Page 311 - Introduction to Electronic Commerce and Social Commerce
P. 311
298 10 E-Commerce Security and Fraud Issues and Protections
The Shift to Profit-Induced Crimes The Globalization of the Attackers
There is a clear shift in the nature of the operation of com- Many countries have cyberattackers (e.g., China, Russia,
puter criminals. In the early days of e-commerce, many Nigeria, Iran, and India). For an example of Iranian attacks
hackers simply wanted to gain fame or notoriety by defacing on U.S. banks, see Nakashima and Zapotosky (2016).
websites. Online File W10.1 illustrates a case of a criminal
who did not attack systems to make a profit. There are many
more criminals today, and they are more sophisticated. Most The Darknet and the Underground Economy
popular is the theft of personal information such as credit
card numbers, bank accounts, Internet IDs, and passwords. The darknet can be viewed as a separate Internet that can be
According to Privacy Rights Clearinghouse (privacyrights. accessed via the regular Internet and a connection to the
org), millions of records containing personal information are TOR network (TOR is a network of VPNs that allows pri-
breached every year. Criminals today are even holding data vacy and security on the Internet). The darknet has restricted
for ransom and trying to extort payments from their victims. access to trusted people (“friends”) by using nonstandard
An illustrative CNN video (2:30 min) titled “Hackers Are protocols (IP addresses are not listed). Darknet allows anon-
Holding Data for Ransom” is available at money.cnn.com/ ymous surfing. The darknet’s contents are not accessible
video/technology/2012/10/08/t-ransomware-hackers. through Google or other search engines. The TOR technol-
cnnmoney. In 2016, a hospital was forced to pay a ransom ogy is used in file sharing (e.g., in the well-known Pirate
(with Bitcoins) to get back its data, which were not backed Bay). The darknet is often used for political dissent and con-
up (see Winton 2016). CryptoLocker is a new ransomware ducting illegal transactions, such as selling drugs and pirat-
Trojan used for such crimes (see usatoday.com/story/news/ ing intellectual property via file sharing. The latter activity is
nation/2014/05/14/ransom-ware-computer-dark-web- known as the Internet underground economy. In November
criminal/8843633). 2014, law enforcement authorities in Europe and the United
Lemos (2016) provides a slide show that illustrates the 2016 States shut down many of TOR websites. But it seems they
top secret trends that includes ransomware and cyberspying. have not cracked TOR encryptions yet. In 2015, the U.S.
Note that laptop computers, tablets, and smartphones are government shut down a market for stolen personal data
stolen for two reasons: selling them (e.g., to pawn shops, and called Darkode. See Victor (2015).
on eBay) and trying to find the owners’ personal information
(e.g., social security number, driver’s license details, and so The Internet Underground Economy
forth). In January 2014, a former Coca-Cola employee stole
laptops containing information on 74,000 individuals belong- The Internet underground economy refers to the e-markets
ing to current and past employees of the company. The com- for stolen information made up of thousands of websites that
pany did not have a data loss prevention program in place, sell credit card numbers, social security numbers, e-mail
nor were the laptops encrypted. addresses, bank account numbers, social network IDs, pass-
A major driver of data theft and other crimes is the ability words, and much more. Stolen data are sold to spammers or
to profit from the theft. Today, stolen data are sold on the criminals for less than a dollar a piece to several hundred dol-
black market, which is described next. lars each. The purchasers use them to send spam or conduct
illegal financial transactions such as transferring other peo-
Computers Everywhere ple’s money into their own accounts or paying the spammers’
credit card bills. It is estimated that about 30% of all the trans-
As described in Chapter 6, computers are everywhere, from actions in the underground market are made with stolen credit
your home to your work, in study places, entertainment areas cards. Symantec estimates the potential worth of just the
etc. Even your car can be hacked (see Pagliery 2014b). credit cards and banking information for sale is about a bil-
lion annually. Forty-one percent of the underground economy
The Increased Volume of Wireless Activities is in the United States, while 13% is in Romania. For a dis-
and the Number of Mobile Devices cussion of the digital underground, see Goodman (2016).
Wireless networks are more difficult to protect than wireline. The Internet Silk Road
For example, many smartphones are equipped with near- field
communication (NFC) chips, which are necessary for mobile This is one of the underground sites where hundreds of drug
payments. Additionally, BYOD (Chapter 6) may create secu- dealers and other “black market” merchants conduct their
rity problems. Hackers can exploit the features of smartphones business. In October 2013, law enforcement authorities in the
and related devices (e.g., Bluetooth) with relative ease. United States shut down the site and arrested its founder, who
