this page has not been updated in 3 years. I will be revamping it in late 2007

Business in the modern age depends on email, and the slightest outage or blip in our precious connection to the online world generally has us screaming and tearing our hair out in frustration.

The halcyon days of the late 1990s saw us sending jokes via email at work and visiting cheeky websites without a care in the world about viruses, company bandwidth, hack attacks or legal ramifications. But these days corporations are a lot more careful about what they let their employees do online.

For the most part businesses do understand that some personal Internet usage during a lunch break or after work is acceptable. IT departments usually impose restrictions on certain sites and services, though--things like Hotmail, porn sites and peer to peer networks.

Software like Websense can automatically file sites into various categories, which Administrators can then restrict access to at different times (see a list at www.websense .com/products/about/database/categories .php). The software can even filter sites that have been cached by Google or other search engines.
Proxy servers can easily be configured to disallow things that might compromise a network's security. It's also easy for IT departments to install software which takes periodic screenshots of your monitor, so they can catch you if you're looking at porn or whiling away your day playing Yeti Sports ( www.yetisports.net).

Email
A study from the University of Nottingham suggests that a third of all employees spend 60 minutes a day clearing out spam. But to many companies, email chat between employees is also time wasting junk. The boss of Phones 4U has banned the use of internal email (external customers are still able to email the firm). John Caudwell claims his employees now have an impressive extra three hours a day in which "to concentrate fully".

Email is also used for personal correspondence during work hours. The use of personal Web based email is frowned upon in many large businesses because of the potential security risks. Merrill Lynch and Goldman Sachs staff are banned from using Hotmail, as are many civil servants. But many employees still use it, thinking (often incorrectly) that avoiding their desktop email client will protect them from any spying that might be conducted by the IT department. When Yahoo! was plugging its Web based email last year, it released a poll of 18,000 workers suggesting that 45 per cent of people suspected their colleagues were snooping on their emails during their lunch breaks. Sixty one per cent thought their IT departments spent their time scanning employees' emails.

Monitoring
So you think you're being watched at work? Are your keystrokes being logged? Is your every typed word scrutinised by the boss after you go home at night? Are your nerves on edge every time you click 'Send'?
"Certainly, if an IT department is monitoring your email, they're under obligation to tell you," says Natasha Staley, information security analyst at email filtering company MessageLabs ( www.messagelabs.com). The Regulation of Investigatory Powers Act gives employers the right to monitor employees' email and Web usage, but this is balanced by the requirements of the Data Protection Act, which gives employees the right to see what information is stored about them and know why their communications may be monitored.
If your workplace hasn't made things clear in a staff handbook or on an intranet site, find out now. More about your rights at work can be found at the TUC's WorkSmart site ( www.worksmart.org.uk/rights /viewsubsection.php?sun=57).
Employee monitoring is seen as necessary by public companies and government agencies which don't want sensitive information leaked. The Information Commissioner's guidelines on monitoring at work ( www.informationcommissioner.gov.uk) recommend that employers inform workers that they may be held criminally liable "if they knowingly or recklessly disclose personal information outside their employer's policies and procedures". Ultimately, though, it's the company that will have to face the consequences if anything dodgy gets out, which is why they take whatever security precautions they can.

No company should come across as being draconian, Staley says, as this will have a detrimental effect on employee morale. "The odd email inviting people out to the pub after work isn't a big deal. Obviously, when personal use becomes excessive, or when the material being sent around is harmful or libellous, then it becomes an issue. But companies have to keep a fairly open culture."

An element of trust between employer and employee is a healthy necessity, Staley advises.

Peer to peer
The biggest potential waste of company resources is peer to peer networking. "Peer to peer is a massive risk," says Martino Corbelli, marketing manager of Web filtering company SurfControl ( www.surfcontrol.com). "It's used for two main reasons. One is the dissemination of copyrighted content, which could be films or music. The other is porn. Neither is desirable in a working environment."

With the Recording Industry of America targeting individual users of p2p networks with copyright lawsuits, Corbelli warns that it's possible for companies to be sued, too. "Companies have more money than individuals," he points out.
Up to 42 per cent of employees are sharing files using programs like Kazaa or Morpheus on corporate networks without their company's knowledge, estimates Blue Coat ( www.bluecoat.com), a company that provides filtering solutions using Web proxies.

Around 22 per cent of these workers considered p2p to be important for their job function, though. P2p as we know it may not present many business benefits, but grid (or distributed) computing is something large companies like Oracle and IBM are pushing to drive efficiency ( http://otmorade.com/tech /grid/index.html). Treating all computers in an enterprise as one networked 'grid' balances server loads and can prevent problems like databases crashing when many people try to access them at once. The ability for a network of computers to access large applications and files 'on tap' presents tantalising opportunities.

Content
If you accidentally open a spam mail and an explicit advertisement pops up, would you sue your company? What if a risque joke gets sent around which an employee finds offensive?

"An employer has to provide a safe working environment for their employees," says Corbelli, "and if they breach that then the employee could take action against the employer. It is a real risk, and many organisations try to mitigate against it by having something in place which takes out harmful content."
No solution is 100 per cent effective, but if companies have at least tried to protect themselves from harmful material, they will be generally be looked upon more favourably in a court of law than a company which has done nothing.

Ironically, though, organisations have been sued for filtering. Loudoun County Public Library in the US was barred from using filtering software after it was sued by local website operators whose pages had been blocked. They claimed the software the library was using violated their right to free speech under the First Amendment.

IM
Instant Messaging is a wonderful tool in the working environment, and IM traffic is predicted to surpass email traffic by 2006. But like email, it's also susceptible to being clogged with spam and viruses. As much as 5 to 8 per cent of enterprise IM is spam, estimates the Yankee Group.

Many companies are unaware whether public IM tools have been installed on employees' computers, but enterprise-based IM systems are widely used by companies like HSBC, Stanford University and Allied Van Lines.

In the US, scandals like the Enron accounting fiasco have led to corporate accountability regulations like the Sarbanes-Oxley Act. This is leading global companies to monitor Internet use more stringently an audit by Hitachi Data Systems found that in the UK 62 per cent of companies now monitor email use and 22 per cent routinely monitor IM sessions. Most do not retain messages for more than three years.

Communication
The Internet is here to stay, and company culture has changed forever as a result. All organisations will have different Internet usage policies depending on job functionality, but we think there should always be an element of openness and flexibility evident. It's fair to restrict bandwidth swallowing activities like downloading MP3s, but if a company suddenly clamps down on Internet usage after a period of freedom, there's inevitably going to be some staff resentment.
It's also important that staff communicate any problems they have with their Internet access to their IT and HR departments, if you think Web usage restrictions are preventing you from doing your job, there are ways to tweak whatever fibers are in place. It may take some time to implement these changes, but if enough people are affected by it, changes can happen.

Giving employees advance warning about potential changes, informing them about why they are being implemented, allowing some personal email use during work time, and ensuring that an email and Internet usage policy is communicated well are movers that employees will appreciate in the long run.
MAKING INFO SMARTER
The seemingly endless glut of information we as workers struggle with could end up making it even harder for us to find what we're after. But instead of letting information overload hamper our productivity, enterprise search technology is getting deverer.
Norwegian firm Fast Search And Transfer ( www.fastsearch.com)--whose Web search product was sold to Overturn/Yahoo! last year--has developed an enterprise search platform (ESP) that simultaneously and almost instantaneously trawls through your work'stuff', including email, photos, documents and the Internet, It also searches through structured information located in spreadsheets and databases. Nor is the system scared of dipping into intimidating software suites involving high-end stuff like customer relationship management (CRM) or enterprise resource planning.
Because ESP can tap into information held by other corporate partners or business divisions as well as displaying what's on the Internet, it's easy to cross-reference data during, say, a merger. Alternatively you could use it to keep a record of your company's press coverage, or scan relevant email or account information sent or received at the end of the financial year.

No longer will we have to wait 10 minutes while Windows Search trawls laboriously through each and every folder on our hard drives or networks, before displaying around 50 vague potential matches to the document you're after!
TRACED BACK THROUGH EMAILS
Horrible and embarrassing email gaffes have been made throughout time. Quite often, though, leaked emails are a good thing--they've exposed scandals and other information we arguably had a right to know about. But without further ado, here's Internet Magazine's top 10 email leaks that were supposed to remains confidential ...

