E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: NewsFactor Network

Posted on April 6, 2001

      The fate of the Internet as a global commercial force may hang less on the rise or fall of any particular dot-com than it does on the persistent threat that hackers, crackers, bugs and worms could one day cause the entire structure to explode like a dying star.

      Government agencies, corporate giants and security wizards are attacking the problem with zeal, but the consensus is that so far, the advantage lies with the bad guys. As absurd as it may sound, it remains child's play for serious cyber-saboteurs to wreak havoc on corporate and government networks.

      The best option yet available seems to be damage control, and it is crucial to identify the biggest threats to the Net in order to accomplish it.

Two Critical Issues

There are two primary methods that hackers rely upon to disrupt the Web operations of major companies and organizations, according to Rob Clyde, vice president and chief technologist of Enterprise Solutions at Symantec.

      First, attackers break into systems by "taking advantage of holes in corporate operating systems and applications that are out there on Web servers," Clyde told NewsFactor Network.

      The companies that create and sell these systems usually learn about the vulnerabilities early and develop patches to cover them, but many customers -- including huge corporations, government agencies and individual users -- do not learn about the patches until it is too late.

      The other weakness that attackers take advantage of to get into a system, Clyde says, is easy-to-guess passwords -- and this can come both from outside hackers and from people working within company.

      "About 80 percent of the time, the bad guys get in using one of these two methods," Clyde told NewsFactor. "Attacks almost always include one or both of these elements."

Kiddie Stuff

No matter how much money Internet-based companies and security firms spend in establishing expensive and complex security defenses, they often find themselves vulnerable to savvy hackers and virus writers who have proven they can disrupt any organization.

      Sometimes damage can be done by writing a simple worm virus to disrupt company e-mail systems and even paralyze corporate networks. Just this week, an upgraded version of the worm-making software used to generate February's infamous Anna Kournikova virus became available on the Web.

      "It's easy to do nowadays. All you need is time and motive," Clyde said. "There are over 30,000 hacker-oriented Web sites on the Net, and you can download the instructions -- it's point and click. You don't even have to think very hard."

Tricks and Worms

"There are all sorts of threats to Internet users," SecurityPortal technical director Rick Steinberger told NewsFactor. "But the threats that individual users face sitting at home and reading e-mail are very different from the threats that e-commerce or big corporate sites face."

      Individuals can become exposed to attacks simply by opening e-mail attachments -- often from people they know -- thus spreading e-mail worms and viruses.

      Steinberger also cautions that many kinds of interactive Web sites trick users into revealing critical personal information, such as e-mail and street addresses and even credit card numbers, to marketers and identity thieves.

Absolute Worst Threat

While it is difficult to speculate on the nature of the absolute worst threat to the Internet, security experts do have some major concerns. Steinberger warns especially about the collapse of the Internet's domain name system, which translates numeric e-mail and Web site addresses into names so that the Internet can deliver its messages.

      "The domain name servers at the top level are stored in 15 to 20 computers at government sites and universities," Steinberger explains, "and server software vulnerabilities come up no matter how cautious you are."

      A major disruption to the domain name system would paralyze e-business and, indeed, all Internet communication.

      Finally, Steinberger does not rule out the possibility of top-tier U.S. routers going offline because of operational glitches, hacker attacks or even physical sabotage.

      The critical servers and routers are located at Metropolitan Area Ethernet (MAE) centers in select locations, such as a downtown San Jose, California building and a Seattle, Washington hotel.

      Should another earthquake, or worse yet, a terrorist explosion, destroy the MAE servers and their backups, the Internet would grind to a screeching halt.

Damage Control

According to a recent report from the Computer Emergency Response Team at Carnegie Mellon University, attacks on Web sites increased from 2,000 in 1997 to 21,000 in 2000. Meanwhile, Web site defacements totaled 5,000 last year, up from just five in 1995.

      Experts concede that security dangers are not going to disappear anytime soon. But firms and individuals are not completely helpless in the face of the threats -- as long as they take reasonable precautions.

      "The biggest threat companies face is not taking security seriously," Clyde told NewsFactor. "Their security systems don't have to be complicated or expensive, but you have to know what the risks are."

      Clyde estimates that only about 40 percent of the networks on the Internet use a firewall to keep threats at bay, and that well over half of home PC users do not keep their anti-virus software updated and in place.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.