Mark Gibbs: The potential new battleground

Given that the mood of North America is at an all-time low, it would be a reasonable guess that real-world retail sales will be rather flat this holiday season.

As evidence, allow me to submit that the consumers I have talked to (my wife, our friends) are adamant that a trip to the dentist is more appealing than going to the mall.

In part, this feeling is driven by concerns about personal safety, but there’s a general feeling of gloom that also makes traipsing around stores unappealing. And somehow, publicly indulging in consumerism just feels wrong – rather like dancing at a funeral.

The majority of us aren’t going to cancel Christmas and as a consequence of not wanting to go out, many of us will shop online. Even though prior to Sept. 11 we could have predicted an increase in online spending, we can now be certain the increase will be more significant.

But there are risks in the offing. As we all know, e-commerce is still a relatively new field and many of the vendors are, to be nice, extremely naive in their security and site management, while many users are complete newbies. This is a perfect environment for bad people to do bad things.

What might a terrorist do? He won’t go for the big targets such as knocking over, or Not only are they too well defended (unless of course, you are a 13-year-old hacker from Peewaukee), there’s not much of a terrorist impact in doing so.

I’d suggest that more likely targets are commercial entities such as, and the like. And maybe the terrorists wouldn’t just blast these sites off the ‘net. Perhaps they will be more devious and look to exploit the weaknesses in these companies’ servers.

And weaknesses in e-commerce systems are everywhere. For example, despite the gallons of ink regarding vulnerabilities in Microsoft Corp.’s Internet Information Service (the Windows NT Web server), a huge number of sites are still vulnerable.

So the terrorists start grabbing credit card data and within five minutes of you placing your order for a new sweater for Auntie Flo with, your card is working overtime buying high-ticket electronics and Armani suits in Berlin.

And notice how poor the response from that site is? Is it really slow or is someone mounting a denial-of-service (DoS) attack with just enough volume to degrade performance but not enough to stop service?

This is the kind of assault that could wear down our belief in the importance of the Internet. Online vendors will spend money unnecessarily on bigger pipes, consumers will get frustrated and reduce their buying, insurance claims will go up, credit card companies will waste time and money solving fraud, and retailers will lose business and profits in the process.

And why would terrorists do any of this rather than their real-world attacks? To begin with, real-world attacks are expensive, complex and difficult, while attacks mounted online are cheap, relatively simple and safe for the perpetrators.

Even more importantly, the Internet is a huge, visible symbol of capitalism and North American influence. Degrading its value to our culture and damaging its role in our business affairs would have as much of an impact as killing off broadcast television or shutting down Hollywood.

So what are you going to do about it? Have you audited your systems to make sure that all the relevant patches have been applied internally and at the corporate edge? Can you detect attacks such as DoS and do you know how to respond?

Fighting terrorism is as much about being prepared and having the right weapons to respond as it is about attitude – being ready and willing to go to battle. And the ‘net and your presence on it are part of the new battleground.

Gibbs is a contributing editor at Network World (US). He is at