Electronic Commerce Systems:Risks Associated with Electronic Commerce.
Risks Associated with Electronic Commerce
Reliance on electronic commerce poses concern about unauthorized access to confidential information. As LANs become the platform for mission-critical applications and data, proprietary information, customer data, and financial records are at risk. Organizations connected to their customers and business partners via the Internet are particularly exposed. Without adequate protection, firms open their doors to computer hackers, vandals, thieves, and industrial spies both internally and from around the world.
The paradox of networking is that networks exist to provide user access to shared resources, yet the most important objective of any network is to control such access. Hence, for every productivity argu- ment in favor of remote access, there is a security argument against it. Organization management constantly seeks balance between increased access and the associated business risks.
In general, business risk is the possibility of loss or injury that can reduce or eliminate an organization’s ability to achieve its objectives. In terms of electronic commerce, risk relates to the loss, theft, or destruction of data as well as the use of computer programs that financially or physically harm an organization. The following sections deal with various forms of such risk. This includes intranet risks posed by dishonest employees who have the technical knowledge and position to perpetrate frauds, and Internet risks that threaten both consumers and business entities.
INTRANET RISKS
Intranets consist of small LANs and large WANs that may contain thousands of individual nodes.3 Intranets are used to connect employees within a single building, between buildings on the same physical campus, and between geographically dispersed locations. Typical intranet activities include e-mail rout- ing, transaction processing between business units, and linking to the outside Internet.
Unauthorized and illegal employee activities internally spawn intranet threats. Their motives for doing harm may be vengeance against the company, the challenge of breaking into unauthorized files, or to profit from selling trade secrets or embezzling assets. The threat from employees (both current and former) is significant because of their intimate knowledge of system controls and/or the lack of controls. Discharged employees, or those who leave under contentious circumstances, raise particular concerns. Trade secrets, operations data, accounting data, and confidential information to which the employee has access are at greatest risk.
Interception of Network Messages
The individual nodes on most intranets are connected to a shared channel across which travel user IDs, passwords, confidential e-mails, and financial data files. The unauthorized interception of this information by a node on the network is called sniffing. The exposure is even greater when the intranet is connected to the Internet. Network administrators routinely use commercially available sniffer software to analyze network traffic and to detect bottlenecks. Sniffer software, however, can also be downloaded from the Internet. In the hands of a computer criminal, sniffer software can be used to intercept and view data sent across a shared intranet channel.
Access to Corporate Databases
Intranets connected to central corporate databases increase the risk that an employee will view, corrupt, change, or copy data. Social security numbers, customer listings, credit card information, recipes, formulas, and design specifications may be downloaded and sold. Outsiders have bribed employees who have access privileges to financial accounts to electronically write off an account receivable or erase an out- standing tax bill. A Computer Security Institute (CSI) study reported that financial fraud losses of this sort averaged $500,000.4 A previous CSI study found that the average loss from corporate espionage was more than $1 million. Total losses from insider trade secret theft have been estimated to exceed $24 billion per year.
Privileged Employees
We know from earlier chapters that an organization’s internal controls are typically aimed at lower-level employees. According to the CSI study, however, middle managers, who often possess access privileges that allow them to override controls, are most often prosecuted for insider crimes.5 Information systems employees within the organization are another group empowered with override privileges that may permit access to mission-critical data.
Reluctance to Prosecute
A factor that contributes to computer crime is many organizations’ reluctance to prosecute the criminals. According to the CSI study, this situation is improving. In 1996, only 17 percent of the firms that experienced an illegal intrusion reported it to a law enforcement agency. In 2002, 75 percent of such crimes were reported. Of the 25 percent that did not report the intrusions, fear of negative publicity was the most common cited justification for their silence.
Many computer criminals are repeat offenders. Performing background checks on prospective employees can significantly reduce an organization’s hiring risk and avoid criminal acts. In the past, employee backgrounding was difficult to achieve because former employers, fearing legal action, were reluctant to disclose negative information to prospective employers. A no comment policy prevailed.
