Most Internet news highlights its great advantages, like generating revenue with low overheads, reducing costs, while increasing speed. Now here’s the bad news, and it’s not about pornography or violence. Security has become the wired world’s major risk factor and it is terrifying companies looking to go beyond a simple web presence.
In layman’s terms, anything connected to the Internet poses a threat, whether it’s a PC or a company’s server. That’s because, unlike television, the Internet is not only your window to the world, but also the world’s window to you. The closest analogy is tapping a phone line. The security issue has come to the forefront with the Internet’s evolution from mere information sharing and research, university and government networks originally, toward full-fledged worldwide e-commerce between a business and consumer or between businesses.
So what do the hackers want? “It’s either money or information,” says Tony Chebli, business manager for Computel. A hacker looks for passwords and credit card numbers, or wants access to a company’s database. In the second case, the hacker could be a professional or an employee hired to spy. Some will tamper with websites and replace them with anti-company or anti-government messages, like the US Department of Justice’s website, which was vandalized and turned into “The Department of Injustice” in 1997.

The major fear inhibiting consumers from getting into e-commerce is credit card use. It’s difficult to overcome the thought that one’s credit card number is out there somewhere and subject to unwanted access, or that it can be intercepted during transmission to the website. Yet some believe that the Internet is safer than the store clerk, the telephone, and especially the cellular phone. The reason is cryptography. In 1995, Netscape developed the Secure Sockets Layer (SSL) protocol, which includes encryption, data integrity, see box, and authentication.
Being a web of connections, data is never transmitted via just one route on the Internet. Instead, it can change routes and be redirected every time it meets a congested or blocked node. That creates speed, but is also how data can be accessed by anyone in the world. But when encrypted, data sent online, such as passwords or credit card numbers, is scrambled and turned into gibberish, then decoded by the receiving party.
Even if the information is stolen, it is enormously difficult to decipher. Until recently, 56-bit was the highest encryption level, but with the US finally allowing the export of 128-bit technology, encryption became 300-billion-trillion times safer, and requires sophisticated computer systems to be decoded.
SSL further ensures data integrity, meaning that information is not tampered with during transmission. Finally, with SSL, the receiver verifies the identity of the sender. Visa and MasterCard have devised a payment system based on the same concept of encryption, known as Secure Electronic Transaction.
These measures matter for a reason. If a hacker steals a credit card number and uses it, the e-tailer has no way of knowing whether the person punching on the keyboard is the card owner. Skygazer Technologies’ general manager Abbas Taher maintains that credit card fraud remains the biggest concern to online retailers. “You can never know if the credit card information was entered by the actual credit card owner,” says Taher, whose company recently launched eshop.com.lb. Fortunately, credit card transactions can be stopped and, if alerted, retailers can track down the individual with the delivery location. “We eliminated this problem by restricting delivery to Lebanon only,” says Taher.

There are two ways to identify secure websites. The first is the padlock icon on the browser. In a secure environment, the open padlock becomes locked. Usually, when the next page contains forms, either a warning or a server certificate pops up with the site’s security information. Since hackers can “kill” a website and redirect traffic to their own one masquerading as the original, server certificates provide company identification to reassure users that they have not been “spoofed” by a fake site. The other way is when an “s” is added to the location (URL), so http becomes https, meaning the site is secure.
For the paranoid, it’s always a good idea to limit transactions to reputable websites. Some alternatives are debit cards and web cards with a limit, which local banks have started to offer.
Once the transaction is done, though, the worry is not over. E-stores usually require clients to register, and thus save their confidential information in a database. The security concern at this level is the company’s server, where the databases are located. This is the first target for hackers, because servers are easier to break into if they’re not properly set up.
A web server requires a large, complex program. And the more complex it is, the greater the chance that it contains bugs. A knowledgeable intruder can take advantage of these vulnerabilities in the system. In e-commerce, servers have to be up and running around the clock with the same IP address, which is a magnet to hackers. This is where the importance of firewalls comes in. A firewall acts as a filter between the server and the Internet. It can be configured for outgoing as well as incoming traffic, to limit, monitor and control access either way. This could be done through disabling certain functions abused by hackers, like Telnet, a program that allows access to applications on a remote server, and File Transfer Protocol, which is used to upload and download files to and from a remote server.
Eshop, for example, has a dedicated server hosted by a local Internet service provider. “Ports are disabled,” Taher says, “and it can only be accessed through the website.”
Firewalls become complicated in an intranet environment, which connects networks together and, thus, many groups of users that require authentication. This is true for a local area network, i.e. within a company, or a wide area network (WAN), many networks connected via the Internet.
Business partners, suppliers, and clients can provide access to each other’s networks through a WAN for convenience and speed, especially when it comes to inventory clearing. Communication between networks is carried by virtual private networks. This system provides encrypted transactions, resulting in secure channels for electronic data interchange. It allows for a greater volume of data to be exchanged, and is a private network, restricted to the partners, rather than a public one that can be accessed by any browser. Through digital certificates, partners can verify each other’s identities. The high level of security for this type of network, though, makes it more attractive to hackers.
Hacking can easily be learned off the Internet. Anyone with an affinity for Internet lingo can pick it up, and there are amateurs locally. “It’s like a cookbook,” says Chebli, “all you have to do is follow the instructions.” Websites offering hacking tips, vulnerable sites, and tools abound, and can be pulled up in a search engine with the simple keyword “security.”