10 September 11, 2001, spin doctor Jo Moore sent a memo to then transport secretary Stephen Byers saying that it was a 'very good day to bury bad news'. The email was leaked and Moore was forced to apologise. Months later she resigned after a similar faux pas concerning the release of bad transport figures on the day Princess Margaret died.
9 When Jason Gissing wanted to join 500 [pounds sterling]-a-year private club Monte's (pictured below) in January 2001, he asked its manager, Patricia Cusack, if he could take a tour before making a final decision. A fair request, but Cusack didn't think so. Her email to the secretary read: 'Amanda--can you arrange a time for this asshole to come in. Weekends at 8pm is no good for anyone--he obviously wants to make a night of it!' Unfortunately, Cusack accidentally sent the email to Gissing himself.
8 Cherie Blair and serial con artist Peter Foster's email exchange over the purchase of two discounted fiats in Bristol was leaked to the Daily Mail. Mrs Blair was forced to apologise over the incident, particularly as Downing Street had initially denied the electronic exchange.
7 In 2002 teenager Claire McDonald's inbox was repeatedly flooded with sensitive messages from a Royal Navy officer based at the Pentagon, concerning problems with British warships and New Zealand's terrorism defence strategy. Although Claire kept replying to the emails to inform the sender of the mistake, a dozen a day kept coming in. Apparently she was on the mailing list because of a typo.
6 Peter Chung was all set for his new life as an investment banker at The Carlyle Group's Seoul branch. A week after his arrival he used company email to write to all his colleagues, boasting about his new lavish lifestyle. 'I know I was a stud in NYC but I pretty much get about, on average, 5-8 phone numbers a night and at least 3 hot chicks that say that they want to go home with me every night I go out, 'he wrote, among other things. He was fired shortly afterwards.
5 David Frum coined the infamous term 'axis of evil'. The President's speechwriters are traditionally supposed to remain anonymous, but his doting wife Danielle emailed her friends about Frum's supposed genius. 'I realise this is very "Washington" of me to mention, but my husband is responsible for the axis of evil segment in Tuesday's state of the union address. It's not often a phrase one writes gains national notice ... so I hope you'll indulge my wifely pride in seeing this one repeated in headlines everywhere!' Cringe, cringe. Frum resigned.
4 In 2002 Cisco Systems accidentally sent out an internal memo about its financial results, ahead of its release to the markets. The email reached more employees than intended, and Cisco was forced to officially reveal its better-than-expected financial results early. "We felt it was necessary to disclose this information publicly, given the broad internal distribution of the communication" said chief financial officer Larry Carter.
3 Claire Swire (pictured below) used company email to tell her boyfriend, Bradley Chait, how 'yum' his sperm was. Boastful Bradley Chait then sent the message on to his friends with the comment, 'Now THAT's a nice compliment from a lass, isn't it? Before too long, the entire world had heard about it.
2 Charges were dropped against Katharine Gun, who was accused of breaching the Official Secrets Act after leaking an email from the US National Security Agency asking UK spies to bug UN delegates before the Iraq war. Perhaps the prosecution process would have brought to light even more sensitive information? Gun said of her decision to become a whistleblower: 'I know it's difficult and people don't want to jeopardise their lives or careers, but if there are things that should come out, then why not?'
1 The amount of email evidence coming out of the Hutton Inquiry after the death of David Kelly gets the big prize. Clearly, the informal nature of email has added another layer of liability to businesses (and politicians), particularly if they don't keep track of electronic 'trails'. Technologies do exist to limit the exchange of sensitive information, and information rights management systems are in place on many email programs like Lotus Notes and Microsoft Office XP. But human errors will still occur ...
WORKING FLEXIBLY
In our October 2003 issue (IM 108) we discussed the benefits of flexible working--in particular, the advantages of working from home.
In the IT sector, 51 per cent of people already work flexible hours, according to a DTI report, Flexible Working in the IT Industry ( www.dti.gov.uk), Of the 1,000 IT professionals surveyed, 84 per cent think that flexible working should be available to all employees.
Half said they didn't spend as much time with their families as they would like to. And, although 93 per cent of women employed in the IT sector want more flexibility at work, 55 per cent of IT workers don't thin k their senior managers make good 'work-life' balance rote models, the survey found.
"The number of women working in IT fell by 3 per cent last year and the sector needs to urgently consider the reasons behind this fall," says trade secretary Patricia Hewitt. "Every time a well-trained woman leaves, a company wastes time and money on recruitment and training."
With remote working a reality, perhaps more women will consider working in the IT industry--it's just a matter of IT management recognising its true benefits.
It's not all about women, though--68 per cent of those surveyed disagree that it's less acceptable for a man to be working flexibly.

It's hard not to be mesmerised by the vast quantities of potatoes, Coco Pops, Pot Noodles, eggs and onions. Ten thousand different kinds of fresh and pre-packed groceries fill the aisles, waiting to be delivered to potentially millions of UK homes.

Forklifts scuttle round, conveyor belts crunch, robots replenish shelves and monorails ferry grocery orders to packing stations around a giant network of tracks and lifts. Dozens of people pick and pack groceries into green crates, called totes.

Ocado is unusual in the post-dotcom era in that it's an online supermarket which, unlike the Web operations of Tesco, Sainsbury's and Asda, doesn't have any stores in the real world. But it does have some distinguished retail parentage--Ocado is run by the John Lewis Partnership, which owns around 40 per cent of the company and sells its Waitrose-branded products through the warehouse.

Ocado launched at the beginning of 2002, and analysts were sceptical of the massive investment and running costs required to sustain its operation. Investment currently stands at 240 million [pounds sterling] and, although Ocado has yet to make a profit, annual sales have jumped from 25 million [pounds sterling] to 70 million [pounds sterling] in the last year.

The week we visited, Ocado had fulfilled a record 12,000 orders from its 1.2 million square foot warehouse. Only 10 per cent of this space (which is spread over four floors) is currently used, but it's vital Ocado has plenty of room to grow. Now the company's challenge is to maintain its focus on customer service while growing business by five per cent a week.

The matrix loaded

Paul Stewart, Ocado's operations controller, is on hand to show us around the vast matrix--but not before we don some trendy safety jackets and hair nets.
At the 'inbound' area, goods from Waitrose arrive in metal cages. Other fast-moving items arrive direct from suppliers wrapped to wooden pallets.
"This is superstar Anne," says Stewart, as we join a woman busy grouping incoming goods. She's at the decant station, scanning in bottles of newly-arrived Robinson's fruit juice and placing them into trackable totes.

The system knows where the usual pick point is for each product, and the tote travels along a conveyor belt until it reaches an imposing 14 metre crane which suddenly kicks into life over a spectacular grid of totes, automatically slotting the newly filled tote into any one of more than 5,000 pick points, or to a nearby reserve location.

Take your pick
We skip off to Level D, which houses Ocado's 'core chill range'. Here we find shelves of milk and bags of Waitrose salad, all held in the now-familiar green totes. More popular products are housed on levels B and C, while the ground floor is used for slowe-moving, manually-handled products. The plan is to automate this level as Ocado's business grows.

Ocado's warehouse management software, from Descartes Systems, sorts customers' orders according to the levels on which their goods are stored. It then generates pick lists for each level, which are transmitted to radio frequency wrist mounts worn by the pickers as they push blue trolleys along the aisles. Each trolley holds six empty totes--until the pickers fill them up.

The wrist devices tell the pickers what and how much to pick, which trolley tote it goes in, and how long the pick assignment should take. Each trolley tote holds part of a batch of orders for up to eight different customers. So with six trolley totes filled, the trolley can hold orders for up to 48 customers.

Stewart points to a tote sitting on a trolley. "That tote will go down to a packing station downstairs and be married up with all the other totes from the other aisles and floors [for the same customers]."

Finger-attached scanners let the pickers scan the products they've picked from the totes on the shelves. Once a shelf tote is empty, the picker tells the system so, puts the tote on the floor and--voila!--behind the shelf a full tote is ready to be pulled forward. Ocado's cranes will then automatically find the next tote in the matrix to replenish it with.

While all this is going on, overhead monorail cars are travelling around the warehouse in 'waves' lasting two and a half hours. As we're shown around, wave 20, the last wave of the day, is in progress.

The monorail's job is to collect the orders that have been picked from each floor into containers--the trolley totes are loaded into specific pigeon-hole like slots. Each person's order will now sit in one container, although still split across separate totes with other customers' orders at this stage.

After the containers are offloaded from the monorail cars, a lift takes them downstairs to the packing area and the totes are taken to packing stations where the components of each customer's order can be matched up.

Packing up
The goods are packed in colour-coded bags, depending on whether the goods that have been ordered are frozen, chilled or 'ambient'.

Stewart points out a woman in a purple jacket. "As Karen scans the items from each container's totes, she's told which customer it belongs to and loads it into the correct bag." Karen then groups the bags into a new set of multi-coloured totes. This helps the delivery person locate an order before delivering the shopping to a customer's home.

The totes are loaded onto 'frames', the front halves of which hold chilled products, with the back halves holding ambient products. The frames are then rolled onto 'pods', which are in turn fork-lifted onto little Mercedes vans for direct delivery--or onto larger lorries, which hold several pods at a time, for delivery to one of Ocado's outlying 'spokes'.

These spokes are pick-up depots for vans delivering to areas outside central London, such as Weybridge and Rugby. All the vans are equipped with satellite navigation to make it easier for their drivers to deliver the bags of groceries to the right locations.

Special delivery
Ocado isn't the cheapest online grocer around--that crown belongs to Walmart-owned Asda. An average Ocado order costs 100 [pounds sterling], and the store appeals to young, tech-savvy families who need to buy an endless supply of nappies.

For next-day delivery, orders must be placed by 4pm. Occasionally the computer gremlins strike and an item a customer has ordered (which is supposedly in stock) won't be available. Ocado has a substitution average of around two per cent of orders--but claims its competitors' hovers at around 15-20 per cent.

When my own Ocado order arrived (a skin of the teeth seven minutes before my hour-long slot expired) all my goods were there, with no substitutions. Amazing.

I tell the driver I'm writing an article about his company. "Make sure you mention Super Mario," he says, pointing at himself.

He does look a little like Mario, but I think the green uniform he's wearing is a bit more Luigi.

OCADO--THE BUSINESS

Jason Gissing is the Willy Wonka of grocers. He co-founded Ocado's whopping warehouse with fellow ex-Goldman Sachs directors Tim Steiner and Jonathan Faiman, and is now its chief financial officer. Gissing is convinced his baby can turn a profit within 12 months.

"There is nothing you have seen today which is revolutionary in the sense that it's been created from scratch," Gissing says later as we chat to him in Ocado's cafeteria. "Nearly everything you saw in there comes from another industry, and works in that industry--whether it's car manufacturing, food processing or just regular industrial businesses that move goods around."

The enthusiasm of the Ocado team is infectious. "Look, we're not perfect," Gissing admits. "You can't have this type of growth and not have problems occasionally. We've had days where we've had to reschedule deliveries. We've had complaints from customers. And statistically, we do get nutters. We get people calling up saying, 'you've poisoned me', 'I've found moths in my salad' or 'I found gerbils in my cereal'."

Ocado was created with financial help from the John Lewis Partnership (which owns Waitrose) as well as investment bank UBC and other private stakeholders. By mid-2003, the current round of investment valued Ocado at 240 [pounds sterling] million. If its own figures of 5 per cent growth per week are to be believed, how on Earth will it cope with its own success?

Gissing says Ocado is always reacting to dynamic growth. The advantage of being a startup, he says, is that you can quickly implement things from the ground up--without having to waste a lot of time justifying changes, as you may need to with established businesses. "So we are flexible, although it makes for a somewhat stressful work environment for some of the people around us!"

Ocado currently delivers to around 4.6 million homes around Greater London, Hertfordshire and the Midlands. There are no plans to build another big warehouse until the current one works perfectly. Neither is there any intention to diversify and sell things like books, electronics or CDs--although Gissing doesn't rule this out for the future.