The relatively new legal doctrine of negligent hiring liability is changing this. This doctrine effectively requires employers to check into an employee’s background. Increasingly, courts are holding employers responsible for criminal acts that employees, both on and off the job, perpetrated if a background check could have prevented crimes. Many states have passed laws that protect a former employer from legal action when providing work-related performance information about a former employee when (1) the inquiry comes from a prospective employer, (2) the information is based on credible facts, and (3) the information is given without malice.6
INTERNET RISKS
This section looks at some of the more significant risks associated with Internet commerce. First the risks related to consumer privacy and transaction security are examined. The risk to business entities from fraud and malicious acts are then reviewed.
RISKS TO CONSUMERS
As more and more people connect to the Web, Internet fraud increases. Because of this, many consumers view the Internet as an unsafe place to do business. In particular, they worry about the security of credit card information left on Web sites and the confidentiality of their transactions. Some of the more common threats to consumers from cyber criminals are discussed here.
THEFT OF CREDIT CARD NUMBERS. The perception that the Internet is not secure for credit card purchases is considered to be the biggest barrier to electronic commerce. Some Internet companies are negligent or even fraudulent in the way they collect, use, and store credit card information. One hacker successfully stole 100,000 credit card numbers with a combined credit limit of $1 billion from an Internet service provider’s customer files. He was arrested when he tried to sell the information to an undercover FBI agent.
Another fraud scheme involves establishing a fraudulent business operation that captures credit card information. For example, the company may take orders to deliver flowers on Mother’s Day. When the day arrives, the company goes out of business and disappears from the Web. Of course, the flowers are never delivered, and the perpetrator either sells or uses the credit card information.
THEFT OF PASSWORDS. One form of Internet fraud involves establishing a Web site to steal a visitor’s password. To access the Web page, the visitor is asked to register and provide an e-mail address and password. Many people use the same password for different applications such as ATM services, e-mail, and employer-network access. In the hopes that the Web site visitor falls into this pattern of behavior, the cyber criminal uses the captured password to break into the victim’s accounts.
CONSUMER PRIVACY. Concerns about the lack of privacy discourage consumers from engaging in Internet commerce. One poll revealed that:7
• Almost two-thirds of non-Internet users would start using the Internet if they could be assured that their personal information was protected.
• Privacy is the number one reason that individuals are avoiding Internet commerce.
Many coalitions have been formed to lobby for stronger privacy measures. The Center for Democracy and Technology (CDT), Electronic Frontier Foundation (EFF), and Electronic Privacy Information Center (EPIF) are three prominent groups. One aspect of privacy involves the way in which Web sites capture and use cookies.
Cookies are files containing user information that are created by the Web server of the site being visited. The cookies are then stored on the visitor’s computer hard drive. They contain the URLs of visited sites. When the site is revisited, the user’s browser sends the specific cookies to the Web server. The original intent behind the cookie was to improve efficiency in processing return visits to sites where users are required to register for services. For example, on the user’s first visit to a particular Web site, the URL and user ID may be stored as a cookie. On subsequent visits, the Web site retrieves the user ID, thus saving the visitor from rekeying the information.
Cookies allow Web sites to off-load the storage of routine information about vast numbers of visitors.
It is far more efficient for a Web server to retrieve this information from a cookie file stored on the user’s computer than to search through millions of such records stored at the Web site. Most browsers have preference options to disable cookies or to warn the user before accepting one.
The privacy controversy over cookies relates to what information is captured and how it is used. For example, the cookie may be used to create a profile of user preferences for marketing purposes. The pro- file could be based on the pages accessed or the options selected during the site visit, the time of day or night of the visit, and the length of time spent at the site. The profile could also include the user’s e-mail address, zip code, home phone number, and any other information the user is willing to provide to the Web site.
This type of information is useful to online marketing firms that sell advertising for thousands of Inter- net firms that sell goods and services. The user profile enables the marketing firm to customize ads and to target them to Internet consumers. To illustrate, let’s assume a user visiting an online bookstore browses sports car and automobile racing listings. This information is stored in a cookie and transmitted to the online marketing firm, which then sends JavaScript ads for general automotive products to the book- store’s Web page to entice the visitor to click on the ads. Each time the consumer visits the site, the contents of the cookie will be used to trigger the appropriate ads. User profile information can also be compiled into a mailing list, which is sold and used in the traditional way for solicitation.
