By Greg Chang

BLOOMBERG NEWS The hackers who disabled popular Web sites this week used software easily found on the Internet, surprising experts who thought the sites were immune to such attacks.

"No one thought that you could harness enough machines to take these huge sites down," said Weld Pond, a hacker who works for a security consultant, At Stake Inc. "Someone's proving a point."

It takes only limited technical skill to download software such as Tribal Flood that can overwhelm a computer with requests for information, or hits. Security consultants thought the big sites were safe because they run on multiple computer servers and routers that handle enormous amounts of traffic.

Experts suspect that the culprits installed the software on hundreds of Internet-connected computers in college computer labs or other locations with limited security. The compromised computers can be controlled remotely or programmed to attack a Web site at a certain time, said Cary Cohen of the federally funded Computer Emergency Response Team at Carnegie-Mellon University.

"The Internet is as strong as its weakest links, the host computers," Cohen said.

Swamping Web sites to create a condition known as denial of service has been done more often as the software has become more available on the Internet, said Randall Nichols, a security consultant and the coauthor of Defending Your Digital Assets.

The Pentagon used denial-of-service tactics to disrupt computer systems used by Iraq during the Persian Gulf war, Nichols said. China and Taiwan also have been known to attack each other this way, he said.

The hackers probably used hundreds of computers for this week's attacks, indicating that they were well-organized and might have planned their campaign for months, At Stake's Pond said. He and others speculated that the hackers could be young pranksters trying to impress their friends.

Others think the perpetrators might have more sinister motives.

"While all the commotion is going on, it creates a smoke screen to do dirty work and gain access to sensitive information or [to compromise] privacy," said Thomas Noonan, chief executive of ISS Group Inc., which makes software to detect hacker break-ins.

Some questions and answers about the cyberattacks:

Question: If these attacks have occurred for years, why are they getting attention now?

Answer: Hackers have become more sophisticated, and have developed programs that automate such an attack. That allows hackers to overwhelm some of the most prominent sites already designed to handle large amounts of traffic.

Q: How can hackers get hundreds of computer administrators to cooperate?

A: They do not. But some of their automated tools find weaknesses in computer systems to plant the damaging program that will remain dormant until the appointed time of attack. If the hackers route the program through someone else's computer, it makes it more difficult to trace the attack.

http://www.phillynews.com/inquirer/2000/Feb/10/national/HACKSIDE10.htm

Q:. What can sites do to prevent such attacks?

A: Little, according to Mark Zajicek, a team leader at the CERT Coordination Center at Carnegie Mellon. He said the focus instead must be on increasing security of other computers so that they cannot be commanded to launch such attacks.

-- Martin Thompson (mthom1927@aol.com), February 10, 2000