E-Business is a term used to define a business or mode of operations that have their existence on the internet or which conducts it operational tasks electronically. E-business is the ability to provide products/services on a secure domain with low costs, which allow hundreds of people to be looking at them and it also helps to make up to date changes on a regular basis. In its simplest form E-business can be taken as providing service and ease with satisfaction with the use of technology.
Ethics is a part of the study of psychology, which shows what is right and wrong, what acceptable behavior is abiding by the law, business ethics too involve such measures that needs to be taken care of in relation to communicating or dealing with other people whom being a stockholder, stakeholder or a shareholder may have influence over your business (Gauer.2000). E-business do have ethical rules associated with it, as in this case the targeted number of people is much larger and their privacy and content should be given preference while dealing.
The ethical/legal issues involve in an E-business can be of different types and genres. The internet was once taken as the source only to search for some important information, but with a gradual update of time it is getting more commercialized, now it’s seen most of the trading is done through the internet even banking has been made online, this is done not only to provide ease but it is also considered as the cheapest and fastest service to cater the needs. But E-business does not come alone without having any constraints, these issues might be considered as normal, but they do have serious impacts on the sources (Gehling and stankard, 2005).
Ethical and legal Issues
The issues involve can be:
It refers to the technique used over the internet where attackers form a fake website, made on the same criteria and setup as the original one and demands from customers to give their credit card numbers and other personal information that then can be used in any of the disruptive activity which they will not be aware of.
This technique involves when a domain name of a well known business or organization is purchased, registered or used illegally for the purpose of infringement of its trademarks. This is done to wring payments from the original owners of the trademark. This is a source of manipulation done by the hackers to demand high payments for getting back the domain; otherwise their trademarks will be distorted.
This issue is mainly related to consumers, when their personal information is leaked out and used for unauthorized purpose. This involves getting personal information of consumers using different web technologies. The information provided can be used by anyone other than in authority. The malicious programs that run silently on web pages can reveal the personal data of consumers.
It is also referred to as unsolicited commercial email. This is done by spammers as they send fake emails representing an authorized name and get access to the personal data of the customers as if by mean of asking this for promotional purposes or other related activities.
These ethical/legal issues of E-business can be associated with hacking as becoming a serious issue with ever growing responsiveness for the online operations of the business.
Hacking is a major cyber crime, it refers to when a person or a chunk of people get access to the data with unauthorized measures and uses it for the purposes of infringement of information and dispossession of online operations a business.
The recent incident of hacking has been reported which discusses the ethical/legal issues of this activity and its effects on consumers, the further part of this paper will elaborate as how this intrusion could have been prevented and what measure could have been taken.
Sony Pictures and PlayStation 3.0 Hacking
Sony PlayStation accounts – about 1 million were hacked by hacker George Hotz. Sony took legal action against him and in retaliation, the group Lulzsec headed by founder Sabu hacked into Sony Pictures accounts. Data including user names, their passwords, addresses and email ids were stolen. Sabu ultimately pleaded guilty, turned an FBI informant and helped arrest 5 more member hackers (Caldwell, 2011).
Discuss the ethical & legal issues involved in a recent hacking case
The ethical/legal issues that we have discussed earlier can be identified with respect to this incident because this incident is related to the intrusion in accounts of consumers where they have stored their personal information and other data that can be used for unauthorized purposes.
Web spoofing can be related to this incident that the hackers from attacking the accounts of consumers have authority over their passwords and user names, what they can do is, by making a fake website they can add up all those accounts to it without knowing the customer about it and then these accounts can be used for infringement purposes. These acts will not only affect the reputation of Sony but also the trust built and the relationship between customers and the company may be distorted.
This act of web spoofing can lead to cyber squatting by the attackers as by making a fake site they are using the domain name of Sony or they have purchased or made illegal use of the name for unauthorized purposes, they can either use the domain as infringement of information as per to the operations of Sony, or they can push up several measures that will destroy the reputation of Sony in the market and in the eyes of its present and potential customers, the attackers may demand for huge amounts of money if Sony wants to prevent destruction of its reputation and operations in the market.
The other issue is about privacy invasion which has been done in this case by violating the rules and leaking the personal information of the customers by hacking their accounts and getting access to their user names and passwords. The intrusion in the case can be malicious because the personal data of the customer can be used for any purpose once it has given access, this may lead to devastating results because personal information can be comprised of names, credit card numbers, phone numbers, email address, which are quite sensitive to handle. They can be used by hackers in illegal tasks, and this will lead to furious results for the poor customer who is all unaware of the fact.