COOKIES AND CONSUMER SECURITY. Another concern over the use of cookies relates to security. Cookies are text (.txt) files that can be read with any text editor. Some Web sites may store user pass- words in cookies. If the passwords are not encrypted (discussed later) before being stored, anyone with access to the computer can retrieve the cookies and the passwords. Thus, when multiple employees share a computer in the workplace, all users of the computer may review the cookies file, which is stored in a common directory.
A related form of risk comes from criminal or malicious Web sites. As the user browses the site, a JavaScript program may be uploaded to the user’s computer. The program secretly scans the hard drive for the cookies file and copies it to the Web site, where it is reviewed for passwords and other personal data.
Risks to Businesses
Business entities are also at risk from Internet commerce. IP spoofing, denial of service attacks, and malicious programs are three significant concerns.
IP SPOOFING. IP spoofing is a form of masquerading to gain unauthorized access to a Web server and/or to perpetrate an unlawful act without revealing one’s identity. To accomplish this, a perpetrator modifies the IP address of the originating computer to disguise his or her identity. A criminal may use IP spoofing to make a message appear to be coming from a trusted or authorized source and thus slip through control systems designed to accept transmissions from certain (trusted) host computers and block out others. This technique could be used to crack into corporate networks to perpetrate frauds, conduct acts of espionage, or destroy data. For example, a hacker may spoof a manufacturing firm with a false sales order that appears to come from a legitimate customer. If the spoof goes undetected, the manufacturer will incur the costs of producing and delivering a product that was never ordered.
DENIAL OF SERVICE ATTACK. A denial of service attack (Dos) is an assault on a Web server to prevent it from servicing its legitimate users. Although such attacks can be aimed at any type of Web site, they are particularly devastating to business entities that are prevented from receiving and processing business transactions from their customers. Three common types of Dos attacks are: SYN flood, smurf, and distributed denial of service (DDos).
SYN Flood Attack. When a user establishes a connection on the Internet through TCP/IP, a three-way handshake takes place. The connecting server sends an initiation code called a SYN (SYNchronize) packet to the receiving server. The receiving server then acknowledges the request by returning a SYNchronize–ACKnowledge (SYN-ACK) packet. Finally, the initiating host machine responds with an ACK packet code. The SYN flood attack is accomplished by not sending the final acknowledgment to the server’s SYN-ACK response, which causes the server to keep signaling for acknowledgement until the server times out.
The individual or organization perpetrating the SYN flood attack transmits hundreds of SYN packets to the targeted receiver, but never responds with an ACK to complete the connection. As a result, the ports of the receiver’s server are clogged with incomplete communication requests that prevent legitimate transactions from being received and processed. Organizations under attack thus may be prevented from receiving Internet messages for days at a time.
If the target organization could identify the server that is launching the attack, a firewall (discussed later) could be programmed to ignore all communication from that site. Such attacks, however, are difficult to prevent because they use IP spoofing to disguise the source of the messages. IP spoofing programs that randomize the source address of the attacker have been written and publicly distributed over the Internet. Therefore, to the receiving site, it appears that the transmissions are coming from all over the Internet.
Smurf Attack. A smurf attack involves three parties: the perpetrator, the intermediary, and the victim. It is accomplished by exploiting an Internet maintenance tool called a ping, which is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network. The ping works by sending an echo request message (like a sonar ping) to the host computer and listening for a response message (echo reply). The ping signal is encapsulated in a message packet that also contains the return IP address of the sender. A functioning and available host must return an echo reply message that contains the exact data received in the echo request message packet.
The perpetrator of a smurf attack uses a program to create a ping message packet that contains the forged IP address of the victim’s computer (IP spoofing) rather than that of the actual source computer. The ping message is then sent to the intermediary, which is actually an entire subnetwork of computers. By sending the ping to the network’s IP broadcast address, the perpetrator ensures that each node on the intermediary network receives the echo request automatically. Consequently, each intermediary node sends echo responses to the ping message, which are returned to the victim’s IP address, not that of the source computer. The resulting flood echoes can overwhelm the victim’s computer and cause network congestion that makes it unusable for legitimate traffic. Figure 12-3 illustrates a smurf attack.
