CSC 330 E-Commerce
Teacher

Ahmed Mumtaz Mustehsan
GM-IT CIIT Islamabad

Virtual Campus, CIIT
COMSATS Institute of Information Technology

T1-Lecture-9


T1-Lecture-9
E Commerce Security Environment
Chapter-04
Part-I

For Lecture Material/Slides Thanks to: Copyright © 2010 Pearson Education, Inc


Objectives
 Understand

the scope of e-commerce crime and
security problems.
 Describe the key dimensions of e-commerce security.
 Understand the tension between security and other
values.
 Identify the key security threats in the e-commerce
environment.

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

1-3


Online Robbery - Introduction
 In

comparison to robbing a bank, internet banking can
be robbed remotely and more safely
 Stealing a music / video CD from shop is harder than
downloading from illegal websites
 If you take internet as a global market place; Many
fake websites exists online to trap users by putting
some attractive contents and extra ordinary deals and
offers, making the remote users to provide their credit
card information etc.
 One can not break into physical home easily and
breach the privacy but if the password of social
networking account is hacked then the privacy is
compromised

T1-Lecture-9

Ahmed Mumtaz Mustehsan


Copyright © 2010 Pearson Education, Inc

1-4


Cyber Attack - Introduction
Denial of Service Attack (DOS):
When one computer sends or flood the high number of
data packets to a targeted computer resulting in chocking
the resources ( communication path, processor etc.)
Distributed Denial of Service Attack (DDOS)
when many computers attack on single websites, or
online system from many locations in a single time
resulting in overwhelming the system and creating
congestion and many other impairments and making the
system or website unavailable for legitimate users

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

1-5


Cyber Attack - Introduction
Botnet:
Artificially intelligent or robot computers can work
together. A group of such computers (even in millions)

capable of being managed remotely by single person
attack on some online system or website.
Example:
In 2007 1 million computers were used in an organized
attack on govt. of Estonia’s important servers

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

1-6


DDOS

3­inc.com/pk_whatisddos.html
T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

 
1-7


CYBER Warfare Reference for study
Russia – Estonia Cyber war

Twitter DDoS
Korean DDoS
Taught at US Military academies

 />bh-fed-03-dodge.pdf
iwar_wise.pdf

/>T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

1-8


Your PC may be part of Botnet
 Botnets

are responsible for over 80% of the spam sent
to the computer users
 Some computer users download those spam files
because of having less knowledge
 Some computers become infected because of
unavailability of antivirus software
 Some computers are compromised by means of using
pirated software
 10 % of the world’s billion-plus computers on internet
are capable of being captured by stealth malware
programs which are installed by clicking malicious links

and downloading hidden files.

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

1-9


The E-commerce Security Environment
Overall size and losses of cybercrime unclear
Reporting

issues

2008 CSI survey:
49%

year

 Of

respondent firms detected security breach in last

those that shared numbers, average loss $288,000

Underground economy marketplace
 Stolen


information stored on underground economy
servers

 Credit

cards, bank information, personal identity etc etc
are sold at these servers.

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

110


Rates of different stolen objects at
Underground e market

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

111



Types of Attacks Against Computer Systems
(Cybercrime)

Source:
Based on data
from Computer
Security
Institute, 2009.

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

112


What Is Good E-commerce Security?
To achieve highest degree of security
Use

of New technologies

Organizational
Industry

policies and procedures

standards and government laws


Other factors to be looked in:
 Time

value of Information

 Cost

of security vs. potential loss

 Security

T1-Lecture-9

often breaks at weakest link

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

113


The E-commerce Security Environment

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc


114


Ideal E Commerce Environment
 Capable

of making secure commercial transaction
 Achieving highest degree of security
 Adopting new technologies
 Giving awareness to users about online safety
 Defining and understanding industrial standards
 Implementing governments laws
 Prosecuting the violators of laws

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

115


Dimensions of E-commerce Security

T1-Lecture-9

Ahmed Mumtaz Mustehsan


Copyright © 2010 Pearson Education, Inc

116


Typical Transection facilitated by Technologies

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

117


The Tension Between Security and Other
Values
 Security

vs. ease of use

◦The more security measures added, the more difficult
a site is to use, and the slower it becomes
 Security

vs. desire of individuals to act anonymously

◦Use of technology by criminals to plan crimes or
threaten nation-state


T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

118


Security Threats in the E-commerce
Environment
Three key points of vulnerability:
1.

Client

2.

Server

3.

Communications pipeline

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc


119


A Typical E-commerce Transaction

SOURCE: Boncella, 2000.
T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

120


Vulnerable Points in an E-commerce
Environment

SOURCE: Boncella, 2000.
T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

121


Most Common Security Threats

Malicious code
Viruses
◦virus is a computer program that has the ability to
replicate or make copies of itself, and spread to other
files
Worms
◦worm is designed to spread from computer to
computer
Trojan horses
◦Trojan horse appears to be nonthreatening, but then
does something other than expected
Bots, botnets
 Software Robots called bots (As Explained)
T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

122


Most Common Security Threats in the
E-commerce Environment
 Unwanted

programs: Browser parasites

◦Adware
◦Spyware


T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

123


T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

124


Spyware








Software that sits on your computer
◦ Monitors everything that you do and sends out reports to

Marketing agencies
◦ Usually ties to a POP-UP server
Top Spyware
◦ I-Look Up
◦ CoolWebSearch
◦ N-CASE
◦ GATOR
◦ DoubleClick
If you have ever loaded ICQ on your PC you have Spyware
If you have ever loaded KAZAA on your PC you have Spyware
If you have ever loaded Quicken or TurboTax you have Spyware

T1-Lecture-9

Ahmed Mumtaz Mustehsan

Copyright © 2010 Pearson Education, Inc

125