- The Washington Times - Thursday, February 10, 2000

Cyber-attackers struck three additional Web sites yesterday, extending a string of debilitating assaults against some of the nation's most popular Web sites.
Companies scrambled to take security measures, federal investigators set out to track down vandals and key stock market indexes dropped as investors evaluated the threat to Internet businesses.
Attorney General Janet Reno said federal investigators are starting a criminal investigation and they are doing all they can to track down the attackers, even though officials said they have no suspects.
"We are following every lead that we have out there," said Ronald Dick, chief of computer investigations at the federal government's National Infrastructure Protection Center (NIPC). "Until you get to that keyboard that is being utilized, you don't know who you are dealing with."
But Mr. Dick said there is little the federal government can do to anticipate which Web site will be victimized next or to determine from where the attacks are originating.
Federal officials said no one has taken responsibility for the attacks, but sources say the federal government has received an 18-page letter from a group claiming responsibility. Mr. Dick declined to comment on the letter.
Uncertainty about the scope and significance of the cyber-attacks contributed to a 258.44-point slide in the Dow Jones Industrial Average and halted a string of three consecutive record-high closes of the technology-laden Nasdaq Composite Index.
Web sites struck yesterday included ZDNet, a Web site with technology information, and on-line brokerages run by E-Trade and Datek Online Brokerage Services.
The new attacks bombard Web sites with traffic, effectively making them unavailable to normal Internet traffic.
The attacks extended the total number of assaults this week to eight as companies scrambled to mount a defense.
"I think everyone is on heightened alert," said Rob Clyde, general manager of Axent Technologies Inc., a Rockville, Md., computer security company.
But there is little that companies can do to protect themselves against the new strain of distributed "denial-of-service" attacks that use hundreds or thousands of computers to tie up Web sites, computer security experts said.
Many Web sites were slow yesterday, Mr. Clyde said, leading to speculation that attackers were clogging more sites than those that reported having problems.
Federal officials said anyone caught attacking Web sites faces a maximum penalty of 5 to 10 years in jail and a fine of up to $250,000.
Mr. Dick urged companies with personal computers and home PC users to take steps to secure their systems because they could be used in the attacks.
Computers with always-on connections either high-speed cable modems or dedicated subscriber lines are vulnerable to attackers who install malicious software that lets them control the computers on command, said Ben Venzke, editor of intelligence services at Alexandria, Va.-based computer security firm Infrastructure Defense Inc.
The NIPC developed a tool available at the agency's Web site at www.nipc.gov to let computer users determine whether their computers have been comandeered to tie up a Web site on command.
That could help reduce attacks by preventing an attacker from using a zombie computer to stage an attack like those carried out so far this week, Mr. Dick said.
Mr. Clyde said companies were busy yesterday installing filters to try to identify unwanted Web traffic and increasing bandwidth or capacity in case an attack began clogging their networks. Companies scanned networks to see if PCs that could connect to their Web sites had the malicious software on it that commands it to send data to a site.
Those counter measures aren't always helpful because the new type of denial-of-service attack mimics valid requests for information, said Amit Yoran, president of RIPTech Inc., a computer security firm in Alexandria.
"Down the road, there will be ways to protect ourselves from this. Right now, there isn't much we can do [to prevent an attack]," Mr. Yoran said.
ZDNet was attacked at about 7:30 a.m. EST yesterday and its network remained clogged for about two hours. The attack made about 70 percent of its content inaccessible.
E-Trade was attacked before 6 a.m. when it experienced huge demand for connections to its site, and it remained inaccessible until about 10:15 a.m.
Datek suffered an attack at Datek.com at about 9:30 a.m. that lasted until 10:05 a.m., the company said.
Yahoo Inc.'s Web site was attacked Monday. Web sites that are run by E-Bay Inc., Amazon.com Inc., Buy.com Inc. and CNN.com were attacked Tuesday.
Tim Belcher, chief technology officer at RIPTech, said it's not clear why the attacks are happening now.
Distributed denial-of-service tools to conduct attacks like those occurring this week have been around for more than a year. A Belgian Internet service provider was attacked last year, Mr. Becker said.
"I can only assume it's happening again because someone wants the publicity," Mr. Belcher said.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide