As hackers choke Internet, authorities start keying in

Flood of messages causes service delays

February 10, 2000|By Mark Ribbing | Mark Ribbing,SUN STAFF

Clarification

In Thursday's editions of The Sun, an article on this week's computer hacker attacks reported that Datek was one of the Web sites affected. Datek officials initially said their site had suffered service disruptions that might have been caused by the hackers. They later said the problems resulted not from the attacks, but from a malfunction at one of Datek's Internet service providers.

Hackers continued to bedevil prominent Internet sites yesterday, flooding them with enough messages to cause temporary but potentially costly service delays. Top national law enforcement officials condemned the attacks and vowed to chase down the cyber-vandals.

The companies hit in the past three days include some of the best known and most popular destinations on the Internet. Disrupted yesterday were news and shopping site ZDNet and two financial sites, E*Trade and Datek. Monday and Tuesday, the online assailants struck retailers eBay, Amazon.com and Buy.com, the CNN news site and the Yahoo! search engine.

ZDNet was down for two hours beginning about 7: 30 yesterday morning. E*Trade said it was affected for more than an hour starting about 8 a.m. Datek's problems were between 9: 30 a.m. and 10: 05 a.m. E*Trade spokesman Patrick DiChiro said fewer than 20 percent of the company's customers were affected by the inundation. "Customer accounts were never compromised," he said.

Such interruptions of electronic commerce take on an increasingly high profile as more Americans use the Internet to shop and conduct business. Attorney General Janet Reno said the attacks "have caused millions of Internet users to be denied services."

"We are committed in every way possible to tracking down those who are responsible," Reno said.

Authorities might have to cast a widenet. Computer hacking, once the province of a relatively small technical elite, can now be undertaken by anyone with Internet access and a stomach for high-stakes mischief.

The method that experts say was used in the hacking is called a "denial of service" attack. Using codes available in some chat rooms, a hacker looks for computers that are vulnerable to invasion and plants a customized piece of software into them. To lessen the chances of detection, the hacker might try to plant the software in computers in different geographical areas.

At the hacker's command, the surreptitiously installed software (which is available on the Internet) will trigger the computers to simultaneously send messages to the targeted Web site.

Sites inundated

The messages typically ask the site to open up for viewing. Because so many computers are sending requests at once, the Web site is inundated and becomes backed up.

"You no longer have to be very technically sophisticated to launch one of these attacks," said Charles Rutstein, a senior analyst at Forrester Research Inc. in Cambridge, Mass. "You used to have to write code yourself. Now you can get it off the Net."

"Denial of service" hacking is not only relatively easy to carry out, but it also hits commercial Web sites where they are most vulnerable. Such sites generally have sophisticated defenses against hacker forays such as breaking into confidential documents. They have a hard time, however, stemming excessive traffic on a site, because traffic is exactly what such sites usually seek.

John Robb, director of Internet consulting company Gomez Advisors Inc. in Lincoln, Mass., said many hackers are motivated by curiosity rather than by malice. Whoever is responsible for this week's incidents will have a hard time eluding law enforcement officials and irate technical-support staffers, he said.

"They're going to get caught. There's no way they're going to survive this. There were too many people affected, too many technical people with egg on their face," Robb said.

Ronald Dick, a computer security expert at the FBI, said the hackers could face sentences of up to five to 10 years and fines of as much as $250,000 or twice the losses of the victim.

The wave of attacks has caused annoyance for some companies but has also had beneficiaries. Designers of anti-hacking technology are suddenly the darlings of the Internet economy. "We're swamped," said Philip Attfield, director of technical marketing at McAfee.com Corp., an online security company based in Santa Clara, Calif.

Attfield said the recent spate of digital trespassing shows the potential harm a determined hacker can cause: "Think of the impact if you were able to sustain an attack like this for a long time," he said.

The stock of Axent Technologies Inc. of Rockville, a Maryland computer security company, shot up $5 to close at $28.25 yesterday.

Axent's director of intrusion detection, Scott Gordon, said hacking has replaced the year 2000 problem as the technological fear of the day. "Now that Y2K has subsided, the resources are being put into e-business initiatives and security efforts," he said.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.