The intermediary in a smurf attack is an unwilling and unaware party. Indeed, the intermediary is also a victim and to some extent suffers the same type of network congestion problems the target victim suf- fers. One method of defeating smurf attacks is to disable the IP broadcast addressing option at each net- work firewall and thus eliminate the intermediary’s role. In response to this move, however, attackers have developed tools to search for networks that do not disable broadcast addressing. These networks may subsequently be used as intermediaries in smurf attacks. Also, perpetrators have developed tools that enable them to launch smurf attacks simultaneously from multiple intermediary networks for maximum effect on the victim.
Distributed Denial of Service. A distributed denial of service (DDos) attack may take the form of a SYN flood or smurf attack. The distinguishing feature of the DDos is the sheer scope of the event. The perpetrator of a DDos attack may employ a virtual army of so-called zombie or bot (robot) computers to launch the attack. Because vast numbers of unsuspecting intermediaries are needed, the attack often involves one or more Internet Relay Chat (IRC) networks as a source of zombies. IRC is a popular inter- active service on the Internet that lets thousands of people from around the world engage in real-time communications via their computers.
The problem with IRC networks is that they tend to have poor security. The perpetrator can thus easily access the IRC and upload a malicious program such as a Trojan horse (see the appendix in Chap- ter 16 for a definition), which contains DDos attack script. This program is subsequently downloaded to the PCs of the many thousands of people who visit the IRC site. The attack program runs in the back- ground on the new zombie computers, which are now under the control of the perpetrator. These collections of compromised computers are known as botnets. Figure 12-4 illustrates this technique.
Via the zombie control program, the perpetrator has the power to direct the DDos to specific victims and turn on or off the attack at will. The DDos attack poses a far greater threat to the victim than a tradi- tional SYN flood or smurf attack. For instance, a SYN flood coming from thousands of distributed com- puters can do far more damage than one from a single computer. Also, a smurf attack coming from a subnetwork of intermediary computers all emanate from the same server. In time, the server can be located and isolated by programming the victim’s firewall to ignore transmissions from the attacking site. The DDos attack, on the other hand, literally comes from sites all across the Internet. Thousands of individual attack computers are harder to track down and turn off.
Motivation behind Dos Attacks. The motivation behind Dos attacks may originally have been to punish an organization with which the perpetrator had a grievance or simply to gain bragging rights for being able to do it. Today, Dos attacks are also perpetrated for financial gain. Financial institutions, which are particularly dependent on Internet access, have been prime targets. Organized criminals threatening a devastating attack have extorted several institutions, including the Royal Bank of Scotland. The typical
scenario is for the perpetrator to launch a short DDos attack (a day or so) to demonstrate what life would be like if the organization were isolated from the Internet. During this time, legitimate customers are unable to access their online accounts and the institution is unable to process many financial transactions. After the attack, the CEO of the organization receives a phone call demanding that a sum of money be de- posited in an offshore account, or the attack will resume. Compared to the potential loss in customer confidence, damaged reputation, and lost revenues, the ransom may appear to be a small price to pay.
DDos attacks are relatively easy to execute and can have a devastating effect on the victim. Many experts believe that the best defense against DDos attacks is to implement a layered security program with multiple detection point capability. We revisit this issue in Chapter 16 to examine methods for dealing with DDos attacks.
OTHER MALICIOUS PROGRAMS. Viruses and other forms of malicious programs such as worms, logic bombs, and Trojan horses pose a threat to both Internet and intranet users. These may be used to bring down a computer network by corrupting its operating systems, destroying or corrupting corporate databases, or capturing passwords that enable hackers to break in to the system. Malicious programs, however, are not exclusively an electronic commerce issue; database management, operating systems security, and application integrity are also threatened. Because of the broad-based implications, this class of risk is examined at length in Chapter 16.
Comments
Post a Comment