E-Commerce

1. E-Commerce Emilee King

2. Introduction Ecommerce.About.com defines e-commerce or electronic commerce as “Transacting or facilitating business on the Internet. Growing use due to convince and cost differences both for customers and business owners. According to Prosper Insights & Analytics, 34% of Americans say that they completed 50% or more of their shopping online—that’s a 99% increase from the 2006 shopping season.

3. Web Spoofing Web spoofing is where a person makes a web site that looks like the site that the user believes that they are visiting; so the user will give the hoax website all of their information thinking it is the site that they wanted to go to. Most of these websites rely on the user accidentally mistyping in the address of the website they wanted to go to, or are a result from the hacker sending fake emails saying the user needs to reset their password or verify their information.

4. Ebay’s Problem with Web Spoofing Classified ads are being exploited on eBay by modifying the listings with JavaScript Redirects and proxies. JavaScript embedded within the item's description will automatically redirect the victim's browser to the attacker's website. The victim is completely unaware and usually gives the scammer money.

5. How is EBay Handling This..? Essentially, they aren’t. Since the scams are happening in the classified section, the buyers and sellers are not protected by Ebay. EBay put a new clause in their terms in conditions that users are not allowed to use javascript in their listings. So a user gets banned if they are caught. Since the scammers use compromised accounts, Ebay ends up banning someone who just got their password stolen.

6. How Easy Is This To Fix? Pretty darn easy. Seriously, just Google “How to secure an iFrame” Ebay would just append their terms and conditions rather than fix the problem.

7. Denial of Service Attacks Standard DDoS attacks Smokescreen DDoS attacks New Amplified DDoS attacks

8. Standard DDoS Attacks E-commerce sites are hurt by DDoS attacks by loss of revenue, damaging the company’s brand image, and the company’s relationship with its customers. Attackers tell botnets to contact a specific server or Web site repeatedly. This can generate enough traffic to slow the site or in some cases take the site offline.

9. Amazon and DDoS 2009 major e-commerce sites such as Wal-Mart and Amazon were a target of a DDoS attack that took down their site for an hour. It’s just an hour right? How much can a business lose for not selling things for an hour? When Amazon went down for just 40 minutes last year Forbes estimated the online retail giant lost $66,240 dollars per minute, totaling nearly $2 million dollars.

10. Amazon’s Solution Elastic Infrastructure or EC2 Designed to automatically scale to handle giant traffic spikes. Proven effective when hacktivist group Anonymous tried a DDoS attack after Amazon stopped hosting WikiLeaks after US documents were leaked.

11. Smoke Screen DDoS Shorter but more intense attacks, this attack does not have the intention of taking a site down. While IT staff is distracted trying to take care of a DDoS attack, they are not monitoring everything else for a breach. So criminals come in and steal private data, intellectual property, and in some cases deleted information off of organizations’ servers. In one case, crooks used DDoS to help steal bank customers’ credentials and drain $9 million from ATMs in just 48 hours .

12. New Amplified Attacks http://youtu.be/BcDZS7iYNsA?t=5m40s CloudFlare’s data centers were recently attacked, and reached bandwidths of 400 gigabits per second.

13. Why This Matters E-Commerce is now a common practice and it’s not going to go away. We need to be able to build secure sites or fix them to avoid Ebays problem, or work on solutions like EC2.

14. References Clay, K. (2013, August 19). Amazon.com Goes Down, Loses $66,240 Per Minute. Retrieved from Forbes: http://www.forbes.com/sites/kellyclay/2013/08/19/amazon-com-goes-down-loses-66240-per-minute/ Drenik, G. (2014, February 03). Year Of Reckoning For Brick And Mortar Retailers. Retrieved from Forbes: http://www.forbes.com/sites/prospernow/2014/02/03/year-of-reckoning-for-brick-and-mortar-retailers/ Invesp. (2011, July 18). How Big Is E-commerce Industry. Retrieved from Invespsoft: http://www.invespsoft.com/blog/ecommerce/how-big-is-ecommerce-industry.html Lemos, R. (2013, September 9). Countering Attacks Hiding In Denial-Of-Service Smokescreens. Retrieved from Dark Reading: http://www.darkreading.com/analytics/threat-intelligence/countering-attacks-hiding-in-denial-of-service-smokescreens/d/d-id/1140474? Mello, J. J. (2014, February 12). Hackers Perfectly Time Largest DDoS Attack Ever. Retrieved from E Commerce Times: http://www.ecommercetimes.com/story/79965.html Mutton, P. (2014, April 28). Fraudsters modify eBay listings with JavaScript redirects and proxies. Retrieved from NetCraft: http://news.netcraft.com/archives/2014/04/28/fraudsters-modify-ebay-listings-with-javascript-redirects-and-proxies.html Neustar . (2014, April 28). Smokescreening: Data Theft Makes DDoS More Dangerous. Retrieved from CircleID: http://www.circleid.com/posts/20140428_smokescreening_data_theft_makes_ddos_more_dangerous/ Time. (1999, December 27). 1999 Person of the Year. Retrieved from Time.com: http://web.archive.org/web/20000408032804/http://www.time.com/time/poy/bezos5.html