skip navigation


Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.


NCJ Number: 185005 Find in a Library
Title: Sabotaging Hackers Copy Web Sites To Steal Millions: New Security Solutions Needed
Journal: White Paper  Volume:14  Issue:5  Dated:September/October 2000  Pages:30-35
Author(s): Robert D. Peterson; Dale G. Peterson
Date Published: 2000
Page Count: 6
Type: Instructional Material
Format: Article
Language: English
Country: United States of America
Annotation: The current method of protecting Internet transactions -- Secure Sockets Layer (SSL) -- is inadequate; instead, Internet transactions must be protected by a "transaction security protocol."
Abstract: SSL encrypts, or scrambles, all information sent from an Internet browser to a Web site for a session or a period of time. This protocol is used on almost every e-commerce site. SSL only provides privacy and some limited, weak consumer and merchant authentication. This is no substitute for identity and transaction authentication, non-repudiation, and dispute resolution protection. There are a number of ways hackers can attack SSL. Without providing a complete how-to guide for criminals, this article describes an example of SSL's vulnerability; in this example, the criminal combines two well-known hacks with some knowledge on stock manipulation; he then is able to use other people's money to manipulate stocks and steal millions of dollars. Given the vulnerabilities of SSL protocol, online transactions soon must be protected with digital signatures delivered through smart cards, USB tokens, or other technologies. A digital signature has similar properties to a physical signature in that only the owner can legitimately sign it, and most people can verify it. A digital signature is impossible to forge and any modification is easily detected.
Main Term(s): Computer related crime
Index Term(s): Computer privacy and security; Encryption; Fraud; Fraud and abuse prevention measures; Sabotage; White collar crime
To cite this abstract, use the following link:

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.