We all know the Saturday morning scenario: we trundle off to the local mall, where we are confronted by any number and manner of security guards and anti-theft devices preventing us from stealing goods. Closed circuit cameras and machine-gun-toting heavies keep us, the good guys, in check and they inconvenience us, while we know for a fact that the bad guys do more or less what they want and get away with it. It`s a fact of life.
E-retail sites are aware of the flaw, and are reported to be fixing it, but what`s the bet that the hackers will just find another hole?
Ian Melamed, chief technology officer, SatelliteSafe
It`s that way in the world of e-retail too. While you and I adhere to the rules and fill in our forms and submit our credit card details diligently, many e-shoppers are blithely indulging in cyber-theft on a grand scale. Here`s how it works: up to a third of shopping cart applications deployed on Internet retailing sites have security holes that render them vulnerable to electronic price tag alteration. If you see a PC that you want but can`t afford, why, just change the price tag. If it`s $2 000, change it to $2 - it`s so easy.
All you do is choose a product; after receiving pricing information, use your browser`s "edit page" to display the HTML code. Save the page to your PC, change the price and submit it to the e-retail site by clicking your "publish" key. You`ll get lucky one in three times.
Is it just theory? Hardly - 11% of all online transactions are fraudulent, according to the Internet Fraud Council; and a third of all US and 40% of UK e-commerce sites are susceptible to the flaw.
E-retail sites are aware of the flaw, and are reported to be fixing it, but what`s the bet that the hackers will just find another hole?
If you thought that was bad news, consider this: hackers and cyber-terrorists could take out entire power grids in the US, with devastating consequences for the US and global economy. The cost to business of the recent power outages in California is estimated at $2.3 billion, and these have been sporadic. Imagine if hackers launched a concerted attack on over-stretched power grids. Is this irresponsible scare-mongering? No; Fortune magazine has outlined a scenario where the systems that run the US`s power plants and transmission grids could be taken out. They were never meant to be networked, but many of them are today, and they typically run the TCP/IP protocol, which is notoriously insecure. And remember the rule: if you have an IP address, you`re fair game for hackers. Fortune reasons further that the highly publicised vulnerabilities of the utilities, coupled with the desire and capability of international cyber-terrorists to strike at the heart of US business and infrastructure, such an onslaught becomes a probability rather than a possibility. Don`t you just love technology?
The fun and games continue: anti-virus software vendor MessageLabs reports that the growth in incidence of viruses is outpacing the growth of e-mail usage by dramatic percentages. For instance, the US government will experience a 222% rise in viruses this year, against a 62% rise in e-mail use. MessageLabs scans millions of e-mails at the Internet level to protect clients, giving it access to these figures. The manufacturing sector is expected to be worst hit, with viruses rising by 234% and e-mail use 124%. The media sector is set to see an increase in viruses of 219% in 2001, against 137% growth in the use of e-mail. MessageLabs scanned 50 million e-mails from a cross section of customers from 1 January 2000 to 28 February 2001 to produce its forecasts.
And utterly predictable, April Fools Day was used by hackers as an ideal opportunity to crack and deface prominent Web sites. Their commonality: they were running Microsoft`s Internet Information Server in Windows NT and 2000. Among those nailed were Walt Disney Company, Wall Street Journal WebWatch, British Telecomms, HSBC, the US Navy`s Centre for Tactical Systems Interoperability, the US Army Training and Doctrine Command, Ringling Bros and Barnum & Bailey Circus, and the American Society for the Prevention of Cruelty to Animals. Of 39 defaced sites reported to attrition.org, only eight were running non-Microsoft operating systems.
Finally, news of Winux, the first virus to attack both Linux and Microsoft operating systems. It`s not in the wild, fast spreading or destructive, but it`s remarkable purely for the fact that it can execute on both of the popular operating systems, which are often installed on the same PC. Originating in Czechoslovakia, it could be the precursor of many to come.
(Sources: Silicon.com, Fortune and ZDNet.)
Share