Hackers shut down Vancouver-based Timeke Funktional Kids Wear

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

March 7 - 13, 2000. Hack attacks not limited to big online companies

Timeke Funktional Kids Wear Web site overloaded by 'millions' of hits

Brigitte Petersen A recent computer hacker attack on a local retailer's Web site is a warning sign for other businesses selling their goods through bulk e-mails. Hackers shut down Vancouver-based Timeke Funktional Kids Wear Ltd.'s online business for one week after an attack overloaded the system, forcing the company to close its Web site (www.timeke.com).

Timeke normally attracts about 1,000 visitors to the site daily, but then the number of viewers began rapidly doubling each day starting February 18. Overloaded with millions of hits daily, Timeke was forced to pull the plug.

The Web site was brought back online last week.

Timeke's owner, Timea Hynes, who also operates her children's clothing store on West Broadway, said online sales are the mainstay of her business. Hynes sells between $1,000 and $2,000 a day online.

Hynes, who has been selling her designs online for about five years, said she had just sent a bulk e-mail to promote her site shortly before the attack.

"If it can happen to me, it can happen to anyone," she said.

While larger companies have multiple servers to support this kind of bombardment, Hynes said a smaller site such as her's can be crippled.

"For me, it was way over the top," said Hynes.

Plans to launch Timeke's spring line of clothing had to be delayed due to the setback and Hynes is still cleaning up her database which was damaged due to the flood of hits.

The site uses specialized software and is served by Canwave, a Toronto-based ISP which eventually solved the problem by blocking the source at its end.

Although it is not certain where the Timeke attack originated, the company's Vancouver-based site administrator, Internet Edge, tracked it to U.S. servers in Tennessee and Indiana.

Paul Rupnow, president of Internet Edge, said there is no way a business can prevent hackers from attacking.

"It's very difficult to predict things like this happening," he said.

While Timeke has suffered a loss in business, Hynes said she is not shying away from e-commerce.

"In a mail order business, the Internet is the way to go," said Hynes.

Iris Ho, vice-president and manager of Vancouver-based Jurock New Media, said there are two types of hackers -- pranksters who try to disable a company, and thieves who do it for financial gain by accessing credit card numbers and other information.

Ho said hackers can also do damage if they learn a company's access code to its Web site's "front door," allowing them to edit pages and access private information.

"Everyone's been learning how to add a few more locks to the front door," said Ho.

Some companies do not completely encrypt credit card information, which is asking for trouble, according to Ho. Even if information is encrypted, hackers will attempt to decrypt codes.

While it may not offer much protection from hackers, Ho said businesses should warn customers about potential risks by posting privacy statements on their sites.

"It's all about damage control," she said.

Businesses selling online should also ensure they have secure servers, a reliable ISP and Web host. They should also build up their computer infrastructure to discourage hackers.

While the possibility of Web site hacking is remote, Ho said the number of cases will increase as the popularity of the Internet continues to grow. Even companies as large as Yahoo! and Amazon.com, which recently experienced hacker attacks, are not immune.

But the Internet is still a great place to do business, according to Ho. She said it is more common for a server to go down than for a hacker to hit.

"The likelihood is like getting struck by lightning," said Ho.

Paul Bertin, president of software systems integrators Burntsand Inc., said the open nature of the Internet allows hackers to gain easier access to Web sites. Bertin said while there is an existing security market focusing on protecting software and hardware systems, not much is available to screen those visiting Web sites.

"We'll continue to see improvements in the front end to make sure (the viewer is) a legitimate user of the site," said Bertin.


-- Martin Thompson (mthom1927@aol.com), March 06, 2000

Moderation questions? read the FAQ