[ISN] Bookstore sales stolen by hacker

InfoSec News isn at c4i.org
Tue Jun 27 01:26:19 EDT 2006 

http://www.northernadvocate.co.nz/localnews/storydisplay.cfm?storyid=3690082

By Craig Borley  
26.06.2006 

Internet fraud has hit a Whangarei bookshop owner, leaving his web
site suspended and his business' future in the balance.

Dennis Scoles, of Oceania Books, said his business earned a third of
its income from on-line sales.

But a computer hacker has targeted Mr Scoles' site, meaning customers
trying to pay for books via his PayPal link were actually paying the
hacker.

Mr Scoles' PayPal page was replaced by a fake, with a link to a
different bank account.

All this came as a shock to Mr Scoles, who said the incident was hard
to understand.

"We didn't have them (computers) at school in my day, so I had nothing
to do with them. I know nothing about IT, I was just a book collector.  
I just feel sick, like I've been involved in a crime."

He has now invested in a firewall program intended to block hackers
but Quentin Donald, owner of Mr Scoles' Internet service provider
Acute Systems, said no blame lay with Mr Scoles.

"It has nothing to do with his computer at all, as I understand."

He said Mr Scoles' website used an osCommerce system for online
payments - one of the world's most common forms of on-line shopping.

He said it appeared someone had figured out a way to "get in the back
door" of that system.

Mr Donald believed there were some 30,000 websites using osCommerce,
most of which were too small to be attractive to hackers.

Because hackers tend to go for the big fish, he said, "the general guy
in the corner shop doesn't have to worry".

But Mr Scoles may have attracted the hacker's attention because of the
sheer size of his site. It included information and photographs of
some 1000 books.

"I'd been staying up nights, loading it all on, and it was only just
starting to pick up."

But as investigations continue Mr Scoles' website has been suspended,
causing him concern that future shoppers will be put off.

He had planned moving his business to Internet-only by the time he
retired but now he's not so sure.

"I have to seriously think about whether I want to continue on-line.  
It's a lesson that should be passed on to all businesses thinking
about doing this."

Mr Donald said this lesson was a cruel one, due to its rarity and
people's inability to protect themselves against it.

© APN News & Media Ltd 2006.

More information about the ISN mailing list