Systems for Ensuring Secure Electronic Transactions (SET)
Attacks earlier in the year on major e-commerce sites, including E*Trade; Amazon.com, the leading e-tailer; eBay, the online auction house; CNN, the news service; Yahoo!; Buy.com; and Zdnet, a technology news and information web site, have heightened the awareness of securing e-commerce sites (“E-Commerce Sites,” 2000, p.106). This is just the first example of a rampant problem that has cost e-tailing companies millions of dollars in losses.
Hackers, using a denial of service (DoS) technique, caused the aforementioned e-tailers to temporarily shut down. By repeatedly loading hundreds of web pages to the companies’ servers from computers on the Internet, the hackers flooded the servers of the e-tailers. These attacks ultimately crashed the company’s server or denied access to normal users (“E-Commerce Sites,” 2000, p.106). These flood attacks are relatively easy to carry out with software such as Stacheldaht or Tribal Flood, which are publicly made available on the Internet (“E-Commerce Sites,” 2000, p.106). Once a hacker has one of these programs in his possession, he simply installs the software on several computers connected to the Internet and triggers the flooding from a central computer. Since the flooding comes from a variety of different sources, it is nearly impossible to identify the origin of the attack (“E-Commerce Sites,” 2000, p.106).
A joint survey, conducted in 1999 by the computer Security Institute and the FBI, of major US companies, revealed that tampering with company’s online operations is becoming a mundane occurrence (Courtney, 2000, p.84). The survey polled 640 corporations, banks, and government organizations on the conditions of their computer systems (Courtney, 2000, p.84).
• Of the responding companies, 90% had detected security breaches (Courtney, 2000, p.84).
• 70% of the companies reported serious security breaches (Blotzer, 2000, p99). These included theft of proprietary information, financial fraud, system penetration by outsiders, data or network sabotage, and denial of service attacks (Courtney, 2000, p.84).
• Quantifiable losses totaled $265 million, 115% higher than in 1999 (Courtney, 2000, p.84).
• The most serious breach resulted in a loss of $66 million, 55% higher than the most serious loss of 1999 (Courtney, 2000, p.84).
• 59% of the companies cited their Internet connection as a frequent point of attack (Courtney, 2000, p.84).
• The total cost to these companies was $266 million (Blotzer, 2000, p99).
This survey illustrates the seriousness of attacks and the importance of proper security to defend against those attacks.
For every company doing business on the Internet, security should be a top priority. Gibson Research Corporation has a...