http://www.asahi.com/english/Herald-asahi/TKY200505180108.html The Asahi Shimbun 05/18/2005 A hacker attack that shut down the nation's top price comparison Web site was a harsh and expensive lesson on the vulnerability of Internet businesses. Kakaku.com Inc. announced Monday that unlawful access to its computer system forced it to close its Web site on Saturday. The company found alterations in its programs and a virus that might have been passed to some users' computers. The online operator will lose about 40 million yen in revenue before it replaces its server computers and restarts site operations next Monday. It projects 2 billion yen in sales for the year ended March. Almost all of the company's revenue comes from its Web business in the form of commissions paid by retailers that have their price lists posted on the site. The company compiles the price data and lists prices of specific products and services so shoppers can easily find the best bargains. The site covers products and services in 22 sectors, such as digital home appliances, personal computers, insurance policies and rates for telecommunication lines. The shutdown has worrisome ramifications for the entire Internet industry. ``If our Web site is suspended, it is the same as losing our head office and all branches to a fire,'' an official of an online business said. Security measures are sometimes complex. At Yahoo Japan Corp., operator of the nation's largest portal Yahoo! Japan, no single engineer can access all of the site's code. By limiting access even to its own personnel, the company hopes to prevent damage to the whole site by a hacker impersonating an authorized programmer. An official at Internet Security Systems K.K. said some online businesses do not expend adequate resources to ensure security because they are continually enhancing their sites to accommodate growth. Therefore, too little attention is given to detecting unauthorized access. Domestic sales of access detection products and services in fiscal 2005 are expected to be about 3 billion yen, far lower than the 40 billion yen in sales of anti-virus software. In April, anti-Japan messages were uploaded to the Web site of a Chinese unit of Sony Corp. Square Enix Co., which operates the online video game Final Fantasy XI, faced a cyber attack on the computer system and was forced to temporarily suspend operation of the online service. The Information-technology Promotion Agency has annually received 400-600 reports of unauthorized accesses at sites operated by individuals and companies over the past few years. In 2004, there were 594 reports, about 40 percent more than in 2003. Of those unauthorized accesses, 72 resulted in substantial damage, including alteration of the site in 15 cases and falsification of files in 21 cases, according to the independent administrative agency. Kakaku.com said client users who accessed its site from Wednesday to Saturday may have been infected with computer viruses. The company has set up a Web site to inform users of the situation and to provide information on countermeasures against the virus. The virus infection surfaced on Wednesday when the company received an e-mail message from a user reporting a virus warning that appeared during legitimate access to the site. About the same time, a company official detected tampering with the site's programs. The company also found that someone had illegally accessed data on customers' e-mail addresses. The site operator filed a complaint with the Tokyo Metropolitan Police Department. _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed May 18 2005 - 19:16:15 PDT