But as fast as businesses tighten their security, hackers seem to be fast upon their heels, because of the pace of change on the Internet. ICSA puts it nicely: “Systems need to evolve as hacking eats away at current technology.” Better be safe than sorry.
Question of privacy
A controversy has arisen in recent years over the use of “cookies.” Netscape explains a cookie as “a small piece of information that a web server can store temporarily with the web browser,” saved on the hard disk for a limited or an extended period of time. Cookies are used to identify registered users and pull up their “files” without having them re-register or repeatedly enter credit card and other information. They are used by websites like Hotmail and amazon.com, for example; if users access them with a private PC at home, they don’t have to log off, and will be recognized each time they return to the site. Cookies can further be used by webmasters to keep track of which pages are browsed, and to develop their websites or the information they provide accordingly.
The problem is that Internet advertising companies like DoubleClick and Matchlogic took it a step further. They use cookies to keep track of users’ interests and browsing habits to better target them with advertising. Two questions arose with this practice: why should anyone keep track of a person’s activities online, and how much more information can cookies be made to get? It also raised concern about hackers gaining access to the cookie files on a hard disk.
Updates of browsers began including options to get information, including expiry dates, to accept or reject cookies individually or disable cookies altogether. This last option would not allow some websites to work. Most websites do carry a privacy statement explaining their policy.
The debate persists, though, among proponents of the Internet as a free, information-for-all medium, those concerned with regulatory issues, and many ordinary people in the middle.
By Mira Baz
Keep that mouse clicking
Selim Semaan set up his first music shop, House of Music, in 1993. He set up another store in 1998 but has now decided to follow the worldwide trend of branchless expansion with an online store, Houseofmusiconline.com. And there’s no doubt, it makes sense. At a cost of $12,000 to $15,000, it’s 15 times cheaper than opening an all-out music store, according to Semaan. The website, which offers 10,000 items and an auction site, “reaches everybody at home,” says branch manager Bassel Dakkak. Prices are 20% lower, with delivery taken care of by Khadamat.
It’s not just music that can be accessed via the Internet. If gift shopping is your worst nightmare then take a look at Eshop.com.lb, a website hoping to grab the attention of grumpy last-minute buyers. “Eshop is more of a gift shop, that’s the image we want to create,” says Abbas Taher, general manager of Skygazer Technologies, which developed the eshop software for online shopping.
The e-store has eight main sections, including perfumes and watches, and offers 300-plus items from top suppliers mainly in the $30 to $100 range as well as some items for up to $500. The project takes into consideration the consumer’s psychology. People are reluctant to type in credit card numbers or to purchase anything on a screen if they don’t trust what they see. All items are brand names and displayed in “high resolution” pictures. With very low overheads, Taher adds that half of the discount from suppliers is passed on to consumers, making for just a 15% limit on the margin. The shop will not generate revenue from advertising placed on its site because banners can lure customers away from the site. “Advertising on an information site like Yahoo! works,” says Taher, “but on a shopping site, clicking on a banner might mean loss of a potential purchase to me.”
Shoppers are not the only customers catered for by the Internet. Snowboarding and ski buffs get a local online report when they visit Snowleb.com. The first of its kind in Lebanon, the website is the endeavor of Karim Daou. Targeting university kids, the website’s expenses will mainly be advertising through fliers and college publications. And during the summer, Snowleb.com will be turned into an “adventures in the mountains” site for people who go camping or trekking when they put away their snowboards.
Where angels fear to tread
When the subject of foreign investment crops up, Lebanon is not usually the first country to spring to mind; Sweden’s Ericsson, however, has decided to buck the trend. The company opened its Lebanon branch three years ago and is now the first mobile-phone company to base its Middle East office here. Located in the renovated Beirut Central District, the office’s new boss, Jordanian Nael Salah, shrugs off difficult local conditions that have prevented foreign investors from beating a path to Lebanon’s door. “Lebanon is showing signs of moving towards liberalization and privatization,” says Salah. He also argues that conditions in Lebanon for cellular companies are better than in other countries in the region, where one telecom sometimes provides fixed lines, cellular lines, and Internet services. “The prerequisites are there,” says Jan Embro, head of the Lebanon office. “It just depends on how quickly they will be implemented.”
The regional office, which will recruit and train 50 local employees, will manage financial and legal issues and conduct strategic planning for the region. How much Ericsson will invest in the operation is unclear. Salah says only that it will be about “a few million” in the first year.
Virtual radio
Radio One’s 17th anniversary has seen a new look for its website, www.radioone.com.lb. Developed by Egyptian engineer Wael el Zanaty, the website uses Shockwave 4 for a futuristic and metallic feel. With special effects and animation galore, download time is slow due to the local 36kb/s broadband, but not significant “compared to what you get,” says program director and webmaster Najy Cherabieh. “The reason we used Shockwave 4 is because something happens on the screen while the rest is downloading,” he explains.
Radio One’s website was launched in 1997 with live Real Audio transmission. With the infrastructure already in place, the upgrading cost general manager Raymond Gaspar $25,000. Gaspar says that the website also hopes to appeal to listeners abroad.
The website now offers various features to make sure visitors linger for a while, such as still shots of the studio, games, a chat room and even an online MP3 music mixer. Gaspar says the site generated some advertising revenue last year, and thinks it will grow slowly in the next five. A new feature that cyber surfers can look forward to in the near future is live requests via the website to listen to songs online.