So, what's with the name Ocado? Well, apparently, it has no meaning, but simply calling the company Waitrose Online (it has its own online store anyway) would make it seem like "just another supermarket" offering.

If Gissing's dream comes true, the swirly Ocado logo will one day be as familiar as Nike's 'swoosh'. "I am confident that we're going to have our vehicles, and even our own label food at some point, that just has our emblem on it--and people will still know exactly what it is."

Copyright Internet Magazine/Emap/Kim Gilmour 2004

My chips are dealt out. Preferring not to lose what I've just won, I cash my chips in and close the game. "Are you sure you want to exit?" I'm asked. I decisively click the 'Yes' box. It feels like I'm stumbling out of a dimly-lit casino and heading back to the stark reality of daylight. I had fun in there, but I'm sure glad to be back in the real world.

Online gambling in its various forms is set to be worth $30 billion (16 billion [pounds sterling]) by 2005, states the 2003 Casino and Gaming Market Research Handbook. Management consultancy Schema (www.schemaonline.com) predicts that online gambling, which accounted for 1 per cent of gambling spend in 2000, will represent 10 per cent of gambling spend by 2005.

The UK gambling sector is set for a shake up in the coming months once the government's latest Gambling Bill becomes law. This will let companies that run online casinos or similar 'remote gambling' operations (such as mobile gambling) apply for UK licences for the first time, rather than having to set up shop in offshore locations. By 2005, a new Gambling Commission will be established to replace the current Gaming Board, and will act as a single regulator for all kinds of gambling. The new Commission will also be responsible for ensuring that gambling is a crime free activity.

Casino royale
Online casinos are easy and fun to play, particularly if you've got a broadband connection available. You usually have to download some mammoth sized software in order to play games like roulette, blackjack or slot machines, although some sites like PokerRoom (www.pokerroom.com) use Java applets so you won't need to download any extra bits to play. A lot of the software, like 32Red's ( www.32red-casino.co.uk) and Victor Chandler's ( www.victorchandler.com), seeks to glamorise the casino scene, as if you were immersed in a movie like Ocean's Eleven or Croupier. Opening sequences display images of women in red, the sound of muzak, and sparkly golden lights.

Online gambling doesn't have to be a solitary experience. Poker is enjoying a comeback thanks to the attraction of playing against real people on virtual card tables. In January, Ladbrokes' site www.ladbrokespoker.com released a report suggesting that 2.9 million UK adults are now interested in playing poker online.

At PokerRoom.com, most people only gamble with play money, but around 10 per cent of its 1.5 million registered users play for real cash, according to managing director Patrik Selin. That's easily enough for the site to generate a profit.

"Poker is growing like crazy," says Selin. "It's community based and you're playing against other people--that's the fun part. It's also quite fast--you can play 100 hands in one hour. It's thrilling, it's real money, and you're betting on your own cards compared to other people's."

The overwhelming majority of PokerRoom.com's clientele is American, which is no surprise--they're the most passionate poker players in the world. Sports betting and gambling on games of chance is illegal in the US, but Selin says the legality of gambling on poker is a "grey area", because it can be perceived as a strategic, skill based game rather than something essentially random.

In any case, many online gambling sites will not accept US customers because of its ambiguous gambling law, and in an attempt to stop US citizens from betting online at non-US sites, many credit card issuing banks block the cards'| use for gambling transactions.

In the UK's Department of Culture, Media and Sport's April 2003 paper on remote gambling, it acknowledged that continued prohibition of cross border gambling is "neither desirable nor practical". It reads: "Nowhere is this better illustrated than in the USA where, despite the apparent illegality of cross-border gambling, more of its citizens gamble online than anywhere else in the world."

Only 10 per cent of PokerRoom.com's customer base comes from the UK, Selin says, but hat number is doubling month by month, as is its total user base. PokerRoom.com, founded in Sweden, currently has its gambling licence and servers in the Mohawk territory of Kahnawake in Canada. When the Gambling Bill becomes law, the company will look to register a gaming licence in the UK.

"From our side, it's about trust," says Selin. "If the UK government can approve our company, that will make more customers want to play with us." However, although online casinos have generally welcomed the Gambling Bill, some are still concerned that the Treasury will impose the same 15 per cent tax on gross profits that it levies on high street bookmakers.

Cool technology
Cutting-edge technology is behind many online gaming and betting sites. Safeguards are required to protect people from tumbling into debt. Cheats need to be tracked down. Then there are audit checks, underage gaming preventions and rigging to think of.

Most websites check details against a credit reference agency like Experian ( www.experian.com), or a verification system like VerifyME ( www.verifymyidentification.com). Meanwhile, companies like PricewaterhouseCoopers analyse card shuffling processes and random number generators to verify sites like LadbrokesCasino.com. When the Gambling Bill becomes law, the random number generators that underpin most online games will need to meet the requirements of the Gambling Commission and undergo ongoing testing.

To combat cheating in a multiplayer environment, PokerRoom.com logs all the hands a member has played. "A cheat's technique would involve a person having had cards and trying to raise money to help their friend who has really good cards," says Selin. "So if we see that you've folded to another person many times, it flags that up on our system."

Technology is also required to protect sites vulnerable to online extortion. Already, betting sites based in offshore locations like Gibraltar have been intimidated by hackers threatening to launch denial of service attacks against certain gambling sites unless the site operators pay up thousands of dollars. Usually, these threats are made before big sporting events such as the Superbowl or Grand National.

Problem gambling
Technology also plays its part in allowing the vulnerable to become addicted to online gambling. In January the Edinburgh Evening News reported that the number of gambling addicts in the Scottish capital had doubled in the last 12 months, with one businessman gambling away 70,000 [pounds sterling] on his company business account in two months after maxing out his personal credit cards online.

Gambling help charity Gamcare (www.gamcare.org.uk) has reported an increase in the amount of people contacting its helpline and counselling services. If you've got the ability to gamble around the clock, an inability to keep track of time spent online and a decreasing perception of the value of cash, you could be developing a problem.

There's also always the danger that children could get addicted. Responsible websites will let users limit their losses and make sure no minors are playing for money.

"The extent to which the government opens up the gambling market will largely be determined by how confident it can be that these objectives [to protect the vulnerable] will not be undermined," the UK government writes in its position paper on remote gambling. Reality checks will need to be put in place.

Gamcare works hard with websites to encourage responsible gambling use among their users. "It's possible, if someone has problems, to shut them out of the site," says Selin. "People can also protect themselves by saying, 'I can only deposit one day a month' or 'I can only deposit 100 dollars at a time'."

At Casino On Net ( www.888.com), a self eviction program is in place. Memberships can be cancelled and you can be prevented from entering the casino at your own request. These are measures taken by most popular casino sites.

Place your bets
Apart from having a regular punt on a dog or a horse, the Internet is transforming the way we bet. The real growth is coming from peer-to-peer betting exchanges, which are mirroring the revolution we're seeing in digital music--and let you play the bookmaker.

The most popular gambling site in the UK is Betfair (www.betfair.com), according to Hitwise figures. Another online betting exchange is the year old ibetx ( www.ibetx.com). Here you can back or lay (bet to lose) a selection, even if a game is in play. You can take odds another user has offered, or offer odds for others to take. The sites will take a commission from your net winnings.

The Gambling Bill specifies that betting exchanges will be licensed as 'betting intermediaries', but users will not require a licence.

Don't take our word for it--why not register at some of these sites yourself and let us know how you get on? We'd highly recommend playing for fun money when first visiting an online casino. You can keep up to date with the latest casino developments by going to www.onlinecasinonews.com or www.casinogb.com. Be lucky!

GAMBLING AND BETTING SITES

Ladbrokes Casino www.ladbrokescasino.com
You could win 31,000 [pounds sterling] on Triple Sevens Blackjack like Joel H. from Manchester!

Casino On Net www.888.com
The adverts are everywhere--especially on the London Underground, and in countless pop-ups on websites the world over. It's the most popular online gambling /entertainment site in the UK, according to online research service Hitwise. Casino On Net launched multiplayer tables way back in 1996, and it lets you chat with others gamblers playing at the same table.

Harrods Casino www.harrods-casino.com
Bring the decadent opulence of the famous department store, as enjoyed by countless American tourists, to your very own living room.

Victor Chandler Casino www.victorhandlercasino.com
If you're afraid of gambling away too much money here, lock yourself out by changing your password when your eyes are closed. It worked for someone we know.

Bet365 www.bet365.com
"I won 75 [pounds sterling] on a fiver after betting that Kerry would win I'm a Celebrity!" exclaimed one former Internet Magazine staff member, who shall remain nameless.

Littlewoods Casino www.littlewoodscasino.com
Video poker, roulette, blackjack, sports betting (via BetDirect) and 24/7 support.

William Hill Sportsbook www.willhill.com
One of the UK's most popular gambling and entertainment websites. Bet in eight languages and 11 currencies.

Daily Draw www.dailydraw.com
Play for money in exchange for 'permission-based marketing emails'. Very popular.

Bet On Markets www.betonmarkets.com
If you don't love horses and dogs aren't your thing, perhaps the lure of the stock exchange will do it for you.

Betfair www.betfair.com
Bet against other punters in this lively gambling marketplace.

32 Red www.32red.com
Probably the sexiest roulette number ever. It's even red! Download this mammoth piece of casino software and play for real or virtual money.

THE NATIONAL LOTTERY
The National Lottery is now a British institution. To maintain its integrity operator Camelot must ensure that its online offerings protect players from fraud and problem or underage gambling. Camelot was the first company to acquire full Gamcare accreditation.

But the Lottery sets itself apart from other online casinos or bookmakers. "Realistically, when you go out and talk to lottery players, they do not see the lottery as gambling" says Richard Hurd-Wood, director of interactive at Camelot Group. "They see it as a chance to have a flutter or a life changing win. Also, they know that the purpose of the National Lottery is to develop money for good causes."

Online instant win games were introduced in March last year, but online Lotto only arrived last December. "We've appealing to two groups--dabblers and impulsives who only play the lottery occasionally," says Hurd-Wood. "It's convenient. It's Lotto from your lounge. We're got a strong at-home audience, and quite a strong daytime audience of people playing during their lunch break."

