DA,
From the Wall Street Journal Interactive
For ISLD see (my) bold section towards the end
Tech Center
As More Sites Get Hit,
Web Companies Fortify
By NICK WINGFIELD and SCOTT THURM
Staff Reporters of THE WALL STREET JOURNAL
As hacker attacks continued to shut down some of the world's biggest Web sites, Internet companies raced to fortify themselves in a high-tech arms race against a still-invisible foe.
The newest targets included E*Trade Group Inc., the No. 2 online stock brokerage, which was knocked out for a short time early Wednesday morning. An E*Trade spokesman said less than 20% of the brokerage firm's customers were affected by the problems.
Technology-news publisher ZDNet installed traffic monitors on its site Tuesday night after hearing about the initial attacks. But hackers managed to bring down the site Wednesday morning by masking its requests as if they were coming from hundreds of thousands of individual computer addresses. "There was no way to figure it out," said Dan Rosenzweig, chief executive officer of ZDNet. "It's just too easy to do this." MCI WorldCom Inc.'s UUNet division, one of the largest Internet-service providers, said it experienced some slowness in parts of its network as a result of the attacks. Microsoft Corp. said some users of its MSN Web sites experienced disruptions starting Tuesday at about 6 p.m. Pacific time and lasting for several hours.
The Microsoft spokesman said the problems stemmed from attacks on several Internet-service providers who supply wholesale bandwidth to Microsoft. Microsoft was not directly attacked, he said. "We're a target every day," the spokesman said. "But in the last 48 hours, we have not been a direct target."
In addition, About.com Inc. said it experienced collateral damage in Monday's hacker attack against Yahoo! Inc., the first target in the continuing onslaught. Hackers overloaded the computers at Global Center, where both Yahoo and About.com store their Web servers. About.com said its Web site was slow and sometimes unavailable during the three-hour attack. Scott Kurnit, CEO, described the attack as "somebody clogging up the front door so nobody can get through."
In the wake of outages at Yahoo and other big sites throughout Tuesday, the entire Web industry was gripped by fear of becoming the next target. In that climate, any disruption was suspect. For example, there were concerns Wednesday that a second online brokerage, Datek, had been attacked, but the company said its problem was the result of an unrelated technical glitch.
Shooting at the Web's Top Guns
Almost half of the Internet's top stops have been affected in the recent spate of denial-of-service attacks. Sites affected are in bold:
Rank/company Unique
Visitors*
(in millions)
1 AOL Network 53.8
2 Yahoo Sites 42.4
3 Microsoft Sites 40.5
4 Lycos 30.4
5 Excite@Home 27.7
6 Go Network 21.4
7 Amazon 16.6
8 NBC Internet 14.9
9 About.com Sites 12.6
10 Time Warner Online 12.2
11 Real.com Network 11.9
12 AltaVista Sites 11.6
13 Go2Net Network 11.2
14 EBay 10.4
15 CNET 9.7
16 ZDNet Sites 9.6
*December 1999
Source: Media Metrix
Several big Internet stocks fell as investors worried about security problems on the Web. Meanwhile, several companies that sell security software saw their stocks jump.
At BMC Software Inc., senior vice president Robert E. Beauchamp organized a team of engineers at Amazon.com's request to try to adapt its Web-site monitoring software to respond to the hackers' crippling technique, known as "denial of service." Their idea: Use the monitoring software to trigger a program that could re-route the attack to a standby computer where the source of the attack could be isolated and studied, saving the main site from being overwhelmed.
"It's a little early to speculate [on success] until our engineers have more research," said Mr. Beauchamp. He explained that the relatively unsophisticated nature of the attack -- commandeering computers to initiate rapid-fire information requests -- is hard to guard against. "They're not hackers -- it's just click like crazy," he said.
One problem for Web companies: The technology that can fend off the hackers also slows Internet performance. Two available technologies are "filtering," which looks at Internet traffic patterns and sometimes can examine the traffic itself, and switches that distribute traffic from one clogged computer server to others.
