C/Base unwitting tool of attackers

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

By Jane M. Von Bergen

INQUIRER STAFF WRITER When a C/Base Inc. executive, Andrew Newcomb, first heard about the hackers hitting online giant Yahoo, he e-mailed his colleagues at the e-commerce company's Conshohocken headquarters:

"Did you see what happened to Yahoo? No one's safe," Newcomb said he wrote.

Newcomb understood the problem immediately. The hackers had not pierced security fire walls to steal data from companies such as Yahoo, Amazon.com and ETrade, all of which have been crippled by hacking since Monday. Instead, the hackers used programs to bombard the sites with so many requests for information that it temporarily jammed the sites, bringing them to their knees.

It was all good water-cooler talk - techie, plus sizzle - until Newcomb and his colleagues began to notice intermittent slowdowns on their own systems late Tuesday and early Wednesday during odd periods.

Such slowdowns, which have been caused by the kind of traffic typical just before heavy holiday shopping times, should not have been happening.

"We knew something was up," said Newcomb, director of strategic planning for the company, which operates Webcertificate.com and other sites.

What Newcomb's technical staff discovered was that C/Base was somehow being used as a third-party computer to attack the larger sites. As they examined Web transaction records, oddly repetitive coding raised suspicions.

But because they do not have a large volume of transactions, they were simply able to pluck out the offenders, the way one plucks out a stray gray hair, denying them access before they could clog C/Base's sites and others, too.

Newcomb said that C/Base had not contacted authorities, but staffers at his company were monitoring the situation.

The hackers "are going after everybody, large and small," he said.

As law enforcement agencies were trying to track down the hackers, and computer technical types were hustling to create defenses, retailers and consumers were trying to find out what the news meant to them.

A Macys.com spokeswoman, Diane Pucko, kept the conversation as short as possible within the bounds of politeness. "Macys.com has no problems, and they'd like to keep it that way," Pucko said. "The less attention brought to them, the better."

Waresontheweb.com, a Thorofare, N.J., company that creates and hosts Web sites for retailers, including Philadelphia's Kitchen Kapers, has seen neither problems nor changes in consumer patterns, its marketing director, Stacey Valdez, said.

Yet Valdez said she expected some fallout. "When there is any situation that happens with e-retailing, consumers are going to be cautious, especially when they are just starting to embrace the Internet and put their credit cards online," she said

At iQVC, a West Chester online retailer that does $100 million worth of e-tailing a year, the vice president of operations, Stephen Hamlin, called his security people when he heard the news.

"We talked to our security experts, and there is really not a lot that one can do about this," Hamlin said.

"The first thing to realize is that this was all outside the fire walls," he said. "It can shut down your site and shut down your business, but it's really only an annoyance for your customers.

"The reality is that this is the Internet. It's an open forum, and things like this can happen."

And if consumers are worried, those worries have not translated into a lack of trade at iQVC, Hamlin said. "The last couple of days have been quite strong," he said.

The news reports reinforced the inclination of Terry Hudson, a homemake in Worcester, Montgomery County, to shop, but not buy, on the Web, keeping her purchases and her credit card offline.

Hudson was not swayed by the subtle distinction between a security breach and the simple, yet costly, harassment perpetrated by the hackers.

"You are sending your information into some spot where you have no control over it," she said. "Casual users such as myself don't realize how much information people can get from other people."

A health-care executive, Jonathan Solomon, and his family shopped at Amazon.com about once a week, and he said he was sure that he would shop there again - eventually.

"I'm going to wait and see, and monitor it pretty closely," said Solomon, who lives in Devon. "I guess I'm fairly confident it will be resolved. It seems to be a pretty high priority with the [U.S.] Justice Department."

Newcomb, the C/Base executive, said he was not surprised that hackers went after companies such as Yahoo and eBay. "Now that they have become cultural icons, they've attracted that kind of attention," he said.

"Any time someone grabs that kind of media focus, they become a target of something like this."

http://www.phillynews.com/inquirer/2000/Feb/11/front_page/HACKBAR11.htm



-- Martin Thompson (mthom1927@aol.com), February 11, 2000


Moderation questions? read the FAQ