Page 319 - Introduction to Electronic Commerce and Social Commerce
P. 319
306 10 E-Commerce Security and Fraud Issues and Protections
Some Security Bugs: Heartbleed and Crytolocker networks, especially Facebook and Twitter. An example of
such an attack is described in Online File W10.1.
Two dangerous computer bugs were discovered in 2013 and DoS attacks can be difficult to stop. Fortunately, the security
2014. community has developed tools for combating them. For com-
prehensive coverage, see us-cert.gov/ncas/tips/ST04-015.
Heartbleed Note: In 2014, a hacking group called Lizard Stresser
According to Russell (2014) “Heartbleed is a flaw in OpenSSL, offered to take down any website by employing DoS, for a
the open-source encryption standard used by the majority of fee of $3 (see Goldman 2014b).
websites that need to transmit the data that users want to keep
secure. It basically gives you a secure line when you’re send- Botnets
ing an e-mail or chatting on IM.”
The potential damage may be large. In theory, any data kept According to the Microsoft Safety and Security Center, a
in the active memory can be pulled out by the bug. Hackers botnet (also known as “zombie army”) is malicious software
can even steal encryption keys that enable them to read that criminals distribute to infect a large number of hijacked
encrypted messages. About 650 million websites may be Internet connected computers controlled by hackers. These
affected. The only advice provided by experts is to change the infected computers then form a “botnet,” causing the per-
online passwords. sonal computer to “perform unauthorized attacks over the
Internet” without the user’s knowledge. Unauthorized tasks
Cryptolocker include sending spam and e-mail messages, attacking comput-
Discovered in September 2013, Cryptolocker is a ransom- ers and servers, and committing other kinds of fraud, causing
ware Trojan bug. This malware can come from many sources the user’s computer to slow down (microsoft.com/security/
including e-mail attachments; can encrypt files on your com- resources/botnet-whatis.aspx).
puter, so that you cannot read these files. The malware owner Each attacking computer is considered computer robot. A
then offers to decrypt the data in exchange for a bitcoin or botnet made up of 75,000 systems infected, in 2010, with
similar untraceable payment system. Zeus Trojan contaminated computers. Botnets are used in
For information on what to do if you are being black- scams, spams, frauds, or just to damage systems (as in the
mailed and how to protect yourself see Cannell (2013). hospital case described in Online File W10.1). Botnets appear
in different forms and can include worms or viruses. Famous
Denial of Service botnets include Zeus, Srizbi, Pushdo/Cutwail, Torpig, and
Conficker.
According to Incapsula, Inc., a denial-of-service (DoS)
attack is “a malicious attempt to make a server or network Example: Rustock
resource unavailable to users, usually by temporarily inter- Rustock was a botnet made up of about one million hijacked
rupting or suspending the services of a host connected to the PCs, which evaded discovery for years. The botnet, which
Internet.” This causes the system to crash or become unable sent out up to 30 billion spam messages per day, placed
to respond in time, so the site becomes unavailable. One of “booby trapped” advertisements and links on websites vis-
the most popular types of DoS attacks occurs when a hacker ited by the victims. The spammers camouflaged the updates
“floods” the system by overloading the system with “useless to PCs to look like comments in discussion boards, which
traffic” so a user is prevented from accessing their e-mail, made them hard to find by security software. Microsoft was
websites, etc. one of the companies that helped shut down Rustock. In
Note: A DoS attack is a malicious attack caused by one 2013, Microsoft and the FBI “disrupted” over 1000 botnets
computer and one Internet connection as opposed to a DDos used to steal banking information and identities. Both
attack, which involves many devices and multiple Internet Microsoft and the FBI had been trying to take down the mal-
connections (to be discussed later). An attacker can also use ware “Citadel,” which affected millions of people located in
spam e-mail messages to launch a similar attack on your more than 90 countries. For an analysis of malicious botnet
e-mail account. A common method of launching DoS attacks attacks, see Katz (2014).
is by using zombie (hijacked) computers, which enable the
hijacked computer to be controlled remotely by a hacker Home Appliance “Botnet”
without the knowledge of the computer’s owner. The zombie The Internet of Things (IoT) can also be hacked. Since par-
computer (also known as a “botnet”) launches an over- ticipating home appliances have a connection to the Internet,
whelming number of requests toward an attacked website, they can become computers that can be hacked and con-
creating the DoS. For example, DoS attackers target social trolled. The first home attack, which involved television sets
