме на червено, както и да натискаме и изблъскваме по-малките коли от пътя.

2. Свободата на чистия, равен тротоар. Епохата спокойно може да бъде наречена "епоха на изгубените тротоари". Всичко е разбито, а там, където е разбито, отгоре са паркирали автомобили.

3. Свободата на гледката. Колкото повече строим, толкова повече няма гледка. Морето не се вижда. И в големите, и в малките градове хората си гледат в супниците и дишат миризмата на отворения прозорец отсреща. Ако пък има пространство пред прозореца ти, гледката ти е такава, че можеш да се обесиш заради нея, нежели да се хвалиш с нея. Това и синдромът на копърката в кутия

- богати сме на жилищна площ, но ни е тясно и неуютно.

4. Свободата на градинката. Общото пространство е на път да изтрие от пейзажа си малките градски полянки с пет дървета на тях. Примерно минете през Студентския град и ще видите как едни нови сгради, тяхната кал и мръсотия и боклуци постепенно изяждат борчета на по 50 години. А имаше времена, когато в центъра на София имаше цветни алеи, като до тях винаги висеше милиционер, който те глобяваше, ако откъснеш цвете. Това е загуба наистина - не тъгуваме по милиционера, но алеите бяха хубави.

5. Свободата на асфалта. Вече никъде няма истински асфалт, който започва от единия край на улицата и свършва непокътнат до другия й край. Не говорим за дупките. Асфалтът е рязан през двадесет метра заради новото строителство. После кръпката е хлътнала. После става на нива. После нищо.

6. Загубихме свободата да не умрем, ако те ухапе куче. Съвсем логично жертва на тази загуба у нас се оказа една англичанка, която няма рефлекс да се пази от помиярите. Глутниците са вече тълпи от кучета и тази загуба е най-вече за децата, майките и старите хора. Те мислят за кучетата не просто като част от грозната наша среда за живеене, а като за конкуренция при оцеляването, когато излезем навън.

7. Изчезна превеликата свобода, която само едно дете би могло да оцени. Примерно - преди време имаше градинки с люлки, където имаше по стотина деца. Сега не ми казвайте, че е същото в моловете. Децата няма къде да отидат и няма какво да правят извън училището и семейството. Те са най-отхвърлените от промяната на средата. А това често ги прави идиоти.

8. Загубихме нещо страшно важно - да го наречем хубавата жена. Последните 15 години се наложи една естетика, която спокойно можем да оприличим на филма "Видове". Жената вече не е грозна или хубава - тя е една и съща. Облечена като проститутка, има изкуствени гърди, кичи се с невъзможно много дрънкулки и кара на всяка цена кола, която най-често не може да кара. Жените на прехода са крещящи, без да издават звуци и без в крясъците да има кодиран смисъл. За тази загуба, разбира се, са виновни мъжете - те превърнаха нормалните момичета в лошо гримирани СПА идиотки които искат да пеят източна музика.

9. Загубихме рокендрола. У нас така и не можа да пробие ушите ни нормалната музика, която вееше от Запад по времето на социализма и която изигра особена важна роля в промяната на съзнанието. Думата рокендрол е вече доста глупава, което е част от загубата. Но истината е, че ние нямаме хубава българска музика, така както можеше да се каже това с половин уста преди 20 г. Ако някой спори по този въпрос, да види колко публикации имат румънците в МТВ.

10. Загубихме свободата на клиента. Въпреки огромното потребление, непознато в нито една българска епоха досега, свободата на клиента е мъртва. Убиха я всички, които така и не разбраха, че "клиентът винаги има право". Ядем боклуци и отрови, стига да са добре рекламирани и пакетирани. Глезените търговци се получават от тъпи и плахи клиенти - каквито българите винаги са били. Подточка А - въпреки че нещата като потребление се промениха, вездесъщият "баш майстор" не беше умъртвен от прехода. А толкова се надявахме.

11. Загубихме свободата да се гордееш с нещо, което не е материално. Примерно имаме дете аутист - математик, направо гений. След като го покажем по телевизията, ние просто не знаем какво да правим с него. А самото то и семейството му се чувстват изроди в свят, където голямата кола е по-важна от голямата пишка.

12. Загубихме огромна част от свободата на словото. Появата на вестник, който може да напише за певицата Иванова, че си е сложила обица на пениса, е стъпка назад в така трудно извоюваната словесна свобода. Загубата се изразява съвсем материално в това, че дори Слави Трифонов не можа да осъди жълтите вестници. Те ликуват, ние загубихме истината, докато се храним с кожичките на уж обрязаните известни българи.

13. Загубихме двама много важни хора от миналото - това са милиционерът и съдията. Жал ми е за това, че днес полицията бива нападана и не смее да стреля дори със стоппатрон, за да не й кажат нещо лошо правозащитниците. Загубихме правосъдието като държавен символ. Истината е, че спечелихме правото да се разправяме сами - с кирки в колата, с павета по витрините, с юмруци по главите, - което не е толкова лошо, като се има предвид че всяка еволюция си има начало. Но в този първичен бульон на самоуправството децата ни започнаха да се млатят сериозно и да умират от бой в училище.

14. Загубихме свинското. Въпреки че не смятаме свинята на двора за гражданска свобода, трябва да признаем, че загубихме една селска свобода - да имаш прасе и селото ти да е чистичко, спретнато и да няма много цигани в него. Заедно със свинското загубихме компота и домашните суджуци. Пак повтарям - това са селски свободи, но пак ги изгубихме.

15. Загубихме доверие на циганите. Българите винаги са имали едно наум, когато си имат работа с циганин. Сега тази загуба на доверие прераства в страх. А самите цигани не се стараят много да правят нещо, за да си върнат изгубеното доверие. Те дори леко се гордеят, че българите се страхуват от тях.

16. Загубихме радиатора. По един или друг начин парното си отива от бита. На същия принцип ще загубим трамваите, озеленяването, домоуправителя, чистачката на входа. На този принцип всяка нова лъскава кооперацийка за три години се превръща в олющена сграда, софийски тип.

17. Загубихме старата соцархитектура, а нова не се появи. Можем да го дефинираме като "пълна загуба на фасадата".

18. Загубихме идеята за монархия. Беше интересно да си мислим, че е възможна. Не знам кой загуби от тази загуба - ние или самият монарх.

19. Загубихме правото да живеем както трябва, за да спечелим правото да живеем където си искаме. Всеки може да дойде и да си опъне шатъра на полянката пред блока. В резултат - не живеем както трябва, но можем да си го позволим навсякъде.

20. Загубихме много кръв и сперма. Докато се избивахме по пътищата или остарявахме като нация, престанахме да правим деца наоколо. Дори не споменавам прекрасните емигранти, които няма да се върнат. Ние тях не можем да загубим, но загубихме децата им, които никога няма да говорят добре български.

21. Загубихме доверие. Ако ще Господ да слезе от небето на земята, няма да спрем да не вярваме. Защо така стана - не знам.

22. Загубихме 18 години, за да разберем, че животът ни ще мине в ремонт.

Ремонт на държавата, на системата, на пътищата, на политиката, ремонт на проверките как е минал ремонтът и защо някой не е ремонтирал добре. Може би такъв е животът навсякъде. Но у нас ремонтът продължи толкова дълго, че сме на път да изгубим самия ремонт. Вече смятаме, че да живеем на строителна площадка, на която някой краде, а друг (може би същият човек) прави проверки на откраднатото, е като да си живеем вкъщи. А това е голяма загуба наистина. Превелика такава.