|
|
Homework Assignment 1
One
of the most recent cases of a major corporations’ web site being hacked
happened on September 8, 2000. Western
Union Financial Service Corporation of Englewood, Co, is best know for its
money wiring services. Most of the
services that they have traditionally performed are now available via the
web. In fact, they were planning to
begin some aggressive marketing for some additional web based financial
services. Anyone with an e-mail address
could send or receive money, or request payments. In addition, consumers may use their credit card to provide the
necessary funds.
It
was this database of customer’s credit card numbers that was violated. An unidentified hacker (probably
undetermined at this point) was able to steal 15,700 credit and debit card
numbers. While the circumstances
surrounding the break-in were vague, it appears that a human error allowed the
unwanted entrance. The site has only
been equipped to handle money transfers since June of this year. Allegedly, after some routine maintenance on
the site, a programmer left a part of the security mechanism turned off. This hole allowed the leakage of the private
information.
Western
Union shut the site down for five days.
They admit that this was two days longer than they had expected. In addition, they profess to have
“fortified” the sites’ security to ensure the integrity of future data. Both points lead one to believe that the
intruder’s entrance may not have been “left open” by mistake.
Right
now, Western Union claims that there have been no damages reported in terms of
fraudulent charges to the stolen cards, and that they are working closely with
Visa and Mastercard to ensure that liability is limited. The most damage may come to the reputation
of a company as they try to assuage the fears of consumers and develop a market
for their online services.
Information came from several articles posted on the
Dow Jones Interactive Network including:
Western Union Site Back Up After Breach, Weiss, Todd
R., Computerworld, Sept 18, 2000
There
have also been several recent attacks on on-line banks. As one would imagine, there is not an
abundance of information on any of the attacks. The banks do not want to discuss any of the details, and would
really rather that there was no media attention at all.
The
first incident happened in early August.
The Swiss banking group UBS admits that their computer network was
infected with a virus that attempted to steal the Personal Identification
Numbers (PIN) of their clients. The
virus was apparently e-mailed into their system. They claim that no information
was stolen as the virus attempted to figure out passwords that were assigned by
the network, and most clients choose their own password.
The
next case occurred on August 28, 2000.
The St. Georges Bank internet site was crippled by an onslaught of
e-mail. This disruption of service
attack does not compromise information, but results in damage to both the
reputation, and the pockets of the bank.
This attack happened three days after the bank announced the loss of
1450 jobs. The Corporate Relations
Manager states that officially the bank feels that these incidents are not
related, but disgruntled employees is a major concern in the security world.
The final case occurred on
August 31, 2000. The on-line bank
Egg.com suffered a slowdown of service when hackers sent a multitude of credit
card applications. While no private
information was revealed, even such a tame attack can rattle consumer
confidence. The embarrassment that is
associated with a media story regarding internet security issues could damage a
company’s image beyond repair.
The concept of internet
banking is still relatively new. Some
banks, like Egg.com, are purely on-line.
In order for this type of business to flourish, consumers must feel safe
giving some of their most private information.
As business tries to quell the hype, the media fans the flames. Three attacks, in three different ways, all
relatively harmless. Only time will
tell if they truly are harmless, and if the reputation can survive.
Information came from several articles posted on the
Dow Jones Interactive Network including:
Eggs On Their Faces After Robbery, Goodley, Simon,
The Daily Telegraph, August 30, 2000
Hacker Hits Dragon Site, The Daily Telegraph
(Australia), September 1, 2000