In recently years, people more rely on computers to create, store and manage critical information. Therefore, it is important for users to aware that computer security plays a major role in protecting their data from loss, damage, and misuse. Similarly, online security has been online trader’s main concern in protecting their websites from potential threats, such as phishing, security hacking, information theft, virus, worms and etc.
Most businesses that have made the move towards an online presence have experienced some kind of security threat to their business. Since the Internet is a public system in which every transaction can be tracked, logged, monitored and stored in many locations, it is important for businesses to understand possible security threats to their business.
Security has three main concepts. There are confidentiality, integrity, and availability. Confidentiality allows only authorized parties to read protected information. Integrity ensures data remains as is from the sender to the receiver. Availability ensures you have access and are authorized to resources.
There are many threats to e-commerce that may come from sources within an organization or individual. The followings are some of the potential security threats that can be found.
MALICIOUS ATTACKS
Attacks that specifically aim to do harm are known as malicious attacks. They can be further broken down into attacks caused by malicious code and those caused by intentional misrepresentation. Misrepresentation is most often seen with regard to online fraud and identity theft. Malicious code, on the other hand, is at the root of so-called "crackings" and "hackings" - notable examples of which include computer viruses, data theft, and Denial of Service (DOS) attacks.
i. Computer Viruses
The "Melissa" virus/worm of 1999, which caused about $80 million in damages worldwide, was malicious code imbedded in a Word® document that, when opened, would send itself out as an attachment to the first fifty people in an electronic mail client address book. The May 2000 "I LOVE YOU" virus was even simpler -- a small piece of code attached to electronic mail. Double-clicking on the executable caused it to send an e-mail to everyone in an address book, subsequently damaging victims' machines. Fast-spreading viruses like "I LOVE YOU" cause e-mail servers to overload and businesses to shut down email correspondence. For example, in one day, the "I LOVE YOU" virus caused over $100 million in United States damages and over $1 billion in worldwide losses.
ii. Denial of Service Attacks
Denial of Service Attacks is another form of malicious attack which is not new, yet they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is becoming increasingly common. Such attacks, known as Distributed Denial of Service attacks (DDOS), were witnessed in a number of large corporate computer shutdowns in 2000.
These attacks precisely reveal the vulnerabilities inherent to the Internet. A DDOS attack functions by overwhelming a server with a deluge of messages that appear to be normal. The DDOS attacker strategically builds an army of key players including:
1. One client machine for coordinating the attack.
2. Three to four host machines, which are battlefields under the attacker's direct control.
3. Potentially hundreds of broadcasters, which are the legions that run the code to generate the flood of packets that attack a target system (consisting of at least one machine). Broadcasters are recruited by port scanning software that determines the machines on which the attacker can gain root privileges. On these machines, the attacker can embed hidden programs that wait for instructions from the Host machines.
iii. Data theft
Data theft is the term used to describe not only the theft of information but also unauthorized perusal or manipulation of private data. In 1996, a 16-year-old British youth and an accomplice stole order messages that commanders
sent to pilots in air battle operations from the Air Force's Rome Laboratory in New York. The two also used the Air Force's own computers to obtain information from NATO headquarters and South Korea's Atomic Research Institute. In April 2001, two employees of Cisco Systems were indicted for obtaining unauthorized access to Cisco stock. These two men, who worked in the company's accounting division, broke into the computer system that handled stock distribution and were able to transfer stock shares to their private portfolios. The total value of their shares over two separate transfer attempts was nearly $6.3 million, according to the US Department of Justice.
ONLINE FRAUD
Online fraud is a broad term covering Internet transactions that involve falsified information. Some of the most common forms of online fraud are the sale via Internet of counterfeit documents, such as fake IDs, diplomas, and recommendation letters sold as credentials; offers of easy money, such as work-at-home offers that claim to earn individuals thousands of dollars for trivial tasks; prank calls, in which dial-up connections lead to expensive long distance charges; and charity facades, where donations are solicited for phony causes.
Identity theft is a major form of online fraud, or misrepresentation. In the online world, electronic commerce information can be intercepted as a result of vulnerabilities in computer security. Thieves or perpetrators can take information (such as victims’ credit card numbers) and do with it what they will. This is one of the reasons for which it is critical that users and organizations avail themselves of appropriate computer security tools, which serve to prevent many such interceptions. For example, in January 2001, the entire municipality of Largo, Florida lost e-mail service for over a week when an unknown company based in Spain compromised its identity. The company hacked into the city's e-mail relay system to steal the Largo.com identity. Soon enough, e-mail spam seemingly from Largo.com addresses flooded the net, and many Internet Service Providers blacklisted all incoming and outgoing electronic messages from the city.
How to prevent the threat?
Nowadays, the computer systems in an organization are very important because when it s attacked by the computer viruses, it will cause the important files to be damaged and lost. Therefore the organization should take an action to prevent its computer attacked by viruses. The action that can be taking is to install the updated anti-virus software such as Kaspersky Antivirus and AVG Antivirus software. All these antivirus software will directly to delete the malicious program when the software found it. However, organization are suggested that should not use the trial version or free version antivirus software because the software is not complete in function.