Internet Security--A Plan of Attack
But in the meantime, nobody is recommending complacency. Some recent studies have shown that many e-commerce customers will migrate quickly to a competitor if they cannot get the service they want, at the moment they want it. To compound this problem, the research also indicates that this momentary change of direction often results in continued patronage to the new site. But this is not the only kind of attack that's possible.
"Of course, many different hacks can occur," agrees Patrick White, CEO of Sprockets.com, a secure Web hosting service based in Boston. "The most common is where the hacker guesses the user name and password to get 'root'," or control of a company's system. White has encountered more than one computer system where this guessing game is all too easy.
"If your user name is 'user name' and your password is 'password,' that's pretty easy to guess," he laughs.
A different form of attack is called Web page modification. If a hacker can learn the passwords that are used to upload pages to a company's Website, he or she can upload their own Web page, displaying whatever message they choose, or rerouting the user to another site.
In one recent case, a major catalog Website of a huge, reputable brand had its home page diverted to a pornography site. In another, retailer Staples.com had a product catalog Web page hacked, and all the hyperlinks for individual products were changed to links that led users to competitor OfficeDepot.com. Several government Web pages have also been replaced with Web pages featuring manifesto-like pronouncements.
Worse, computer systems without proper security can be vulnerable to even more serious, and potentially devastating, attacks: attacks in which data are altered or corrupted; attacks in which customer files are damaged or compromised; attacks which can bring down an entire company's network.