Page 310 - Introduction to Electronic Commerce and Social Commerce
P. 310

10.1  The Information Security Problem                                                          297

             Attacking Information Systems                    major physical damage to the nuclear program, delaying it
                                                              by months or possibly even years. The attack was perpe-
           The GhostNet attack was not an isolated case of cross-border  trated using a sophisticated computer worm named Stuxnet.
           cyberattacks. The U.S. Congress is working on legislation to  This is an example of a weapon created by a country to
           protect the country from what some call the “Cyber Pearl  achieve a goal that otherwise may have been achieved only
           Harbor” attack or a digital 9/11. In May 2014, the U.S. gov-  by physical weapons. In apparent retaliation, Iranians and
           ernment named five military people in China as responsible  pro-Palestinian hackers attacked El-Al (Israel’s national air-
           for stealing data and spying on several thousand companies  line) and the country’s stock exchange. Iran is believed to
           in the United States stealing trade secrets (Kravets 2014).  have been behind a November 2012 attack on U.S. banks.

             Types of Attacks                                 Example 2
                                                              A suspected cyberespionage  network known as GhostNet
           Cyberattacks can be classified into two major interrelated  compromised computer systems in 103 countries, including
           categories:                                        computer systems belonging to the Dalai Lama’s exile net-
                                                              work, embassies, and foreign ministries. The attacks alleg-
             1.  Corporate espionage. Many attacks target energy- related  edly came from China. For more, see Wagstaff (2014).
              companies because their inside information is valuable.
              Almost half of all power plants and other infrastructures  Example 3
              surveyed have been infiltrated by “sophisticated adversar-  One of the most complex cyberespionage incidents that has
              ies,”  with  extortion being a  common motive. Foreign  ever occurred (2014) is the suspected Russian spyware Turla,
              hackers targeted a water plant control system in Illinois,  which was used to attack hundreds of government computers
              causing the pump to fail. The attackers also gained unau-  in the United States and  Western Europe (see  Apps and
              thorized access to the system database.  The attackers’  Finkle 2014).
              Internet address used was tracked back to Russia.   The above incidents illustrate the ineffectiveness of some
              According to the Wall Street Journal of April 23, 2012,  information security systems. For an overview of how cyber-
              there were suspected cyberattacks against Iranian oil pro-  warfare works, see forbes.com/sites/quora/2013/07/18/how-
              duction and refineries. Cyberattackers hacked into 30,000  does-cyber-warfare-work.
              of Saudi Aramco’s computers in 2012, and crippled the
              national oil company’s networks, but failed to disrupt gas
              or oil output.                                    The Drivers of EC Security Problems
                In 2011, cyber thieves (known as the “Rove group”)
              based in Eastern Europe hijacked at least four million  There are many drivers (and inhibitors) that can cause secu-
              computers in more than 100 countries before they were  rity problems to EC. Here, we describe several major ones:
              caught. The attackers used malware and rerouted Internet  the Internet’s vulnerable design, the shift to profit-induced
              traffic illegally. The cyber thieves stole $14 million before  crimes, the  wireless revolution, the  Internet underground
              they were captured. The hackers also attacked U.S. gov-  economy, the dynamic nature of EC systems, and the role of
              ernment agencies and large corporations.        insiders, and the sophistication of the attacks.
                In 2013, Chinese hackers allegedly attacked the New
              York Times’ computers to intimidate the American news   The Internet’s Vulnerable Design
              media into not reporting on China’s negative image and
              the journalists’ sources of this information.   The Internet and its network protocols were never intended
             2.  Political espionage and warfare. Political espionage  to protect against cybercriminals.  They were designed to
              and cyberwars are increasing in magnitude. Sometimes,  accommodate computer-based communications in a trusted
              these are related to corporate espionage. In 2014, U.S.  community. However, the Internet is now a global place for
              hackers in Illinois used DDoS malware to attack the offi-  communication, search, and trading. Furthermore, the
              cial website of the Crimean referendum. A few days later,  Internet was designed for maximum efficiency without
              major Russian government Web resources and state media  regard for security. Despite improvements, the Internet is
              websites were also attacked by DDoS malware.    still fundamentally insecure.

           Example 1                                            The Spread of Computerized Medical Data
           In December 2010, the Iranian nuclear program was attacked
           via computer programs rumored to have been created by the  With the requirements to computerize medical and health
           United States and Israel. The attack was  successful, causing  care data came the danger of breaches, see Greengard (2016).
   305   306   307   308   309   310   311   312   313   314   315