|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Internet quiet after three straight days of attacks
Strikes hit E*Trade, ZDNet, eBay, Amazon, others
SAN FRANCISCO (CNN) -- After a three-day string of attacks, there were no confirmed reports Thursday of Web site assaults.
At a Wednesday press conference, the FBI announced a large-scale investigation into the attacks. They are working closely with local field offices to pursue the attacker or attackers.
Ron Dick, chief of investigations for the National Infrastructure Protection Center, said, "We're running every lead down until we find who did this," adding, "At this point in the investigation, anything is possible."
The attacks began earlier in the week when Yahoo!, the Internet's most popular site, was jammed with data beyond its huge capacity to handle it.
On Tuesday, such sites as Amazon.Com, Buy.Com, and CNN.com were the victims of similar attacks. The attacks continued Wednesday with on-line broker E*Trade being partially blocked along with computer information site ZDNet.com.
At present, said Dick, the FBI does not know a motive for the attacks or where they originated. He said FBI agents were working with all the sources available to them -- including private industry and intelligence services -- inside the United States and abroad.
U.S. Attorney General Janet Reno said the NIPC is taking the lead on the case, working with FBI field offices, victims, and the intelligence community.
Reno said the government is "committed to taking steps to ensure that e-commerce remains a secure place to do business."
"We have been well aware that the technology has changed not only how people do business, but how criminals do business, too," Reno said.
E*Trade said it suffered a denial of service attack before the stock market opened Wednesday, lasting a little over an hour.
"At any given time, a minority of investors were impacted, but the majority were able to conduct trades," spokesman Patrick DiChiro told CNNfn.com.
About 70 percent of ZDNet's Internet content, including ZD Network News and ZDNet Product Reviews, was unreachable to users for two hours during the attack on its ZDNet.com address.
"All signs point to this being the same type of denial of service problem that's being experienced by other sites," according to Martha Papalia, spokeswoman for Ziff-Davis.
Internet stock trading company Datek Online also reported problems. At about 9:35 a.m. EST Wednesday, traffic capacity on one ISP used by Datek dropped to about 10 percent of normal levels, according to Brian K. Dorf, associate manager of public relations for the company.
Technicians labeled the incident as a network router failure but are still checking into the possibility that the company was the target of an attack. Users were able to continue trades, Dorf said, by using a different address that took them to other ISPs. No trading information was compromised, Dorf said.
Other targets included retail giant Amazon.com, electronic auction house eBay, discount retailer Buy.com and CNN Interactive, all hit Tuesday, and the portal Yahoo!, hit on Monday.
The denial of service attack, where hackers jam a Web site with useless data that tie up the site's computers, slowed the news site's operations for nearly two hours, CNN.com spokeswoman Edna Johnson said.
"We were seriously affected. We were serving content, but it was very inconsistent and very little," Johnson said in a written statement. "By 8:45 p.m., our upstream providers had put blocks in place that are shielding us, and we are now serving content."
No claims of responsibility
There was no credible claim of responsibility for the attacks. An NIPC spokesman said law enforcement is running down all leads and is prepared for the search to extend worldwide. There are no current suspects.
Officials indicated they plan to prosecute any suspects under Title 18 of the United States Code, which prohibits anyone from knowingly causing damage to a computer involved in interstate commerce or communication. The maximum penalty for multiple counts can be up to 10 years and fines reaching up to double the gross monetary loss to the victim.
The NIPC's Ron Dick stressed the need for community awareness, especially among companies. " You need to keep up to date with your patches and workarounds," he said.
The denial of service tactic used is similar to phone lines being tied up by too many calls, allowing no callers through. At Amazon.com, a premier e-commerce site, spokesman Bill Curry said the site was hit between 8 p.m. and 9 p.m. EST.
"Users who tried to log on to Amazon.com experienced slower load time for Web pages, but Amazon was still able to process orders," he said. "A large amount of junk traffic was directed to our site, resulting in degraded service for an hour."
Buy.com -- which had its initial public offering earlier Tuesday -- was down for about three hours. While the site experienced increased traffic as a result of the IPO, a company spokesman said it was not the cause of the Web site's crash -- hackers were.
Good news for a company coincided with another attack. Just Tuesday, a day before it was hit, Ziff-Davis released a positive earnings statement.
At the hacked eBay, officials said a preliminary investigation shows that users were unable to view certain pages, like those describing items for auction.
Tactic 'difficult to address'
The attacks sent ripples through the Web world.
"This happens by some malicious people writing a computer program that send too, too many requests to a Web site," said Gene Shklar of Keynote Systems, which measures Web site performance.
The attack on CNN Interactive marked the first major hack on the site since it launched in August 1995. Both CNN and CNN Interactive are owned by Time Warner Inc.
"What better Web site to attack than the Web site of the TV network that's doing news about this very occurrence?" Shklar said.
Richard Power, an official of the Computer Security Institute, said tools have been in place "for a while" for hackers to orchestrate such attacks.
"There have been attacks before, but these are the first highly publicized ones," he said. "Denial of service is one of the most difficult challenges in terms of securing the Internet that we face, actually, and it will be one of the most difficult things to address."
Denial of service hackers take on new targets
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.