Page 314 - Introduction to Electronic Commerce and Social Commerce
P. 314
10.2 Basic E-Commerce Security Issues and Landscape 301
U.S. Army and the Department of Energy). The danger is
Environmental Hazards that some companies may not take even minimal precautions
These include natural disasters and other environmental to protect their customer information if they can place the
conditions outside of human control (e.g., Acts of God, blame for the attacks on the cybercriminals.
large-scale acts of nature and accidents such as earth- Criminals use a variety of methods for the attacks. Some
quakes, severe storms, hurricanes, blizzards, or sand use computers as a weapon; some attack computing assets
storms), floods, power failures or strong fluctuations, depending on the targets. For a short history of hacking
fires (the most common hazard), explosions, radioactive (with an infographic) see i-programmer.info/news/149-
fallout, and water-cooling system failures. Computer security/3972-a-short-history-of-hacking.html.
resources also can be damaged by side effects such as Hackers and crackers may recruit unsuspecting people,
smoke and water. including company insiders, to assist in their crimes. For
example, according to Malware Bytes Unpacked, a “money
mule” is a person who is local to the compromised account,
who can receive money transfers with a lesser chance of
Malfunctions in the Computer System alerting the banking authorities.
Defects can be the result of poor manufacturing, defec- “These money mules retrieve the funds and then transfer
tive materials, memory leaks, and outdated or poorly them to the cyber criminal.” Since the mules are used to trans-
maintained networks. Unintentional malfunctions can fer stolen money, they can face criminal charges and become
also happen for other causes, ranging from lack of user victims of identity theft. Notorious hacker Kevin Mitnick,
experience to inadequate testing. Another example is who served jail time for hacking, used social engineering as
Amazon’s Cloud (EC2), which hosts many major web- his primary method to gain access to computer systems.
sites (e.g., Reddit, Airbnb, Foursquare). In June and For ten tips to keeping your EC website protected against
October 2012, the cloud hosting service crashed due to hacking and fraud, see tweakyourbiz.com/technology/2014/
problems with the company’s data centers. The system 01/20/10-tips-to-protect-an-ecommerce-website-against-
also crashed in July 2012, taking down Netflix, hacking-and-fraud.
Foursquare, Dropbox, Instagram, and Pinterest due to
severe weather hitting the North Virginia data center. Example: The Bangladesh Bank
Some hackers installed malware in the Bangladesh Central
Bank computer systems that enable them to watch, for weeks,
Intentional Attacks and Crimes how funds are being withdrawn from the bank’s U.S. account.
The hackers then attempted to steal about $1 billion, but were
Intentional attacks are committed by cybercriminals. Types stopped after stealing $80 million from the Bangladesh at the
of intentional attacks include theft of data; inappropriate use Federal Bank of New York. For details see Reuters (2016).
of data (e.g., changing it or presenting it for fraudulent pur-
poses); theft of laptops and other devices and equipment and/
or computer programs to steal data; vandalism or sabotage The Targets of the Attacks in Vulnerable Areas
directed toward the computer or its information system;
damaging computer resources; losses from malware attacks; As seen in Figure 10.2, the targets can be people, computers,
creating and distributing viruses; and causing monetary or information systems. Fraud usually aims to steal money or
losses due to Internet fraud. Most of these are described in other assets such as real estate. Computers are also used to
Sections 10.3 and 10.4. harass people (e.g., cyberbullying), damage their reputation,
violate their privacy, and so forth.
The Criminals and Methods
Vulnerable Areas Are Being Attacked
Intentional crimes carried out using computers and the
Internet are called cybercrimes, which are done by cyber- Any part of an information system can be attacked. PCs, tab-
criminals (criminals for short), that includes hackers and lets, or smartphones can easily be stolen or attacked by viruses
crackers. A hacker describes someone who gains unauthor- and/or malware. Users can become victims of a variety of
ized access to a computer system. A cracker (also known as fraudulent actions. Databases can be attacked by unauthor-
a “black hat” hacker) is a malicious hacker with extensive ized intruders, and data are very vulnerable in many places in
computer experience who may be more damaging. Some a computerized system. For example, data can be copied,
hacker groups (such as the international group Anonymous) altered, or stolen. Networks can be attacked, and information
are considered unstoppable in penetrating organizations of flow can be stopped or altered. Computer terminals, printers,
all kinds (many U.S. government agencies, including the and any other pieces of equipment can be damaged in different