Camelot is not against any relaxation of the gambling laws, but wants to ensure that levels of player protection are taken into account. The company manages the entire site in-house--third parties do develop some of the interactive games, but random number generators are all maintained by Camelot to ensure their integrity. "Players respond well to games offering familiarity, nostalgia and humour," says Hurd-Wood.

By the end of Camelot's licence period in 2009 it expects interactive channels like the Internet, digital TV and mobile phones to generate 5 per cent of sales. With a current turnover of 85 million [pounds sterling] a week, that's a lot of online fluttering!

www.national-lottery.co.uk

THE GAMBLER'S STORY

Sean Hamill is one of millions of people who occasionally have a bet or gamble online. He divides his time between Betfair and Victor Chandler Poker.

Sean spends a maximum of 50 [pounds sterling] a month on these sites and prefers online gambling over traditional methods because of its instant access (he has broadband at home). "It also offers far better odds," he says. "Betfair, for example, will generally have prices that are at least 20 per cent better than the shops. Also, if you study Betfair, you can usually spot a winner or non-trier by the amount of money that's going on it or not! People using Betfair are usually in the know."

The most he's ever won from Betfair is 200 [pounds sterling]. The site lets you bet against other players, and you can also bet for a horse NOT to win, which is much easier than picking a winner. Although these quirks are the prime attractions for some, Sean says he's drawn towards Betfair for its excellent odds.

Meanwhile, Victor Chandler Poker provides him with some real-time excitement. "You have nine people at a table and get dealt the cards. You get a 2,000 point pot to gamble with--this pot can be bought for varying costs depending on the table you wish to join," he says. "A 50p pot means the prize pool is only 4.50 [pounds sterling], but a 100 [pounds sterling] pot gives you a chance of a 900 [pounds sterling] prize pool. It's up to you how much you gamble, and you can watch other people's strategies--which I like!"

Sean has never gambled beyond his means. "I've always viewed it as a bit of fun, and I'd view a 20 [pounds sterling] bet as a big gamble! But I have seen many people get hooked by gambling at dog tracks and in betting shops," he says. "I guess that's put me off getting hooked more than anything."

But what Wayne doesn’t know is that although he ended up by logging into his bank’s real website, he also revealed his credit card details to an organised crime gang during his initial, supposedly failed, login attempt. Such rogue emails and websites are part of what’s known as a ‘phishing’ scam. The number of these scams is growing by the day.

The gang, armed with Wayne’s credit card details, uses the money to buy a plasma screen TV and sends it to a formerly unemployed lady who replied to a job ad she saw at a major online job website for a correspondence manager.

This woman gets paid a commission after sending the TV to an address in Russia, which she thinks is a children’s charity, and in doing so becomes an unwitting mule in a well organised, sophisticated group of fraudsters.

The goods are resold in Russia and the money laundering is complete. The scenario above is fictional but disturbingly five per cent of people fall for phishing scams, according to US-based security company Tumbleweed.

Most of us will have received a bogus email in our inboxes by now. These scams are one of the first steps in a chain of organised criminal activity, often based in Eastern Europe. Banks are the most likely target, but the single most targeted company is eBay, according to the Anti-Phishing Working Group (www.antiphishing.org), a consortium of more than 180 companies, including Tumbleweed, working on ways to combat the problem.

There are three common phishing techniques used to harvest information, says Jon Harvey, regulatory compliance director at Barclays bank. “One is to download a Trojan attachment onto your machine which captures keystrokes or opens up a port which can then be used for a remote phishing connection. This is not something we’re experiencing at Barclays at the moment,” he says.

Another technique involves soliciting information after users are duped into thinking they are using an official site. This can be done through a similar-sounding URL, such as www.visa-security.com. Also, unpatched Internet Explorer browsers are susceptible to a vulnerability which lets scamsters create a link to what appears to be a legitimate website in the address bar, but is really a fake website.

“Finally, you can compromise the DNS (Domain Name System) server on someone’s network so when you type in the name of the institution, it resolves to another address,” says Harvey.

Most victims of phishing have simply unknowingly entered their details on a fake website.

And it’s not just Internet novices who fall for these scams. “The level of sophistication is dramatically increasing,” says Dave Jevans, chairman of the Anti-Phishing Working Group and senior executive at Tumbleweed. “There has been code for these things seized. Some machines have been seized when there was a phishing attack launched and on the machines were five other attacks on institutions ready to go. We are definitely seeing the convergence between viruses and Trojans and phishing where people are starting to use keyloggers. We’re concerned about DNS takeover attacks.”

Taking people to a counterfeit website and then redirecting them to the real website once their information has been entered is also a worrying trend, Jevans says. People don’t realise that they’ve passed their login information to a scamster because they end up seeing the authentic site.

“Those have been a bit buggy, but they’re really scary.”

In the US, large ISPs like Earthlink have been a target too – similar scams will almost certainly be hitting the UK soon.

“ISPs have your credit card details and they bill monthly, so they’re a prime target,” says Jevans. “Someone sends an email pretending to be from your ISP and saying your card’s expired or there’s a billing problem,” he adds. These can be highly targeted because they know to only send the email to people at the ISP’s domain name. Many of these sites are even hosted at the ISPs themselves so they can be extremely real looking.

We’ve seen it happen to some ISPs here and they’ll get 70,000 phone calls into their customer support centre. It costs them real money.”

Horses for courses What happens once someone enters their banking details on a fake site?

“The account ID and password then needs to be available for the fraudster to obtain in such a way that there’s a clear break between where that information now sits and where the fraudster is so it can’t be traced back,” Harvey says.

The fraudster then logs on to the banking account and transfers the money into a mule’s account, whose role is then to transfer around 90-92 per cent of the stolen money overseas. Often, the funds are transferred between numerous stolen bank accounts both here and offshore in order to make the scam harder to track.

These mules have signed up to the scam after seeing jobs on popular websites listed for ‘correspondence managers’. Much of the time they are unaware that stolen money is being transferred.

Others cotton on, but have been unemployed for some time and are desperate for the lucrative commission.

In the case of repackaging and forwarding on stolen goods, phished details such as Visa numbers are often sold on the black market and used to buy high value items. Store credit can also be obtained if scamsters steal utility type information or a driver’s licence. Login details of popular retailers’ websites are also phished. Goods are purchased and sent on to an address other than the card’s billing address.

“The goods would be delivered to one of these mule people who think they’re receiving a donation for a charity or some bigger cause and they have to repackage it and post it,” Harvey says.

Scamsters have targeted at least one authentic charity, the Russian Orphan Opportunity Fund, several times by launching spoof websites that ask for help.

The price of phish The Anti-Phishing Working Group’s regular report on attacks showed that there were 282 unique phishing attacks in February this year, a 60 per cent increase on the 176 attacks reported in January. Apart from eBay (104 unique attacks, up from 51 in January), the second most targeted company was Citibank (58), followed by PayPal (42, up from 10 in January), AOL (10, down from 34 in January), Fleet Bank (9), Earthlink (8), Visa (8) and Barclays (6). Phishing was one of the major topics debated during the E-Crime Congress held in London last February, where Harvey was a presenter.

“Right now the fraud cost is there, but these large institutions have tons of fraud already,” says Jevans. “The real cost of the problem is the time at the helpdesk, educating customers, business reputation loss and loss of trust on the Internet. This is of particular concern to e-commerce companies who only conduct business online.”

A good catch?
The Anti-Phishing Working Group collaborates securely online and meets regularly around the world to discuss phishing threats and ways to combat them. Specific solutions are outlined in a paper at www.securitymanagement.com/library/ Antiphishing_Tech0304.pdf.

The main proposals so far include email authentication methods and looking at spam standards devised by companies like Microsoft and Yahoo!. “The problem with that is it’s going to take years to be implemented anywhere,” Jevans says.

The group is also investigating the potential for services which scan for ‘cousin’ domains whereby trademark owners would be notified if a similar sounding URL, or sites containing spoof content, are registered.

Barclays’ Harvey points out that “if you configured your website to be seen by spiders and robots we’d find it but a fraudster doesn’t do that – you need to know the absolute address”.

Some services, like Cogenta Domainwatch (www.cogenta.com/domainwatch.htm), scan incoming spam for keywords, which can flag up problems earlier, but don’t prevent them from occurring in the first place.

At Barclays, there is a warning screen each time you log into an online account and selected letters from your ‘secret word’ must be selected from a drop down menu, which thwarts keylogging programs. Users should always type the absolute URL of a website directly into their browser, rather than accessing it from a Favorites menu or a link contained within an email.

Operating systems must also be configured to ensure that remote system management services are switched off, and browsers need to be set with high security settings so that malicious code cannot be executed without the user’s knowledge. Adequate firewall and virus protection is absolutely essential.

For commercial sites, educating users and raising awareness of phishing scams is vital. Ensuring security is maintained requires cooperation between a site and its users.

“We’ve done a lot with education,” says Harvey. “Customers need to understand they need to protect themselves.”

Taking a few simple precautions and being vigilant shouldn’t diminish the convenience of using online services. Thankfully, the infrastructure of online banking and online retailers’ websites has remained secure since phishing began and for those who have been the victims of scams, human error, ignorance or URL masking has been to blame.

As phishing techniques become ever more sophisticated, the fight against the scamsters is a serious one – and one which requires industry cooperation and innovation to combat.]]> 2004-04-26T19:31:53Z 2004-04-26T20:31:53+00:00 tag:www.kimgilmour.com,2004:/articles//4.15 2004-04-26T19:31:53Z

In August 2002, I took a day trip from London to visit the offshore "principality" of Sealand, a disused gun platform off the coast of Harwich to interview Ryan Lackey, the founder of Sealand's offshore hosting company HavenCo (it has now closed). The company claims to be able to host contentious content simply because it's "outside" the UK. But is it really its own sovereignty?

Anyway, it was a very surreal place. You get winched up by a crane to get there! Ryan has since left Sealand to pursue other dreams. I took loads of photographs which I've had on my other website for a while, but you can see some more of my Sealand photographs, and a copy of the whole article. By the way, HavenCo is now closed due to an acrimonious split between founder Ryan Lackey and Prince Michael. amid security fears. It's an interesting story. But read on for mine...

