Internet Attacks Continue Here and Abroad : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Internet Attacks Continue Here and Abroad; Agents Fear Copycats

8:48 a.m. ET (1348 GMT) February 18, 2000 By Michael J. Sniffen WASHINGTON  The Internet attacks originally aimed at e-commerce sites are continuing this week and even cropping up abroad, so federal investigators are looking into whether copycats are targeting less well-known Web sites.

Newly opened FBI computer-hacking investigations have quadrupled since the first attack at Yahoo! on Feb. 7. Some attacks, not noticed by the public and not identified by the FBI, have continued into this week, and no one knows if they have ended, FBI spokeswoman Debbie Weierman said Thursday. And attacks have cropped up abroad, said one federal investigator, who requested anonymity.

As of Feb. 9, the FBI had opened four new investigations of these so-called distributed denial of service attacks. Now the total is "more than 17 new investigations, including more than 13 where the victim suffered a distributed denial of service attack," Weierman said Thursday. Only eight of the more than 13 have been identified publicly.

Four investigations involve the placing of denial of service tools, known as daemons, on middleman computers that can later be remotely ordered to attack a victim site, Weierman said. Hiding these daemons on unwitting host computers is a key step in mounting distributed denial of service attacks.

"The possibility of copycats is out there, as are other theories, with these piggyback incidents," she said.

At first, the close timing suggested the attacks were launched by the same person or people. As the attacks continued, investigators began actively looking into the copycat theory, according to other federal law enforcement officials, who requested anonymity.

FBI agents are girding for a painstaking, time-consuming investigation but hoping an unexpected quick break might lead to an arrest to discourage other copycats, one federal law enforcement official said.

Investigators won't reveal the patterns they have found in the logs of target and middleman computers that lead them to suspect some copycats are at work since such large, frequently used electronic commerce sites like eBay and were attacked last week. But one factor that contributes to the theory is the use of more than one type of tool to mount the attacks.

Without saying when they have been employed, FBI Director Louis Freeh has identified three such tools: TFN for Tribal Flood Net, trinoo and stracel draht. Some can be downloaded free from Internet sites.

The coordinated denial of service attacks are known to have overwhelmed eight Web sites  those run by Yahoo!, eBay,, CNN, ZDNet, Buy.Com, ETrade and Excite.

The identities of more than five other victims are not public. And those attacks were not noticed by the public.

The FBI opens an investigation after a victim complains and bureau agents find some evidence of crime in a preliminary analysis. Weierman declined to disclose the identities of all the victims "to preserve the integrity of the investigation."

Other federal law enforcement officials said some victim companies want their names withheld to protect their reputations or for fear of losing public confidence or seeing their stock price drop.

The Feb. 7 attack on Yahoo! was acknowledged by the company hours later  after reporters asked if attacks brought the site down. Many of the other victim Web sites were originally identified by Keynote Systems Inc., which monitors the performance of major e-commerce sites. Excite, hit the night of Feb. 9, didn't disclose it until Feb. 11.

Investigators say that dozens, even hundreds, of middlemen computers, known as zombie computers, have been unwittingly used in past distributed denial of service attacks. So far, only three are known to have been used in the current attacks: a computer at the University of California, Santa Barbara; a router at Stanford University; and a home business computer in the Portland, Ore., area.

Attorney General Janet Reno said Thursday that "to date, there has been such good cooperation between the private sector, other federal agencies and the FBI."

Reno said she would soon ask Congress to toughen laws governing cybercrime. But she stopped short of fully endorsing Freeh's suggestion that officials consider extending the federal racketeering statute, designed with heavy penalties to fight organized crime, to cover multiple, large-loss computer attacks by groups of people.

"I think we should review what remedies are available, what we need in addition to current remedies," Reno said.

-- Martin Thompson (, February 18, 2000

Moderation questions? read the FAQ