Frank Dzubeck, an analyst at market researcher Communications Network Architects, Washington, D.C., said the routers that direct traffic around the Internet can include filtering software that would screen out suspicious traffic. "But you're going to find no one turning on filters in high-end routers, because that would slow them down," Mr. Dzubeck said.
See recent articles about hacker attacks on major Web sites.
Join the discussion: Has the recent wave of denial-of-service attacks done anything to change your view of e-commerce and online trading or the companies in those industries? Do attacks such as these on major Web sites change the way you view the Internet and computing in general?
Web-site operators are reluctant to use the technology, Mr. Dzubeck said, because their value on Wall Street often is linked to how much traffic they attract. "This world is based on clicks and hits," Mr. Dzubeck said.
The same is true for the technique for redistributing traffic. Big Web sites, such as Yahoo, store their information on multiple computers scattered around the globe and are beginning to use technology that directs traffic from overloaded computers to less-busy servers. But this technology is not in widespread use.
Case in point: Buy.com Inc. uses switches from Alteon WebSystems Inc., San Jose, Calif., in its Web site. But the online retailer, which was hit by hackers on Tuesday, had not activated Alteon's technology to redirect Web traffic to other computers. "That's a feature on our switch that you have to pay for and turn on," an Alteon spokesman said. Alteon charges $3,000 per switch, or $18,000 for a Web site with three locations and two switches at each.
By contrast, the spokesman said, this "server-switching" feature allowed Ticketmaster Online-CitySearch Inc. to keep its Web site up last fall when its primary Internet-service provider failed. Of course, it's not as simple as throwing a switch. Before Web-site operators can redirect traffic to other computers, they have to install those computers, duplicate their content and pay for additional network connections.
Digital Island Inc., which "hosts" other companies' Web sites on its computers, says it uses technology to examine Internet traffic coming into its data centers. Even though hackers frequently disguise the source of their traffic, Digital Island says its technology can distinguish between legitimate requests and suspicious traffic designed to shut down a Web site.
Internet traffic is broken down into "packets" of ones and zeros. Legitimate packets "are designed to elicit a response," said Allan Leinwand, Digital Island's chief technology officer. But packets sent as part of hacker attacks typically lack this information. "Knowing the type of packet allows you to make a determination" whether to let it through, Mr. Leinwand. He declined to be more specific, fearing that hackers would use the information to develop new means of attack.
Mr. Leinwand said Digital Island had detected what appeared to be hacker attacks aimed at several of its customers in recent days but had deflected all within minutes. "We're very, very paranoid," he said.
Digital Island hosts the Web site of E*Trade. Mr. Leinwand declined to comment on what happened at E*Trade or whether Digital Island was able to deflect an attack.
Internet security companies said they were flooded with requests from companies seeking new defenses for their sites.
Christopher Klaus, chief technology officer of Internet Security Systems Inc., said the company got calls throughout Wednesday about its software programs, which automatically scan computer networks for security vulnerabilities. The stocks of many prominent security-software companies, including Internet Security Systems, WatchGuard Technologies Inc. and Check Point Software Technologies Ltd., jumped Wednesday as news of the attacks spread.
The hacker attacks could prove to be advantageous for another business: e-commerce insurance. For the past year, a growing list of insurance brokers and insurers have been trying to peddle these policies, which can cost a company from $10,000 to $25,000 per million dollars of coverage. The insurers promise to pay up if hackers or other Internet perils disrupt an insured company's business or expose them to liability losses.
"For the past 48 hours, my phone has been ringing literally off the hook with requests for information" on this insurance coverage, said Ty Sagalow, executive director of e-business product development at New York insurer American International Group Inc.
Write to Nick Wingfield at nick.wingfield@wsj.com and Scott Thurm at scott.thurm@wsj.com |