]]> Wish You Were Here? First published in Internet Magazine, December 2002

It's a beautiful day on the Essex coast and for the past two hours I've been sitting outside a sleepy cafe, in Harwich Town Quay with Steve Hill, Internet Magazine's now former news & features editor.

We're waiting to take a £300 speedboat ride to the principality of Sealand, but our pilot, 'Prince' Michael Bates, is late.

Although it might sound like an amusement park, Sealand is actually an old World War II gun fortress about 10km off the east coast. This rusty, dilapidated platform plonked on top of two hollow concrete pillars in the North Sea claims to be its own sovereign state. It also claims to be a truly secure data haven--which is what we're off to look at.

Sealand's wafer-thin claim to sovereignty began in 1967 when Michael's father, Roy Bates, declared the site his own and crowned himself king of Sealand. After a few legal skirmishes, Sealand received a limited degree of de facto recognition--until 1987 is was outside British territorial waters, so the UK wanted nothing to do with it. The main reason it still operates as a micro-country today is because no one has taken any major legal actions against it.

Sovereign status doesn't necessarily mean earning potential, and Sealand had no real source of income until 1999, when 23 year old American Internet geek and cypherpunk pioneer Ryan Lackey set up a colocation style Web hosting business there. Called HavenCo (www.havenco.com), the business was financed by a few angel investors, including Avi Freedman, a Net expert who's now number two at Akamai.

HavenCo's proposition appealed to those who appreciated the notion of a free Internet. A physically secure fortress in the middle of nowhere manned by armed guards, it offered encrypted data, anonymous network traffic, tax avoidance and, most of all, immunity against draconian information laws such as the US Digital Millennium Copyright Act (DMCA) and the UK's Regulation of Investigatory Powers Act (RIP). It essentially offers the political freedom to post almost anything you like online, without fear of legal ramifications.

As HavenCo states on its website: "Sealand currently has no regulations regarding copyright, patents, libel, restrictions on political speech, nondisclosure agreements, cryptography, restrictions on maintaining customer records, tax or mandatory licensing, DMCA, music sharing services, or other issues."

The strategy worked. HavenCo has been profitable since the summer of 2001, thanks to low capital investment, low expenses, a focus on business users and a steady revenue stream. Customers can do whatever they want once they buy a box at Sealand, as long as it's not related to spamming, child pornography, terrorism and there's no hacking originating directly from HavenCo's servers. Anything else goes.

Across the sea

Prince Michael finally arrives, dressed more like a playboy than a prince. "Sorry I'm late," he says, leading us towards his speedboat. "I was at a 56th birthday party and I've got a hangover!" He grabs a couple of harnesses--"these might have come straight out of a fetish shop!"--and gives us a couple of flimsy red life-jackets. Then we're off, guided towards Sealand by the small GPS system on board.

Also in the speedboat is a large fridge that Ryan has requested, four oscillating fans, and three other people, all in their late 50s. One of them, a white-haired man, was apparently the birthday boy, and the couple sitting in the back, Angie and Michael NumberTwo, are his friends. Like us, it's their first trip to Sealand.

The voyage is meant to take around 20 minutes, but we're too preoccupied to keep track of time. The trip is a real roller coaster ride--Michael takes great pleasure scaring us by tilting the speeding boat from side to side, laughing maniacally at the fear in our faces. Angie is screaming and there's froth everywhere.

As we approach the tiny fortress Michael accelerates towards it at full throttle. Just as it seems we're about to crash into the one of the two concrete towers, he whizzes between them.

When he finally slows down, we get our first look at Sealand. It's small--smaller than I had expected. The platform is about the size of a tennis-court, and I can see four or five people beside a yellow crane peering over its edge.

I tell myself to have more faith in my flimsy harness as I'm hooked to the crane and lifted up. Within 30 seconds, my feet reach the platform and I'm slowly lowered onto the rusty deck by amiable-looking guards in green overalls and orange hard hats.

Ryan is also there, a pale, shaven-headed, bespectacled figure, quietly spoken and intelligent, and dressed from head to toe in black.

Security clearance--taking place in the kitchen--is informal. Before stamping our passports, the security guard tests the stamp on the vinyl tablecloth to make sure it's facing upright, then wipes the ink off with his sleeve.

"Have any refugees sought asylum here?" asks Steve.

"No," he says.

Into the depths

Sealand reportedly has a big stock of firearms that it uses to defend itself, but we don't see any. They've got rid of the rusty old gun that had been sitting on the platform for decades--Sealand's very remoteness makes it secure territory and HavenCo is a real, serious business.

Ryan disappears down one of the steep narrow ladders into the windowless, humid Network Operations Centre located in one of Sealand's columns. We're not allowed to see customers' server boxes for security and privacy reasons. But we do discover that pure nitrogen was never pumped into the rooms to stave off rust, exploding another Sealand myth--there's no rust beyond the platform and helipad because the pillars are made of concrete.

We begin the interview in Sealand's living room, which is under the helipad.

The room Looks like a student bedroom, full of mismatched third-hand furniture. But it's airy and bright, unlike the spooky, black depths of Sealand's columns, There's a disused jail in one, just below the dimly lit gym and Ryan's sparse bedroom.

Not sued

So, who on earth uses HavenCo? Is Sealand home to dodgy money-laundering schemes, defamatory content and vast amounts of online pornography?

"Fifty per cent are online gambling customers," Ryan reveals. "Maybe 20 per cent are Internet payment systems customers. The rest are miscellaneous, such as security infrastructure companies, or they're sold through resellers."

Because gambling is mostly illegal in the US, betting entrepreneurs have flocked to HavenCo. They choose it above other offshore havens, such as those in the Caribbean, to avoid costly licensing fees.

So why hasn't the US government taken any action against HavenCo's American customers, who are so blatantly avoiding tax?

"It's very complicated to tell where an Internet business is based," says Ryan, "but where the server is based is an easy way to check. People can also know where your staff is based, but that can be virtual. And a lot of online bank accounts like PayPal are pretty virtual. You're not going to be able to get away without having an Internet server for your business. You may be able to distribute them but then you'll be a victim of all the laws, rather than a single one."

Escaping the law

Ryan is a passionate advocate of free speech online. Business has improved as a result of increased surveillance following September 11. Many people feel new laws are threatening their civil liberties and have scrambled to HavenCo to preserve them. "It's been good for us because a lot of people are afraid of the very draconian laws being passed in the US, and they want to get out in advance of those," Ryan says. HavenCo claims it will destroy a customer's box if it's ever forced to hand over customer data to the authorities. Presumably it'll burn and dump them in the North Sea.

Physical security was also an issue. "Customers were worried that [their servers] could be damaged in an attack," Ryan says. "But we're pretty secure. We're not going to become collateral damage."

There is, of course, a limit to what HavenCo can host. "If we had Osama bin Laden hosting here, we wouldn't even be a smoking pile of ash--we'd be vanished completely."

Ryan believes that if oppressive laws such as RIP start being enforced heavily, people will have more incentive to move offshore. But he doesn't want to spend the rest of his days on the fortress hosting sites that would be banned elsewhere. "If we go back to the US and the UK and they're wretched places to live, well, that's sort of annoying because I don't want to be on Sealand for the rest of my life."

On average, customers pay around $1,500 (around £960) for a box, $750 (around £480) for setup costs, and another $750 a month for colocation and 128k of bandwidth.

This means you won't usually see everyday folk posting dubious or copyright-protected content on HavenCo's servers. But companies hosted at HavenCo are beginning to resell shared hosting services. Ryan also has several side projects that test jurisdictional issues, such as the online publication of the controversial DeCSS source code--the computer code that reads decrypted DVDs. In addition, he's developed a voice encryption system using Bluetooth and an iPAQ PDA, an offshore stock market, a tamper-resistant, anonymous payment service, and he's working on a system to allow GSM text messaging from satellites.

He's also made an anonymous remailer available, which is used extensively on Usenet. He says the 10 complaints or so he's had about it in the last year were "silly".

In fact, Ryan doesn't get many complaints at all. "Anything that's likely to be a problem is either too high profile or too high bandwidth to host here. And if you're going to run a secret server where you don't need to get the benefit of jurisdiction, you might as well take a stolen credit card number and go buy a server at a company with thousands of servers. They're never going to look at yours, so as long as no one reports it, your server will continue operating. People who are going to do a kiddie porn ring are going to find other ways. Once you're willing to break the law there area lot of options for you."

Are HavenCo's customers law-abiding citizens, then? Ryan has a well-prepared answer. "Our customers don't want to break the law, they want a different set of laws they can comply with. It's similar to the way people avoid taxes rather than evade them, by moving assets offshore. These businesses comply with regulations, but accomplish the same purpose as not paying your taxes."

Porn to be wired

But where's the porn? Actually, nowhere--yet. Although HavenCo's prime source of revenue is currently online gambling, Ryan has big plans to host lots of pornography at Sealand in the future. "Hosting porn is something we're working on," he says. "We have porn payment systems, but not porn itself, as we don't have the bandwidth."

Infinite bandwidth will arrive on Sealand within the next 18 months. "At that point, I want to host a 40 gigabit per second porn server with payment systems integrated. It'll provide money and a huge amount of network traffic. And the more network traffic we push through, the easier it is to hide other customers' network traffic in that."

And this would make Ryan's hosting services even more attractive to his mysterious customers. "It also makes it cheaper for us to buy transit because of economies of scale. So porn, well, it's sort oficky, but it's a good industry for us to be in."

But buying transit from carriers is not a problem. HavenCo runs its own local Internet registry and pays its bills on time. Although Ryan won't get into specifics, it's clear HavenCo uses several suppliers and adopts what he calls "miscellaneous network connection" methods. A satellite dish is in plain view on Sealand, but there are other links, "Satellite is one component of our network, but you can't use that as your primary thing because there's latency and the gambling providers are all concerned about that," he says.

As for who the customers are exactly, Ryan is tight-lipped. In the past he's hosted Tibet Online, the website of the exiled Tibetan government. Some systems have also put their index servers there, but not their main conduit services.

