FOCUS-Hackers hit more top Web sites
(Updates with CNN Web site failure, paras 4, 8-10)
By Dick Satran
SAN FRANCISCO, Feb 8 (Reuters) - Hackers pulled off a
series of brazen attacks on major Web sites on Tuesday, leading
to shutdowns at Buy.com Inc. <BUYX.O> and eBay Inc. <EBAY.O>
after a similar assault hit Yahoo! Inc. <YHOO.O> the day
before.
The attacks followed the same pattern, with a massive flow
of automated Internet messages landing on the sites and
swamping them with millions of messages, effectively blocking
them to routine traffic. Other sites, too, appeared to be
operating slowly, suggesting even more might have been
targeted.
Late on Tuesday, online retailing giant Amazon.com Inc.
<AMZN.O> also appeared to have fallen victim to an attack,
according to Internet monitoring firm Keynote Systems Inc.
<KEYN.O>.
Hackers also did serious damage to CNN Interactive, which
administers the Web site of Cable News Network, cnn.com,
slowing content flow to a trickle for nearly two hours, a CNN
official said.
Keynote, which tracks Web sites' speed and reliability,
said it noted a sharp drop in Amazon's ability to let customers
into its store and minutes later was able to enter only about
1.5 percent of the times it tried.
"Its inaccessibility looks very similar to what we saw with
Yahoo and eBay and Buy.com," a Keynote spokeswoman said, adding
that the exact cause of the failure was unclear.
Amazon's site appeared to be back up and running normally
about an hour later. Amazon officials were not available for
comment.
CNN Interactive spokeswoman Edna Johnson said hackers
attacked the site from 7 p.m. EST (0000 GMT) until about 8:45
p.m. (0145 GMT on Wednesday).
"We were seriously affected. We were serving content but it
was very inconsistent and very little," Johnson said in a
statement. It was the first attack on the site since it was
launched in August 1995.
By 8:45 p.m., (0145 GMT on Wednesday), the company's
upstream providers had put blocks in place to shield the site
from further attacks.
The Federal Bureau of Investigation in San Francisco met on
Tuesday with Yahoo, the first to be hit. The government has
bolstered its efforts to track down electronic crime on the
Internet since e-commerce turned into a serious driver of the
economy over the past two years.
"We are in a dialogue with Yahoo," a spokeswoman for the
agency said. "I can't comment further right now."
The FBI had no immediate comment on the eBay and Buy.com
situation.
The rapid succession of disruptions on a massive scale
suggests that the same group was behind all of the attacks,
said Chief Technology Officer Elias Levy, of Securityfocus.com,
computer security information service.
"It would be very difficult to assemble this level of
attack so quickly if it were a copycat," said Levy. "That
doesn't mean it couldn't happen. But to generate this level of
traffic requires a lot of machines working together."
By repeating the attacks, the perpetrators were raising the
possibility that they would be apprehended, he said, but
because their attacks could be directed from anywhere in the
world they could be difficult to find.
The incidents have relied mostly on brute force, not
obscure technology, to do damage. The hackers are simply
inundating the commercial Web sites with so much traffic they
can no longer operate. Yahoo's site was pounded with one
gigabit, or one million bits of information, per second, or
about what some sites handle in an entire week, at the height
of Monday's attack.
The data were sent from "zombie" machines taken over by a
single person or group of people from a remote location.
"The problem is to find the command center that's
controlling all of the machines," said Christopher Klaus, chief
technology officer of Internet Security Systems Inc. <ISSX.O>.
"This is a nontrivial problem."
The hackers avoid detection by jumping from one computer
network to another to cover their tracks, and by immediately
erasing any data that might identify them.
Yahoo, the biggest stand-alone Web site and the first to be
hit, was almost completely shut down for over two hours on
Monday, although the company said it expected no financial
impact from the incident.
Yahoo, which generates much of its revenue through
advertising, was able to reschedule ad spots. But since an
estimated 100 million pages would have been viewed during the
two hours the site was down, the company could potentially have
lost as much as $500,000, analysts said.
Yahoo said the attack on its site had been narrowed to 50
Internet addresses, though computer security experts said that
even with that number, it would take time to track any hacker
or hackers with the skill to shut down Internet giant Yahoo.
The attack is called a distributed denial of service
attack, a concerted move to inundate a site from many points.
Since computer programs are used, a single person could launch
the attack, although it seems to be coming from many points.
But investigators need to go behind the target computers to
find the command center that directed the attack and Gordon
predicted an answer would be elusive in the near future.
Buy.com became the second major site hit, as its operations
were shut on what should have been a big day for the Internet
shopping service, which completed a successful initial public
stock offering and saw its stock nearly double in price from
the $13 offer price. It closed at $25.125. EBay later reported
it had been hit by "a coordinated denial of service attack."
Wall Street analysts have shown more tolerance for
companies hit by outside hackers than those whose own systems
have failed or whose data have been corrupted. Yahoo stock was
up despite the raids, gaining $19.125 to stand at $373.125, in
a day of strong trading in Internet issues.
But despite Wall Street's willingness to shrug off the
shutdowns, security experts warned that the industry needed to
deal with the issue or it would continue to disrupt the
emerging e-commerce economy.
"This should remind us that the Internet is fairly new and
fragile," said Securityfocus.com's Levy. "E-commerce is growing
faster than the building blocks underneath the Internet, and we
have to go back and take a look at them."
((Dick Satran, San Francisco office, 415-677-2500))
REUTERS
*** end of story *** |