The last issue discussed is of email spamming, after getting personal information or access to the site or domain, the attackers can generate fake emails to the clients asking them for money contribution as act of promotions or other personal data that is not available on the site and make use of it for illegal tasks, making money through this act is common among the spammers and it is found to be the easiest of the technique, because customer is unaware of the fact and being a loyal consent gives information for what they are asked for.
Describe what happened and the consequences. What did the company involved do as a result of the intrusion?
Sony has been a victim of this cybercrime for twice, they have to look for prevention techniques to avoid threats that have been intruded their network. The responsibility of this spoofing has been taken by the group named LulzSec, they have stated that “they have stolen information such as names passwords user names email addresses and other private data of the clients by just breaking into the Play Station network, and to be worst for Sony and to their best they found the data that was not at all encrypted, Sony has saved about 1,000,000 passwords that were in the form of plain text which makes it easier for anyone with some polished skills of hacking to be taken away very easily”.
LulzSec has stated that the theft of data also included 75,000 music codes, and 35 million music coupons, they also have provided with a sample of data which they claim they have taken from the company’s networks and show it as their accomplishment of the mission.
As a result of this intrusion Sony has been victimized and more vulnerable to threats and losses it can generate. As a result of web-base being hacked Sony will now have to incur interconnected cost, the play station hacking instance, has caused Sony a loss of more than $170 million. Apart from the monetary cost rose from hacking theses instances will also add up as a cost for organization for putting in considerable time of the employees which otherwise can be used in their several operational tasks, which will result in a loss of more money being generated.
Computer hacking is what is called the intrusion or interruption of information, Sony Play station is a digitized client database that has names, passwords, email addresses of the clients. The loss of such information can result in a partial loss of competitive edge in the market and it will also affect the client base as they will feel hesitant to trust the source again.
The organization that has been most prudent to the threat of hacking just as in case of Sony needs to develop an organizational structure that is comprised of extensive information technology teams, (Nissanoff, 2006) which will work for the development and improvement of computer networks and safety to secure the network to stop and dissuade hackers from distorting the information available on the server. To make this effective these measures should be made part of the initial business plan so they get implemented timely.
The database being hacked can also lose consumer confidence, once their data has been manipulated, just as in the case of Sony, it’s been twice that they have been a victim of hacking, now the consumers will feel hesitant to provide sensitive information such as credit card numbers and other personal data with a nuisance of their data being stolen and misused. It is very hard to restore the trust and satisfaction of customers once they have been maltreated by a cyber-attack.
What should they have done?
According to Stephen Gates, it is not easy for hackers to manipulate into a server with quite an ease there is some backdoor holes which is helping them to knock the networks so easily, he suggested that companies like Sony should put some protection barricades to identify these persistent threats and stop them from destructive actions.
Sony must introduce tapping technology like intrusion prevention systems (Logan, 2005) which will enable the server to examine the protocols that are being parted of its network. It will also make it too easy and clear to identify protocol anamolies, which will help it to identify the threats and closing them down without facing any fierce consequences.
The security analyst of AppRiver Fred Touchette also stated that companies like Sony should be warned by this incident and should take proactive inspection measures, as most of these companies are not concerned about what is being taken out of their network. All they want is to keep track of information that is being injected into the server which is not appropriate enough. If they will give a consideration to this fact then the harm created by these persistent attacks can be minimized. Sony being hacked for twice needs to put more emphasis over the cyber security issue. The group of hackers has claimed that they have used a simple SQL injection attack to reach into their database and access all the private information which was stored unencrypted in plain text. Learning from the previous experience Sony should have moved a bit faster and should have taken measures to harden their servers company wide. Carrying personal information about people is not a small thing. It’s basically the level of trust they show to you. Companies with established names such as Sony should not have taken this measure to be a light issue, despite of knowing what vulnerable consequences they might end up facing.
The PlayStation or PSP network of Sony after being intrigued was put down for not more than 3 weeks until Sony struggled to secure the system.
What could have been done to prevent the intrusion?
There has been an extensive threat of hacking to the online business. To prevent such threats several measures have been designed that will help any business to prevent it from being captured.
“Ports” are the means of access given to the user to have a right of entry to use the data but not being part of the server. Using ports, data can be easily utilized and transferred in both ways. The access of ports and utilization of these is considered as a very sensitive issue and its access has been given to professional people as to protect the vulnerability of the matter if attacked. But these ports are sometimes used as an open and close access to support programs such as FTP (File Transfer Protocol). Here comes the issue (Kemmerer, 2003) when hackers find it convenient making an attempt to use your sensitive files, it is very essential to confirm that all the unsecured ports are closed to save content.