Ryan clearly supports particular causes. "There's a certain religion that's really unpopular with Internet users--Scientology," he comments. "A customer should be online in a couple of months with all their secret documents. It'll be very interesting."

Plain brown wrapping

Customers usually choose to pay HavenCo discreetly. "Most pay by wire transfer, or some sort of Internet payment system like e-gold," he says. E-gold (www.e-gold.com) uses realgold to guarantee the value of its payment systems. The real gold stays in a vault, while the ownership changes hands.

The Internet payment systems HavenCo hosts provide similar types of services. "They're more privacy-oriented. They don't reveal information about their payments."

But what about money laundering? It's not an issue, Ryan claims. He's got it all worked out. "[Payment processing systems] are generally restricted to small transactions and maximum amounts. It's harder to launder money through them than in a suitcase. If you're laundering, you want it lobe under one per cent of the total volume of the system. Our customers doing payment processing have volumes of $ million a year, so you couldn't launder a worthwhile amount through the system.

"In theory, I have no problem with people anonymising their financial transactions. From a practical standpoint there's no way you can do that and still interface with existing banking systems."

Ryan's side projects and own personal interests suggest that he's moving away from his current hands-on role at HavenCo. A lot of his time is spent speaking at hacking and cryptography conferences, so he gets ample time away from the fortress, HavenCo may also set up data centres in other locations, although right now that would mean competing against itself.

His dream project is to raise $10 million so he can build a rocket launcher somewhere in a "nice remote location".

It's time to finish the interview as we have to get going to catch the day's only boat outta the place. This time I'm lucky enough to be able to sit in the vessel as it's lowered from the platform into the sea. Everyone else has to be winched down--with no harness--on a wooden swing. But we're old hands at this capernow. Our stomachs have settled enough for us enjoy the bumpy ride back to Harwich.

Reflecting on our little excursion, I decide that although HavenCo is a great idea and Ryan is really passionate about what it stands for, anyone who'd want to live on that place for more than a day must be crazy. Even if they are defending other people's precious content and defying the laws of other countries by creating their own jurisdiction, Sealand's a spartan place.

And the bottom line is, HavenCo is a business, not a non-profit organisation set up to let Web activists get their voices heard without fear of being taken offline. Ryan himself represents an exception to this, but if and when he leaves, who will go to Sealand to ensure HavenCo's philosophies remain? There may be people who would jump at the chance, but in reality it's not a very nice place to live, It'd have to be someone truly dedicated to the concept. (Post script: Ryan left HavenCo in mid 2003 to do other pursuits, putting HavenCo's future in doubt.)

Wanna work for HavenCo?

Ryan tries to spend half his time on Sealand. "I don't know how you'd describe the living conditions here," he says. "They'll be familiar to people who've squatted in buildings in Amsterdam, because of the industrial space. This room has been done up in the last two months, but the rest has been left over since WWII."

For this reason, HavenCo's finding it a bit hard to find interns and full-time staff. Around 5-10 employees do remote admin. "As you can see from the conditions here it's not quite five-star accommodation... or four-star... or even two-star."

Ryan suggests he's on the lookout for interns who might want to work on their own software projects while also doing technical work.

He gets a lot of interest, especially from recent college graduates and security experts. "We have hundreds of people send in resumes. But it's hard to get people to stay once they show up, because then they realise they're stuck here for a couple of weeks at a time. It's mostly the philosophy that attracts people here."

Ryan himself lives on the Internet, spending 18 hours a day online. Even if he's travelling, he still has to make sure there's a terminal nearby. "I'm always logged on," he says. Ryan spends his spare time on the Internet emailing, downloading MP3S and DivXs, playing computer games or using Internet Relay Chat.

COPYRIGHT Kim Gilmour and EMAP 2002.

]]>

Search engine spamming has been an ongoing problem for the big search companies like Google and AltaVista. "It's an attempt to give you a position in search engine results that you don't deserve," says Ian Hegerty, technical architect at AltaVista International (www.altavista .co.uk). Search engine optimisation or marketing is perfectly benign, "but there are some techniques that go over the line of what's fair and legitimate and that becomes spamming", Hegerty says.

Search engine spamming is big business and the companies who specialise in it full time make a lot of money, particularly if a fly by night operation needs a quick and effective presence on the Web. One of the 'old school' techniques is keyword spain. "That's the placing of keywords on the page in very small or invisible text, with white text on a white background." Hegerty says. "Search engines will see the text but the ordinary user won't be able to."

Another trick is to set up a 'doorway page'. This is a page full of keywords, sometimes automatically generated flora a dictionary, which when loaded into a browser directs users to another page where the keyword isn't present. "You see this a lot in the porn arena where you might see a page saying 'Disney', 'Amazon' or 'Toys 'R' Us' in a search engine, but clicking on the link takes you to a porn site," says Hegerty.

Cloaking is another technique, where spammers present an entirely different version of their home page to a search engine to improve their ranking. As a result of cloaking you may see a page you wouldn't expect. Page jacking, meanwhile, happens when someone copies a website's source code to try and steal visitors.

Keyword spamming is easy for the likes of AltaVista and Google to detect, but the arms race between the search engines and the spammers is getting increasingly sophisticated. AltaVista develops automated mechanisms to deal with known spamming techniques but relies on its stall to spot new types of spare. Every 45 days AltaVista rebuilds its index, and every time this process reveals a new technique the spammers have developed.

One of the biggest tricks is called 'link spam'. Modern search engines increasingly rely on the link structure of the Web to determine how popular a website is, so the more other sites link to you, the better. Link spammers will create websites linking to hundreds of sites to try and boost these sites' rankings. These 'artificial link farms' sound cunning, but can still he detected. "In order to tackle this type of spare you really need a map of the Web that includes several billion URLs and to know all the links between them," Hegerty says. "You can run algorithms of the Web which find sites that use techniques like this." Link spammers can also trawl people's guestbooks and infest them with links. "One company had 53,000 links coming front guestbooks," Hegerty says. Thankfully, most search engines know how to resolve these and other new spamming problems quickly.

Hegerty's advice to users is to simply be aware that search engine spamming can happen. Look at the URL and text content and report any results which are out of place to the search engine support staff. If webmasters take on the services of a website optimisation company, they should know what borderline spamming techniques are--it's possible your site could get penalised or even banned if someone engages in some dubious marketing practices on your behalf.

[02] Affiliate spamming and hijacking
You're probably aware of affiliate schemes whereby if you click through to, say, Amazon via someone's website, they're likely to earn a small commission if you purchase something via the link.

Affiliate spammers copy as much information as possible from popular affiliate websites in order to get a high search engine ranking. Then, if you click on the search engine link, you'll be redirected to a site like Amazon's--but the spammer will tag on its own affiliate ID in the process. This means you could end up buying goods on Amazon without realising the spammer is earning money from your purchase. "They're making money purely because they're acting like an intermediary between the search engine and Amazon," says Hegerty.

Affiliate spammers can also send thousands of junk emails out to unwitting users. Click on a link and you may be generating money for the spammer. It's up to the company providing the affiliate scheme to detect and ban IDs from affiliates teat are abusing the system.

There's also software that hijacks legitimate affiliate revenue and redirects it to another company's account. Programs that do this are known as 'stealware'. Major peer to peer file sharing services are notorious for using this technique because they claim they need the money to continue to provide a free service. Kazaa uses a program called SaveNow from WhenU.com, while LimeWire uses TopMoxie.

Both have been known to divert commissions. While arguably unethical, if a user has opted in to allow these companies to take affiliate commissions, the only thing they can do is uninstall the stealware and inform the affiliate provider about what's happening.

[3] Hoax emails
While not harmful on their own, those new to the Internet are often fooled by hoax emails. They waste time and bandwidth for the rest of us. Technology has made some magical things possible but emails promising unlimited free trips to Florida for everybody sound just a bit too good to be true and they are. Despite this, it's amazing how many friends who should know better forward chain emails saying 'Bill Gates is sharing his fortune and for every person you send this on to you'll receive $245!'. However, those who don't know any better may think they're doing a good deed. Some gentle advice is called for.

There are also hoaxes which tell you to delete a seemingly malicious file from your PC when in reality the file is harmless. Don't do it. [04] Identity theft
Identity theft is the fastest growing online scare in 2002 it increased by 80 per cent, according to research firm Gartner Group. Scarily, we're all at risk. In July a man called Juji Jiang went to at least 14 Kinko's stores in New York and secretly installed easily obtainable keylogger software on public computers. He was able to extract more than 450 usernames and passwords by monitoring what people were typing.

"The main cause of loss of identity credentials is usually caused by a keylogger," says Pete Simpson, manager of ThreatLab at email messaging company Clearswift. Keylogging software can find its way on to your computer via spam, worms, viruses and malicious Web pages, Simpson warns.

[05] Email spamming techniques
You hate spam. You keep getting it. Why? Because there are so many ways for spammers to know your email address is live. Even if you have spam control software in place, the spammers are learning all sorts of hacker style tricks to try and circumvent it, says Martino Corbelli, marketing manager for content filtering company SurfControl.

People often email an 'unsubscribe' address at the bottom of spam thinking they'll be taken off the spammers' mailing list. But, says Corbelli, "what they've actually done is communicate to the spammer that that was a live email address".

"More spare these days doesn't bother to have those messages because the moment you actually open an email, a 'Web beacon' sends a message to the spammer saying, 'someone's opened this email'. Then you get put into the live database."

Spam filtering techniques like pattern recognition art: becoming increasingly ineffective. "Spammers are basically just changing the letters they use," Corbeni says. For example, 'viagra' will read 'Viagra' or 'v_I_a_g_r_a'. You may also see random letters at the end of a subject line, used to trick pattern recognition software. Spammers also like hiding spam content within JavaScript or frames.

Another technique is to again use white text, which may relate to a business contract, on a white background. Any lexical analysis software will think the spam relates In a legitimate email. But, when you open it, the image embedded within the email is loaded--promoting cheap ink cartridges, or whatever.

Corbelli's advice? "If it looks like spam, smells like spare, tastes like spam ... don't even open it. Delete it straight away." Be aware of emails that may get you or your company into trouble. Links embedded in emails could introduce problematic content, such as child porn, into your company network.

[06] Fraud via email
Remember, if it sounds too good to be true, it probably is. You may receive entails from someone like Chief Egobike Madu, the executive director with Nigeria National Petroleum, who wants help to transfer tens of millions of dollars into a foreign account in return for a generous commission--but not before you cough up thousands of pounds to 'aid' the transaction.

This will be followed by delays. You'll be asked for more money to speed things up, and then you'll never hear from the scamsters again. This is the '419 scam', named after the relevant Nigerian criminal code. In fact, the 419 Coalition action group thinks the seam is the third to fifth largest 'industry' in Nigeria (http:// home.rica.net/alphae/419coal).

While most of us can spot when someone's trying to pull a fast one, technology has made it much easier for us to inadvertently give away important details about ourselves. The Citibank scams, for instance, (www.snopes.com/inboxer/scams/citibank .asp) look astonishingly realistic. Unsuspecting users responded to a spam mail reading: "We are letting you know, that you, as a Citibank checking account holder, must become acquainted with our new Terms & Conditions and agree to it." They were then redirected to a spoof website which looked almost exactly like the Citibank one except a numerical URL would be visible in the address bar.

The latest seam involves notification of a money transfer, which requires registration with Citibank. Of course, registration requires you to enter your credit card details, which will then be in the hands of a fraudster.

[07] Auction scams
The US Internet Fraud Complaint Centre (www.ifccfbi.gov) processed around 49,000 complaints in 2002. Not surprisingly, Internet auction fraud comprised a whopping 46.1 per cent of referred fraud complaints, up by 7.7 per cent on 2001 figures. Complainants lost an average of $320 (around 200 [pounds sterling]) each, Although auction fraud appears to be growing each year, the auction industry itself is getting much faster in reacting to it and vigilance by individuals is helping stem the tide of auction fraud at bay.

However, stolen goods still crop up on eBay--even our very own columnist Lance Concannon bought a laptop which he had to hand over to the police when it turned out to have fallen straight off the back of a lorry. In the UK, the National High Tech Crime Unit routinely works with eBay in order to tackle criminal activity.

[08] E-commerce fraud
Some good news now. Figures from the Department of Trade and Industry fur 2002 suggest that lower than one per cent of people in the UK have reported experiencing online credit card fraud. This compares with two per cent who've encountered fraud offline, although five per cent of people know someone who has experienced fraud online. Two per cent of people have lost money to a fraudulent Internet company

Merchants have a harder time, and published reports may deter many wanting to start selling online. The 2002 online fraud report by Cybersource (www.cybersource.com) found that despite merchants using software to protect themselves from online fraud, losses didn't decrease because they didn't regularly update and integrate their anti-fraud tools. There were also losses not directly related to revenue, such as loss of staff time and chargeback fines. Credit card companies have been obliged to improve their authentication procedures, which has increased confidence for merchants and consumers. Visa's encrypted 3D Secure system allows merchants to authenticate credit cards with the cardholder's bank in real time. Customers must enter a password during the checkout process, thus reducing fraud incidents.

[9] Pumping and Dumping
No, this isn't about eating too much curry. It's about greed, Wall Street and online hype. Scamsters use spare, message hoards and chat rooms to talk up stocks they hold a stake in. Usually they claim to have 'insider information' on something big. People buy the stock, the price rises, the scamster sells their stock and the prices begin to fall.

Take a typical email from our inboxes, for example: "Tamarak recently announced joint venture discussions with Disney and CBS for the production of full length feature films and television mini-series. We expect a major announcement regarding significant financing ... The stock could easily reach $10.00 in less than a month on the strength of their upcoming announcements." The company had publicly announced this in the press, but one day later, the US Securities and Exchange Commission temporarily suspended trading in Tamarak securities "because of questions that have been raised about the accuracy of assertions in press releases" concerning the company's financial ability to produce and distribute a TV mini series and "purported discussions between Tamarak and major TV and film studios".

[10] Fraudulent pay per click
Most search engines prominently display sponsored listings or paid for advertisements alongside their traditional, Web crawled results. These listings are provided by companies such as Overture, Google AdWords and eSpotting. Advertisers fight with their competitors to get top placements by bidding against them for lucrative search keywords. The more popular the keyword, the higher the bid. Whenever a user clicks on a link, the advertiser must pay the pay per click company the amount determined during bidding. But in the dirty world of business, there have been cases of companies trying to generate fraudulent clicks on their rivals' websites to try and milk their marketing budgets.

Advertiser security is a top priority, says Karen Salamon, marketing director at Overture UK. "Overture's Click Through Protection System is based on sophisticated, patent-pending technology that runs 24 hours a day, seven days a week to help prevent advertisers from being charged for questionable clicks." Search and click patterns are studied across 50 data points, including user session, IP address and browser information. "Marketplace integrity is critical to our success and the goal of our filtering system is to be perfect," says Salamon. Multi clicking is unethical, but is it illegal? "Repeated clicking can be linked to or stem from illegal behaviour and may be intended to result in a fraudulent reduction in the victim advertiser's marketing budget," says Salamon. "For this reason, Overture takes any such behaviour very seriously and maintains best-of-breed systems to detect and isolate invalid clicks."

ONE READER'S STORY Richard Osborne is an IT consultant (www.ozzy.co.uk), whose clients market their sites through Overture, When one site's daily pay-per-click (barges rocketed from 30 [pounds sterling] to 110 [pounds sterling] and then up to 250 [pounds sterling], Osborne suspected that a competitor was purposely milking his client s marketing budget with fraudulent clicks. He checked the site logs and noticed the same IP addresses continually accessing the site.

After informing Overture he received a standard email stating that they could see no abnormal activity. "I replied saying that I thought they were wrong and included full server logs. Three days later I got the same standard email, word for word, back again."

It was only after Osborne contacted the press that Overture called him back. "I get the impression they're probably try to fob people off and people accept it because Overture are big."

Osborne now makes sure to add proper tracking cede to his clients' URLs. Overture says: "In order to verify that Overture's Click Through Protection System is working, advertisers should have an Overture Tracking URL on their listings ... to review their Web logs and see that we have not billed for invalid clicks."

