Computer Crime Research Center


Beware: traps on the Net

Date: April 24, 2004
Source: Computer Crime Research Center
By: Andrey Belousov

No one thought about security issues till the appearance of the first online store. Unprotected protocols and potentially vulnerable mechanisms of authentication were used everywhere. Requirements to modern systems of protection have changed principally, but still transition to new standards and improvement of security of protocols are dragged out essentially. It is impossible to change software of all the sites of the global network simultaneously. For the purposes of compatibility, developers and administrators have to support old solutions of 10-20 years prescription.

An underground online store is created in the simplest way. This site duly collects credit card numbers and does not ship any goods. On the paid porn or erotic portals you can never be sure that your account won't go down when you input your credit card number. This is the simplest non-technical way of theft using only people's trust. Similar one-day online stores appear not only in the network but also in real life. A real certain firm collects a number of orders, gets early payments and then disappears without a trace.

What are the risks of users that don't visit any questionable sources and uses services of big and trusted suppliers only? All possible technical threats can be divided into three categories: a) substitution of the target URL, b) obtrusion of a wrong route, c) embedding a spy program into a computer of the victim.

Interception of network traffic may be also added to this list. Algorithms of encoding that are applied to numbers of credit cards (especially when data is transferred via unprotected protocols) are working well only by words. Developers make errors in software codes in real life quite often. These bugs more or less weaken stability of the code and make it vulnerable to break in.

Yet another kind of Internet-trap is a situation happened at the exchange in the Southern Korea. When the trading on the exchange was flat, Korean market suddenly went down by 1,5% (in money it is equal $3 billion losses). The cause of the panic on the trading floor was the April 1 announcement at local television that Bill Gates, Chairman of Microsoft, was killed by a lone gunman at a charity event in Los Angeles. This "news" was picked up by first-rate channels of local TV: MBC, YTN and SBS. The entire story from the beginning till the end was a fake. Information was obtained from the CNN-like forged website on the Internet.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo