[Fair Use: For Educational/Research Purposes Only]
http://abcnews.go.com/sections/tech/DailyNews/webattacks000210.html
Searching For The Attackers
FBI Investigates Web Attacks; Seven Hit So Far, Who&#s Next?
By Jonathan Dube
Feb. 10 � After three days of assaults that knocked seven leading Web
sites offline, Internet companies are on guard and bracing to see
what, if any, sites may be struck next.
Meanwhile, the FBI continues to pursue the attackers. U.S. Attorney
General Janet Reno tried to ease public concerns Wednesday by
announcing that a team of agents is working the case.
�These cyber assaults have caused millions of Internet users to
be denied services,� Reno said. �At this time we are not aware of the
motives behind these attacks. But they appear to be intended to
disrupt legitimate electronic commerce.�
At least seven top Web sites have been knocked offline in the
past three days by an unprecedented level of attacks that have raised
new concerns about Internet security.
On Monday, the leading independent Web portal, Yahoo!, was
attacked and made inaccessible. On Tuesday, Buy.com, Amazon.com, eBay
and CNN.com were attacked. And Wednesday, technology site ZDNet and
online trading site E*TRADE have suffered attacks.
Ron Dick, chief of the computer investigations at the National
Infrastructure Protection Center, said the FBI is in the process of
collecting computer data logs from the targeted companies so it can
try to track down the
source.
�We are in the process of analyzing and getting them in here at
this point,� Dick said.
Hunting Down Leads
All the assaults were what are known as denial-of-service attacks,
which entails someone bombarding a site with mock traffic. What
results is an Internet traffic jam, effectively blocking out users.
All of this week�s attacks appeared to be coordinated efforts
launched from multiple points on the Internet.
The attackers could be difficult to locate because they were
likely relaying the traffic through computers that they had taken
over without the owner�s knowledge. They also likely disguished their
computer trail by faking identifying information.
Reno said the FBI�s National Infrastructure Protection Center is
heading up the investigation with help from FBI agents in the field,
specially trained federal prosecutors, state and local law
enforcement agencies, and officials from the companies that were
attacked.
Dick said at least four FBI offices have opened investigations
and agents are interviewing people across the United States.
�We�re running every lead down until we find the perpetrators,�
Dick said.
The type of attack suspected is considered a federal crime that
carries a maximum sentence of five years in prison for first-time
offenders and up to 10 years for repeat offenders. However, the FBI
could conceivably slap dozens of charges on the perpetrators because
there have been so many attacks.
If the person responsible lives outside the United States, the
Computer Fraud and Abuse Act would likely still apply because U.S.
computers were used in the attacks, Dick said.
Connection Likely
Security experts say the timing and similarity of the attacks makes
it likely they are connected.
�I would say whoever�s doing this has some kind of beef, has
some kind of ax to grind, and it�s safe to say he�s active and out
there and looking for more targets,� said Elias Levy, the chief of
technology for SecurityFocus.com, which monitors computer security
issues.
The attacks are particularly alarming to security officials and
Internet companies because so far they have been unstoppable.
�If somebody, such as Yahoo!, which is the No. 1 site when it
comes to Web traffic and has invested a lot of money in its
infrastructure to handle a lot of Web traffic, can be taken offline,
then that basically means that anybody can be taken offline,� Levy
said.
Coordinated Attacks
Yahoo! has installed filters to prevent similar attacks. But
spokeswoman Diane Hunt acknowledged that even the new filters may not
be foolproof.
�This was a very, very intense attack,� Hunt said. �And,
unfortunately, there�s no way to guarantee that these types of
attacks won�t happen to anybody in the future. You can put filters in
place, but eventually hackers can figure out ways to work around
those. So nobody can solve it 100 percent. I think it�s part of doing
business, unfortunately.�
Yahoo! has historically been one of the most reliable sites on
the Web, so Monday�s outage offers a cautionary note to anyone
dependent on the Internet for business: Even the sites with the most
resources and best track records are vulnerable to attacks and
service interruptions.
�I think it�s absolutely an indication that no matter how much
preparation you do, no matter how many contingency plans you have, no
matter how well you design your system, it�s always possible that
something can go wrong,� said Dan Todd, director of public services
for Keynote Systems Inc., a Silicon Valley company that tracks Web
site performance.
The Victims
Here�s a rundown of the Web sites that have been attacked so far this
week:
Yahoo!
Yahoo!, the first site struck, was down from about 1:15 p.m. to 4:25
p.m. ET Monday. The attack on Yahoo! came from at least 50 different
points on the Internet and appeared to be a coordinated effort,
spokeswoman Diane Hunt said. At the attack�s peak, Yahoo! was flooded
with one gigabyte of traffic a second � more than most sites get in a
year. Yahoo! serves an average of 465 million page views a day.
Hunt said the site has been struck by smaller versions of this
type of attack in the past, but in those cases the company was able
to reroute the traffic to prevent disruption of service. Monday�s
attack caught the company off-guard and came from so many locations,
at the same time, that Yahoo! was unable to stop it.
Yahoo! doesn�t expect the downtime to cost the company a
significant amount of money. The company may place additional ads on
pages to compensate for any ads that were supposed to be seen Monday
but were not due to the outage.
Yahoo! has had minor outages in the past, but this was the first
time the entire Yahoo! network went down. Yahoo! is the second most-
visited site on the Internet after America Online with more than 42
million unique visitors a month, according to the research firm Media
Metrix.
Buy.com
Robin Zohn, a spokeswoman for Buy.com, said the site was down from
about 1:50 p.m.to 5 p.m. ET Tuesday � roughly the same time Yahoo!
was inaccessible Monday. The site was struck with 800 megabytes of
data per second, more than 24 times the normal flow of data.
The timing was unfortunate for Buy.com, as the company went
public Tuesday. Buy.com, which sells a variety of products at steep
discounts, had a market capitalization of $3.5 billion after
Tuesday�s initial public offering, which raised $182 million.
eBay.com
eBay, the Web�s leading auction site, was inaccessible for about two
hours Tuesday starting at 5:45 p.m. ET. The company sent a note to
its members saying it was experiencing a denial-of-service attack and
promising that no confidential information was compromised.
�We are taking multiple measures to fight this, including
working with local and federal authorities, ISPs including Sprint,
UUNet and AboveNet, our vendors including Cisco, our partners, and
other Internet sites that have recently been attacked in the same
way,� an eBay statement read.
The company has had access problems in the past. The site
crashed in June 1999 for about 22 hours. The outage sent the
company�s stock into a tailspin, causing eBay to lose 26 percent of
its value in five days and costing it $5 million in revenues in the
second quarter. The company also suffered a string of smaller outages
in November, lasting a total of four hours during three days. It has
since invested more than $18 million in engineering to improve site
performance.
Amazon.com
Users were unable to access Amazon.com from about 8 p.m. to 9 p.m. ET
Tuesday, according to spokeswoman Patty Smith. � A large amount of
junk traffic was directed at our site,� she said.
CNN.com
CNN.com was inaccessible from 7 p.m. to 8:45 p.m. ET Tuesday. The
attack continued after that, but the site�s service provider put up
blocks, said spokeswoman Edna Johnson.
ZDNet.com
ZDNet was attacked Wednesday morning. A ZDNet spokeswoman said the
company believes the strike came from the same group of attackers.
�All signs point to this being the same �denial of service� problem,�
ZDNet�s Martha Papalia said.
E*TRADE
The online investment site E*TRADE went down unexpectedly Wednesday
from about 8:15 a.m. to 11:15 a.m. ET, according to Keynote Systems
Inc., a Silicon Valley company that tracks Web site performance.
E*TRADE said it was attacked.
The Microsoft Network
Microsoft Corp's MSN.com, another highly visited site, said it was
indirectly affected because of disruptions to several Internet
service providers carrying its traffic. A relatively small proportion
of users were unable to access Web pages and others, who subscribe to
Microsoft's online service, may have been unable to log on, said
Microsoft spokesman Tom Pilla.
----------------------------------------------------------------------
-- Linkmeister (link@librarian.edu), February 10, 2000.