Commerce in a post-Wikileaks economy

cc.jpgYou’ve likely seen the news that Visa, Mas­ter­card, PayP­al and oth­ers are under dis­trib­uted deni­al of ser­vice (DDOS) attacks by folk who feel that WikiLeaks head­man Juli­an Assange is being per­se­cuted for dis­trib­ut­ing sens­it­ive inform­a­tion he’d received from oth­ers.

Set­ting aside that entire espi­on­age, sex-by-sur­prise, per­se­cu­tion, journ­al­ism and right to inform­a­tion thing, what’s left is the hack­ing attempts — coördin­ated attacks on key points of the infra­struc­ture of com­merce. This, as we are in the midst of the hol­i­day buy­ing sea­son. A juicy tar­get indeed.

What’s hap­pen­ing
The coördin­ated attacks seem to be hav­ing some small effect on com­merce. Accord­ing to one report:

Mas­ter­Card, call­ing the attack “a con­cen­trated effort to flood our cor­por­ate web­site with traffic and slow access,” said all its ser­vices had been restored and that account data was not at risk.

But it said the attack, moun­ted by hack­ers using simple tools pos­ted on the Web, had exten­ded bey­ond its web­site to pay­ment pro­cessing tech­no­logy, leav­ing some cus­tom­ers unable to make online pay­ments using Mas­ter­Card soft­ware.

How it’s done
By using freely avail­able tools to tar­get and coördin­ate these attacks, *any­one* can join in the action. Find the right IRC serv­er, down­load the tools, and turn them on — poof, you’re a ‘hack-tiv­ist’ and  your com­puter (or com­puter net­work) is now part of a bot­net:

The weapon of choice is a piece of soft­ware named a “Low Orbit Ion Can­non” (LOIC) which was developed to help Inter­net secur­ity experts test the vul­ner­ab­il­ity of a web­site to these assaults, the dis­trib­uted deni­al of ser­vice attacks. The LOIC is read­ily and eas­ily avail­able for down­load on the Inter­net.

The LOIC can be con­trolled cent­rally by an admin­is­trat­or in an Inter­net Relay Chat (IRC) chan­nel, a type of com­puter chat room; it can seize con­trol of a net­work of com­puters and use their com­bined power in a DDoS attack. The attack is aimed at the tar­get web­site and when the LOICs are activ­ated they flood the web­site with a deluge of data requests at the same time.

The DDoS attack pre­vents the over­loaded serv­er from respond­ing to legit­im­ate requests and slows down the web­site to a crawl — or shuts it down totally. The attacks are coördin­ated in the IRC chan­nel, and on Thursday, around 3,000 people were act­ive on the Oper­a­tion: Pay­back chan­nel at one stage.

One side effect of all this is that the par­ti­cipants are also test­ing the lim­its of the com­merce infra­struc­ture for hack­ers and oth­ers who’s inten­tions may not be so noble as pre­vent­ing a per­ceived injustice.

The impact
So what does this mean for retail­ers and cus­tom­ers in the next few weeks and months, and what does this mean for the future of online com­merce?

  • Slow or blocked online com­merce — if the serv­ers are clogged, your online mer­chant may not be able to pro­cess your cred­it card or PayP­al trans­ac­tion, and can’t com­plete the sale
  • Increased attacks — depend­ing on how this spate of incid­ents turns out, copy-cats will use the same tech­niques against new tar­gets, or evolve their own meth­ods and tools
  • Increased unease — new online con­sumers will have anoth­er reas­on to *not* shop online, pre­fer­ring to con­tin­ue shop­ping at brick and mor­tar shops as they’ll feel more secure
  • Increased secur­ity — essen­tial to recov­er con­trol of the com­merce infra­struc­ture and to demon­strate to con­sumers that online com­merce works and is safe
  • Increased cost — bet­ter and tight­er secur­ity isn’t free, so this ‘cost of doing busi­ness’ will be factored into the retail pro­cess, res­ult­ing in high­er prices

The Genie is out of the bottle
Yep, the tools and tech­niques have been around for a while. It’s taken one event like this to cata­lyze a motiv­ated and uncon­nec­ted group of people around the world to par­ti­cip­ate in coördin­ated action. We will see more of this, maybe aimed at polit­ic­al insti­tu­tions, nation­al gov­ern­ments, or launched by envir­on­ment­al act­iv­ists. Wel­come to a new real­ity.

Related Posts with Thumbnails