Has this happened to you? Osborne recommends visiting the forums at http://forums.seochat.com. Most of the time the Internet is a perfectly honest place to go about your business but, as in the real world, it's surprisingly easy to become a victim of an unpleasant scare or find yourself involved in dodgy dealings. However, if you know what you're dealing with you're tar less likely to get caught out. with this in mind we've undertaken a little detective work to discover the ugliest seams you're ever likely to encounter online. Some are perfectly legal, must are unethical, and all of them you should be aware of. [01] Search engine spamming It's not actually illegal to abuse technology in an attempt to grab the top spot in search engine rankings, But search engine 'spamming', whereby Webmasters try to fool search engines into believing their silo is relevant to the search results, isn't ethical--particularly when your site doesn't merit a place in Google's top ten. This kind of behaviour can result in your site being penalised, or even banned, from search results. Search engine spamming has been an ongoing problem for the big search companies like Google and AltaVista. "It's an attempt to give you a position in search engine results that you don't deserve," says Ian Hegerty, technical architect at AltaVista International (www.altavista .co.uk). Search engine optimisation or marketing is perfectly benign, "but there are some techniques that go over the line of what's fair and legitimate and that becomes spamming", Hegerty says. Search engine spamming is big business and the companies who specialise in it full time make a lot of money, particularly if a fly by night operation needs a quick and effective presence on the Web. One of the 'old school' techniques is keyword spain. "That's the placing of keywords on the page in very small or invisible text, with white text on a white background." Hegerty says. "Search engines will see the text but the ordinary user won't be able to." Another trick is to set up a 'doorway page'. This is a page full of keywords, sometimes automatically generated flora a dictionary, which when loaded into a browser directs users to another page where the keyword isn't present. "You see this a lot in the porn arena where you might see a page saying 'Disney', 'Amazon' or 'Toys 'R' Us' in a search engine, but clicking on the link takes you to a porn site," says Hegerty. Cloaking is another technique, where spammers present an entirely different version of their home page to a search engine to improve their ranking. As a result of cloaking you may see a page you wouldn't expect. Page jacking, meanwhile, happens when someone copies a website's source code to try and steal visitors. Keyword spamming is easy for the likes of AltaVista and Google to detect, but the arms race between the search engines and the spammers is getting increasingly sophisticated. AltaVista develops automated mechanisms to deal with known spamming techniques but relies on its stall to spot new types of spare. Every 45 days AltaVista rebuilds its index, and every time this process reveals a new technique the spammers have developed. One of the biggest tricks is called 'link spam'. Modern search engines increasingly rely on the link structure of the Web to determine how popular a website is, so the more other sites link to you, the better. Link spammers will create websites linking to hundreds of sites to try and boost these sites' rankings. These 'artificial link farms' sound cunning, but can still he detected. "In order to tackle this type of spare you really need a map of the Web that includes several billion URLs and to know all the links between them," Hegerty says. "You can run algorithms of the Web which find sites that use techniques like this." Link spammers can also trawl people's guestbooks and infest them with links. "One company had 53,000 links coming front guestbooks," Hegerty says. Thankfully, most search engines know how to resolve these and other new spamming problems quickly. Hegerty's advice to users is to simply be aware that search engine spamming can happen. Look at the URL and text content and report any results which are out of place to the search engine support staff. If webmasters take on the services of a website optimisation company, they should know what borderline spamming techniques are--it's possible your site could get penalised or even banned if someone engages in some dubious marketing practices on your behalf. [02] Affiliate spamming and hijacking You're probably aware of affiliate schemes whereby if you click through to, say, Amazon via someone's website, they're likely to earn a small commission if you purchase something via the link. Affiliate spammers copy as much information as possible from popular affiliate websites in order to get a high search engine ranking. Then, if you click on the search engine link, you'll be redirected to a site like Amazon's--but the spammer will tag on its own affiliate ID in the process. This means you could end up buying goods on Amazon without realising the spammer is earning money from your purchase. "They're making money purely because they're acting like an intermediary between the search engine and Amazon," says Hegerty. Affiliate spammers can also send thousands of junk emails out to unwitting users. Click on a link and you may be generating money for the spammer. It's up to the company providing the affiliate scheme to detect and ban IDs from affiliates teat are abusing the system. There's also software that hijacks legitimate affiliate revenue and redirects it to another company's account. Programs that do this are known as 'stealware'. Major peer to peer file sharing services are notorious for using this technique because they claim they need the money to continue to provide a free service. Kazaa uses a program called SaveNow from WhenU.com, while LimeWire uses TopMoxie. Both have been known to divert commissions. While arguably unethical, if a user has opted in to allow these companies to take affiliate commissions, the only thing they can do is uninstall the stealware and inform the affiliate provider about what's happening. [3] Hoax emails While not harmful on their own, those new to the Internet are often fooled by hoax emails. They waste time and bandwidth for the rest of us. Technology has made some magical things possible but emails promising unlimited free trips to Florida for everybody sound just a bit too good to be true and they are. Despite this, it's amazing how many friends who should know better forward chain emails saying 'Bill Gales is sharing his fortune and for every person you send this on to you'll receive $245!'. However, those who don't know any better may think they're doing a good deed. Some gentle advice is called for. There are also hoaxes which tell you to delete a seemingly malicious file from your PC when in reality the file is harmless. Don't do it. [04] Identity theft Identity theft is the fastest growing online scare in 2002 it increased by 80 per cent, according to research firm Gartner Group. Scarily, we're all at risk. In July a man called Juji Jiang went to at least 14 Kinko's stores in New York and secretly installed easily obtainable keylogger software on public computers. He was able to extract more than 450 usernames and passwords by monitoring what people were typing. "The main cause of loss of identity credentials is usually caused by a keylogger," says Pete Simpson, manager of ThreatLab at email messaging company Clearswift. Keylogging software can find its way on to your computer via spam, worms, viruses and malicious Web pages, Simpson warns. [05] Email spamming techniques You hate spam. You keep getting it. Why? Because there are so many ways for spammers to know your email address is live. Even if you have spam control software in place, the spammers are learning all sorts of hacker style tricks to try and circumvent it, says Martino Corbelli, marketing manager for content filtering company SurfControl. People often email an 'unsubscribe' address at the bottom of spam thinking they'll be taken off the spammers' mailing list. But, says Corbelli, "what they've actually done is communicate to the spammer that that was a live email address". "More spare these days doesn't bother to have those messages because the moment you actually open an email, a 'Web beacon' sends a message to the spammer saying, 'someone's opened this email'. Then you get put into the live database." Spam filtering techniques like pattern recognition art: becoming increasingly ineffective. "Spammers are basically just changing the letters they use," Corbeni says. For example, 'viagra' will read 'Viagra' or 'v_I_a_g_r_a'. You may also see random letters at the end of a subject line, used to trick pattern recognition software. Spammers also like hiding spam content within JavaScript or frames. Another technique is to again use white text, which may relate to a business contract, on a white background. Any lexical analysis software will think the spam relates In a legitimate email. But, when you open it, the image embedded within the email is loaded--promoting cheap ink cartridges, or whatever. Corbelli's advice? "If it looks like spam, smells like spare, tastes like spam ... don't even open it. Delete it straight away." Be aware of emails that may get you or your company into trouble. Links embedded in emails could introduce problematic content, such as child porn, into your company network. [06] Fraud via email Remember, if it sounds too good to be true, it probably is. You may receive entails from someone like Chief Egobike Madu, the executive director with Nigeria National Petroleum, who wants help to transfer tens of millions of dollars into a foreign account in return for a generous commission--but not before you cough up thousands of pounds to 'aid' the transaction. This will be followed by delays. You'll be asked for more money to speed things up, and then you'll never hear from the scamsters again. This is the '419 scam', named after the relevant Nigerian criminal code. In fact, the 419 Coalition action group thinks the seam is the third to fifth largest 'industry' in Nigeria (http:// home.rica.net/alphae/419coal). While most of us can spot when someone's trying to pull a fast one, technology has made it much easier for us to inadvertently give away important details about ourselves. The Citibank scams, for instance, (www.snopes.com/inboxer/scams/citibank .asp) look astonishingly realistic. Unsuspecting users responded to a spam mail reading: "We are letting you know, that you, as a Citibank checking account holder, must become acquainted with our new Terms & Conditions and agree to it." They were then redirected to a spoof website which looked almost exactly like the Citibank one except a numerical URL would be visible in the address bar. The latest seam involves notification of a money transfer, which requires registration with Citibank. Of course, registration requires you to enter your credit card details, which will then be in the hands of a fraudster. [07] Auction scams The US Internet Fraud Complaint Centre (www.ifccfbi.gov) processed around 49,000 complaints in 2002. Not surprisingly, Internet auction fraud comprised a whopping 46.1 per cent of referred fraud complaints, up by 7.7 per cent on 2001 figures. Complainants lost an average of $320 (around 200 [pounds sterling]) each, Although auction fraud appears to be growing each year, the auction industry itself is getting much faster in reacting to it and vigilance by individuals is helping stem the tide of auction fraud at bay. However, stolen goods still crop up on eBay--even our very own columnist Lance Concannon bought a laptop which he had to hand over to the police when it turned out to have fallen straight off the back of a lorry. In the UK, the National High Tech Crime Unit routinely works with eBay in order to tackle criminal activity. [08] E-commerce fraud Some good news now. Figures from the Department of Trade and Industry fur 2002 suggest that lower than one per cent of people in the UK have reported experiencing online credit card fraud. This compares with two per cent who've encountered fraud offline, although five per cent of people know someone who has experienced fraud online. Two per cent of people have lost money to a fraudulent Internet company Merchants have a harder time, and published reports may deter many wanting to start selling online. The 2002 online fraud report by Cybersource (www.cybersource.com) found that despite merchants using software to protect themselves from online fraud, losses didn't decrease because they didn't regularly update and integrate their anti-fraud tools. There were also losses not directly related to revenue, such as loss of staff time and chargeback fines. Credit card companies have been obliged to improve their authentication procedures, which has increased confidence for merchants and consumers. Visa's encrypted 3D Secure system allows merchants to authenticate credit cards with the cardholder's bank in real time. Customers must enter a password during the checkout process, thus reducing fraud incidents. [9] Pumping and Dumping No, this isn't about eating too much curry. It's about greed, Wall Street and online hype. Scamsters use spare, message hoards and chat rooms to talk up stocks they hold a stake in. Usually they claim to have 'insider information' on something big. People buy the stock, the price rises, the scamster sells their stock and the prices begin to fall. Take a typical email from our inboxes, for example: "Tamarak recently announced joint venture discussions with Disney and CBS for the production of full length feature films and television mini-series. We expect a major announcement regarding significant financing ... The stock could easily reach $10.00 in less than a month on the strength of their upcoming announcements." The company had publicly announced this in the press, but one day later, the US Securities and Exchange Commission temporarily suspended trading in Tamarak securities "because of questions that have been raised about the accuracy of assertions in press releases" concerning the company's financial ability to produce and distribute a TV mini series and "purported discussions between Tamarak and major TV and film studios". [10] Fraudulent pay per click Most search engines prominently display sponsored listings or paid for advertisements alongside their traditional, Web crawled results. These listings are provided by companies such as Overture, Google AdWords and eSpotting. Advertisers fight with their competitors to get top placements by bidding against them for lucrative search keywords. The more popular the keyword, the higher the bid. Whenever a user clicks on a link, the advertiser must pay the pay per click company the amount determined during bidding. But in the dirty world of business, there have been cases of companies trying to generate fraudulent clicks on their rivals' websites to try and milk their marketing budgets. Advertiser security is a top priority, says Karen Salamon, marketing director at Overture UK. "Overture's Click Through Protection System is based on sophisticated, patent-pending technology that runs 24 hours a day, seven days a week to help prevent advertisers from being charged for questionable clicks." Search and click patterns are studied across 50 data points, including user session, IP address and browser information. "Marketplace integrity is critical to our success and the goal of our filtering system is to be perfect," says Salamon. Multi clicking is unethical, but is it illegal? "Repeated clicking can be linked to or stem from illegal behaviour and may be intended to result in a fraudulent reduction in the victim advertiser's marketing budget," says Salamon. "For this reason, Overture takes any such behaviour very seriously and maintains best-of-breed systems to detect and isolate invalid clicks."

MORE INFO Info on avoiding types of investment scams www.sec.gov/investor/pubs /cyberfraud.htm Comprehensive link to details of spyware and adware www.iol.ie/~link/Spyware %20Information.htm Be aware of search engine submission techniques www.searchenginewatch.com What are your online rights? The DTI has set up a guide www.consumer.gov.uk /consumer_web /e-shopping.htm If you're sick of your friends sending you endless hoax virus reports, direct them to www.sophos.com/virusinfo /hoaxes ONE READER'S STORY Richard Osborne is an IT consultant (www.ozzy.co.uk), whose clients market their sites through Overture, When one site's daily pay-per-click (barges rocketed from 30 [pounds sterling] to 110 [pounds sterling] and then up to 250 [pounds sterling], Osborne suspected that a competitor was purposely milking his client s marketing budget with fraudulent clicks. He checked the site logs and noticed the same IP addresses continually accessing the site.

After informing Overture he received a standard email stating that they could see no abnormal activity. "I replied saying that I thought they were wrong and included full server logs. Three days later I got the same standard email, word for word, back again."

It was only after Osborne contacted the press that Overture called him back. "I get the impression they're probably try to fob people off and people accept it because Overture are big." Osborne now makes sure to add proper tracking cede to his clients' URLs. Overture says: "In order to verify that Overture's Click Through Protection System is working, advertisers should have an Overture Tracking URL on their listings ... to review their Web logs and see that we have not billed for invalid clicks."

Has this happened to you? Osborne recommends visiting the forums at http://forums.seochat.com. ]]> 2004-04-26T09:41:42Z 2004-04-26T10:41:42+00:00 tag:www.kimgilmour.com,2004:/articles//4.11 2004-04-26T09:41:42Z