Content Marketers » Publish Your Business Blog, Videos and Events on ALL EC » Save 25% Today!
Welcome Guest | Sign In
Salesforce Commerce Solution Guide

Hackers Jimmy Into Microsoft's Indian E-Commerce Digs

By Rachelle Dragani
Feb 14, 2012 10:54 AM PT

Malicious hackers attacked Microsoft's India online retail store on Sunday evening, publishing obscured screenshots that appeared to contain personal user information.

Hackers Jimmy Into Microsoft's Indian E-Commerce Digs

A Chinese hacker group known as "Evil Shadow Team" took responsibility for the breach, posting a message on Microsoft's website stating that the "unsafe system will be baptized." In what seemed to be a warning against Microsoft's unencrypted user information, the group posted screenshots of what appeared to be partially obscured user information, including login IDs and passwords.

The group apparently found that information in plain-text, as opposed to encrypted files.

The hackers refrained from publishing any screen shots that fully gave away user information, but Microsoft and Quasar Media, the Indian company that runs the retail site, advised users that they should change their log-on immediately.

An Evil Shadow Team member using the handle "7z1" posted the shots on a blog that the team runs. In the post, 7z1 referred to himself in Mandarin as a "patriotic hacker."

As of Tuesday morning in the U.S., the breached site was still down. Microsoft did not respond to our requests for comment.

Microsoft Not the First

Microsoft joins a growing group of large companies that have been forced to deal with recent security breaches from relatively small, under-the-radar groups of hackers.

"When the CIA and FBI networks are compromised at will, it should surprise no one that a company like Microsoft could have an isolated part of its sprawling network compromised," Larry Walsh, president of the 2112 Group, told TechNewsWorld..

Powerful networks and international government agencies are seeing a rise in cyberattacks in response to unpopular decisions, such as the U.S. government's recent crackdown on sites such as Megaupload and illegal file-sharing. Networks have been compromised by groups such as Anonymous, which state they're using hacktivism to spread a political or social message.

In addition to attacks in protest or the promotion of causes, though, retail and e-commerce sites have been taking more hits lately as well.

The hacking group LulzSec got into Sony's systems last summer, obtaining users' personal information such as e-mail addresses, birthdates and passwords. The incident wreaked havoc with Sony's online services for weeks while it scrambled to plug the holes.

"While some hacking methods are questionable and in fact illegal, they do reveal the insecurity of our digital world," said Walsh.

Prevention Is Key

Taking the necessary precautions to avoid that insecurity is an absolute necessity in today's climate, according to Mike Lloyd, CTO of RedSeal Networks.

"To prevent this, likely targets need to use automation to understand weaknesses; today, it's all too easy for those who feel like it is to use their own automation tools to deface, degrade or even destroy online infrastructure," said Lloyd.

Although Microsoft's U.S. security policies might have included encrypting data, a site run by a company on an entirely different continent might not adhere to the same policy.

The growing threat of cyberattacks and increasingly vulnerable commerce sites need to serve as a warning to consumers about thinking twice before sending highly personal data online.

"The important thing to remember in all of this is there's no such thing as 100 percent secure. Every site is vulnerable, just as your home is vulnerable to burglary. You can lock your windows and doors; you can even have an alarm system. But if someone wants into your house and they are determined, they will find a way in. It's the same with every website and online application," said Walsh.

What do you see as the biggest obstacle to mainstream adoption of video calling?
Too many steps are required to reach a contact.
Video quality is often poor -- dropped calls, frozen images.
There's no advantage to face-to-face communication in most cases.
Too many people feel uncomfortable on live cameras.
There are too many security and privacy issues.
The trend is away from personal engagement and toward texting.
The obstacles are fading, and video calling is well on its way to adoption.