This in-depth article takes a look at hacking on the Internet. Covering hacker motivation, computer viruses, security, personal firewalls and how to track a hacker!
7. The Costs and Effects of Hacking on Business
The effect on e-commerce of hackers exploits is very real, with the negative publicity generated undermining
consumer confidence in particular companies security. Often these attacks may start out as pranks, but unfortunately they can
cause real harm through companies losing customers, which jeopardises their future and that of their employees.
For the purpose of this section on the costs of hacking to business, I will look at five case studies separately:
Case 1: Burger King
In March 2001 a hacker replaced the home page of the Burger King UK site with a parody of their arch rival
McDonald's site, stating "Eat our food, we want your money" and suggesting to visitors that they should go to McDonalds instead!
The site was running on Windows NT4 using Microsoft's Internet Information Server (IIS), and its thought the group of hackers called
Dreamscape2K exploited security holes in the system to redirect the URL to the defaced page.
It is unlikely that this attack caused any financial damage (Burger King refused to release any figures), but it
did make the company look really foolish, and hurt their reputation.
Case 2: Cert.org
The University of California estimate that about 4,000 Denial of Service (DoS) attacks happen every week.
Cert.org, the site of the Computer Emergency Response Team set up to investigate computer and Internet security issues, fell foul
to such an attack in May of 2001. The site was flooded with requests for information for two days which made it impossible for
users to gain access to the site for more than 24 hours.
The Cert.org site was down for 24 hours, which does not do anything for the reputation of this government
funded research facility by showing that it can be taken down this easily. The problem is that it is virtually impossible to
prevent these kind of attacks, the servers simply cannot cope with these large surges in traffic. Furthermore, it is very difficult
to track down the perpetrators of these attacks.
Case 3: The FBI and SirCam
The SirCam worm infected thousands on online companies, but few are willing to go public with their stories.
In July 2001, the FBI was forced to admit that it infected it's own machines with the virus, allowing the bug to forward confidential
files to outsiders. The virus was released accidentally by an FBI anti-virus researcher in the National Infrastructure Protection
Centre (www.mipc.gov) which is the FBI's online security division.
Analysts Computer Economics believe SirCam did around $1.035 billion worth of damage across the world and
infected an estimated, yet staggering, 2,300,000 computers. It certainly did nothing to improve the reputation of the FBI's fight
against Internet crime.
Case 4: NetNames and Osama Bin Laden
In September of 2001, thousands of customers of the domain name registrars NetNames (www.netnames.co.uk) were
affected by an attack from a hacker group calling itself Fluffi Bunni. Traffic to thousands of customer's web sites was
redirected to a page containing a picture of a pink rabbit propped up against a keyboard with the message: "If you want to see the
Internet again, give us Mr. Bin Laden and $5 million in a brown paper bag. Love Fluffi B." The text then went into a rant against
religion and the US. The attack hit over 10,000 sites that use NetNames domain name servers.
NetNames shut down the servers half an hour after discovering the attack and their systems were back
up within an hour. Even so, many customers lost fate in NetNames, with many security experts pointing the finger of blame at
them. Although it is difficult to quantify the actual financial damage caused to the company, it is undoubtedly an incident that
may overshadow their reputation for many years to come.
Case 5: Adobe and Dmitry Sklyarov
In July of 2001, Russian software programmer Dmitry Sklyarov found himself in a US prison cell after presenting
a paper on the encryption methods used to protect electronic books at the Def Con hacker conference in Las Vegas. Sklyarov had
written software that enabled people using Adobe's eBook reader software to get around any copyright protection codes and to print
digital books at will.
Sklyarov became the first person to go to court under the 1998 Digital Millennium Copyright Act (DMCA), which prohibits anybody
from selling technology that breaks copyright protection. Adobe's actions prompted a backlash from the hacker community, who
pointed out that Sklyarov was doing the company a favour by pointing out the weaknesses in the eBook encryption system.
Online book stores such as Barnes & Noble, pulled the eBook format from their web sites until security issues
were resolved. Adobe lost face within the industry and generated a lot of bad feeling in the tech community. Overall, the whole
incident dented the publishing industry's confidence in the eBook format, while the US Department of Justice is to go ahead with
the prosecution of Dmitry Sklyarov, so this affair is unlikely to go away for Adobe.