CNET también está disponible en español.

Ir a español

Don't show this again


Hackers target e-commerce sites

E-commerce Web sites are juicy targets for attacks from hackers, a security monitoring service says, based on a log of attempts to break into its customers' sites.

E-commerce Web sites are juicy targets for attacks from hackers, a security monitoring service says, based on a log of attempts to break into its customers' sites.

The report details activity by hackers, or "crackers" as hackers with malicious intent are called, and says attacks increase quickly after hacker tools are published on the Net.

"The most surprising finding is the rate at which people are experiencing attacks and probes. It's much higher than expected," said Michael Turner, vice president of marketing for NetSolve, which operates the ProWatch Secure remote network security monitoring service.

"In spite of all the stuff being written on how security is getting to be a more important issue as people open up their networks to partners, the things that are written may be understated compared to what data is showing," Turner said.

The report is based on half a million security alarms detected by ProWatch in the five-month period from May through September this year. The service monitors both Web sites and customer networks connected to the Internet.

Every e-commerce site on the service was attacked in the five-month period reported, compared to just 60 percent of sites that are not e-commerce. Overall about 80 percent of companies experienced at least one major network attack per month, and every customer had heavy probing by crackers looking for a system's vulnerability.

On average, sites had between 0.5 and 5 serious attacks per month, with high-visibility and e-commerce sites the most vulnerable. E-commerce customers include Web sites for consumer sales or distribution partners. Other customers include financial services firms and manufacturers.

Ellen Carney, a security analyst at Dataquest, said the number of attacks on e-commerce sites surprised her--"I suspect it's pretty accurate."

The report points to a problem that most companies have not addressed, she added. "You may think you're safe, but you're not," Carney said.

NetSolve said that to its knowledge, no sites it monitors had lost proprietary information or been shut down by an attack. However, the company might not know about data theft if someone slipped through its monitoring systems.

Citing confidentiality agreements, NetSolve declined to say how many customers use the service except to say it was more than 10 and fewer than 100.

"The higher your profile on the Internet, if you are advertising your site or are a big company name, statistically you're going to get hit [more] than a site that has no visibility on the Internet," said Carlos Gomes, a NetSolve network engineer. E-commerce sites that publicize their services become popular targets.

The best measure companies can take to protect themselves, Gomes said, is to make sure they have logging and audit capabilities on their sites so they can catch and counteract security attacks.

Particular kinds of attacks are almost faddish, NetSolve discovered. Attacks based on a weakness in some software implementing the Internet Message Access Protocol (IMAP) mushroomed in July after tools were distributed through underground hacking user groups.

Details of the IMAP vulnerability were published by the Carnegie Mellon Computer Emergency Response Team in April, but NetSolve's service detected no IMAP attacks in May and minimal incidents in June. From July through September, NetSolve's customers experienced 284 detected attempts using IMAP.

"The data suggests the widespread distribution and use of these automated tools, which enable "copycat" attacks, are increasing the number of unsophisticated, yet potentially dangerous hackers," NetSolve stated in its report.

ProWatch uses WheelGroup's NetRanger device to detect attacks, which are monitored at NetSolve's 24-hour operations center. WheelGroup's hardware is used in a similar service from IBM Global Services, and Perot Systems this week announced plans for its monitoring service, also using NetRanger.

NetSolve claims its results provide the first solid data on the prevalance of attacks on networks and Web sites because other security surveys ask organizations about suspected problems based on assumptions, not hard data.

In other findings, NetSolve said:

  • 48 percent of attacks originated from ISPs, not independently registered IP addresses.

  • Attacks were identified as originating from U.S. government sites, a major financial institution, business partners of NetSolve customers, universities, even a well-known but unnamed security expert.

  • 39 percent of all attacks originated outside the United States.

  • 72 percent of attacks using "CGI-bin" methods, the most common technique used against e-commerce sites, originated from outside the United States. Part of that is U.S. hackers breaking into overseas systems, then using them to launch attacks on commerce sites.