Updated security patches
Be sure that the security patches provided to protect the latest data and their protection measures are updated regularly. There is a very popular program by the name of content management systems is being used by many hackers, who are trying hardest of efforts to hack the sensitive information on the net/servers. So release and update the security patches regularly to keep track of your plug-ins/core files.
Comments being the most extensive feature considered to get an instant mark and helps creating a good relationship between the server and the customer. But in this case, the server should be very careful, it needs to validate the form of input it is getting before its acceptance in the server, it will help to strip out the unwanted content and prevent any hideous measure to take place.
Unsolicited installation of scripts
It is better to avoid installing third party scripts on the main server of your webpage, unless knowing the fact that what are they and what function it acquires. Even if there has no need arisen to understand the program itself, what you can do is just simply read through the code and look for references and examine third party URL’s. If they are not safe it can be easily prevented.
Using correct CHMOD Permissions
CHMOD allows specific value grant to files and folders on the server, that can determine different levels of access. The permissible range in this specific program varies from 000 (no access) to 777(full access), it’s your decision to allocate permission levels to every content. Make sure that the third party software or might be intruders has to be allowed higher permissions to access if they want to be functional at a proper level. There comes a sensitive decision which has to be taken by you being the authentic party to make a balance between security features.
Prevention of harvesting your lists
Hackers often use techniques to harvest email addresses as in the case of Sony to use for malicious activities. If the domain is saving email addresses for particular reasons of requirement, then be sure they are secured in secure formats, as in most cases the preferred form of storing this type of sensitive data in MySQL database.
Hacking can be prevented through mutual collaboration of both the server and the customer, in order to be successful in the prevention of hacking activities, companies like Sony can provide guidance and manuals as how to take measures and prevent their information from being stolen as per their part.
Use of Generic user names
The clients of a website/server should be educated by the concerned parties as what type of username they should be using. Making common/ generic words as your username makes it very convenient for the hacker to be successful in completing his mission.
It is considered as the best technique which can be implemented on behalf of the customer for the protection of matters. It is considered very easy for the hacker to plow huge amounts of data in a very quick time, so generally it is advised to have longer passwords to increase the security of the content, and it is also advised to have a password which contains a combination of characters including alphabets as well as numbers. In such cases, hackers use a method called dictionary attack in which they try different user names and combination of passwords repeatedly that they think are most appropriate for the selection until they get lucky. So it is generally advised to have random strings of combination in your password, then by using a generic form of text.
It is very essential to clear the history before you leave the computer, because the information you left behind might get to a source by an unreliable ISP and can be used for illegal unauthorized purposes. Do it often no matter, the server provides you with the claim that there is “no tracking of privacy”. Just be sure to clean the cache to maintain your safety quotient (Iec and abowd, 2005).
The internet today has been taken as the most convenient and easy to approach source in conducting every kind of business. The WebPages and networks/servers contain an enormous amount of data stored after it that can be viewed with a single click. The most challenging scrutiny for the service providers is about the protection of this data, which sometimes creates a big hassle, if lost it can result in fierce outcomes for a business. The measures designed to provide prevention are the most authentic sources, they can make you relax regarding protection, but as they always say there is always room for improvement. With growing networks of hackers, prevention techniques should also be improved.
Gaur, N. 2000 „Assessing the Security of your Web Application‟ in Linux Journal, Vol 2000, Issue 72es, Article No. 3. Specialized System Consultants Inc. Seattle
Gehling, B. & Stankard, D. 2005 eCommerce Security in Information Security Curriculum Development Conference, September 23-24 2005 pp32-38, Kenneshaw GA.
Iac hello, G. & Abowd, GD, 2005 „Privacy and proportionality: adapting legal evaluation techniques to inform design in ubiquitous computing‟ in Proceedings of the SIGCHI conference on Human factors in computing systems, Portland, Oregon, USA, pp91-100
Kemmerer, RA. 2003„Cybersecurity‟ in Proceedings of the 25th International Conference on Software Engineering Portland Oregon, pp705-715, IEEE Computer Society
Logan, PY. & Clarkson, A. 2005 „Teaching students to Hack‟ in Proceedings of SIGCSE ’05, February 23- 27, St Louis, Missouri, USA.
Nissanoff, Daniel (2006). Future Shop: How the New Auction Culture Will Revolutionize the Way We Buy, Sell and Get the Things We Really Want (Hardcover ed.) The Penguin Press. pp. 246 pages.
Caldwell, Tracey (22 July 2011). “Ethical hackers: putting on the white hat”. Network Security 2011 (7): 10–13.