ad info technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Internet quiet after three straight days of attacks


Strikes hit E*Trade, ZDNet, eBay, Amazon, others

February 10, 2000
Web posted at: 11:45 a.m. EST (1645 GMT)

In this story:

No claims of responsibility

Tactic 'difficult to address'



SAN FRANCISCO (CNN) -- After a three-day string of attacks, there were no confirmed reports Thursday of Web site assaults.

At a Wednesday press conference, the FBI announced a large-scale investigation into the attacks. They are working closely with local field offices to pursue the attacker or attackers.

Ron Dick, chief of investigations for the National Infrastructure Protection Center, said, "We're running every lead down until we find who did this," adding, "At this point in the investigation, anything is possible."

The attacks began earlier in the week when Yahoo!, the Internet's most popular site, was jammed with data beyond its huge capacity to handle it.

On Tuesday, such sites as Amazon.Com, Buy.Com, and were the victims of similar attacks. The attacks continued Wednesday with on-line broker E*Trade being partially blocked along with computer information site

At present, said Dick, the FBI does not know a motive for the attacks or where they originated. He said FBI agents were working with all the sources available to them -- including private industry and intelligence services -- inside the United States and abroad.

U.S. Attorney General Janet Reno said the NIPC is taking the lead on the case, working with FBI field offices, victims, and the intelligence community.

Reno said the government is "committed to taking steps to ensure that e-commerce remains a secure place to do business."

"We have been well aware that the technology has changed not only how people do business, but how criminals do business, too," Reno said.  

VideoCNN's Marsha Walton reports on security measures for securing e-commerce sites.
QuickTime Play
Real 28K 80K
Windows Media 28K 80K

VideoInterview with CNN Technology Correspondent Ann Kellan about how the attacks hardly affect home computers.
QuickTime Play
Real 28K 80K
Windows Media 28K 80K

E*Trade said it suffered a denial of service attack before the stock market opened Wednesday, lasting a little over an hour.

"At any given time, a minority of investors were impacted, but the majority were able to conduct trades," spokesman Patrick DiChiro told

About 70 percent of ZDNet's Internet content, including ZD Network News and ZDNet Product Reviews, was unreachable to users for two hours during the attack on its address.

"All signs point to this being the same type of denial of service problem that's being experienced by other sites," according to Martha Papalia, spokeswoman for Ziff-Davis.

Internet stock trading company Datek Online also reported problems. At about 9:35 a.m. EST Wednesday, traffic capacity on one ISP used by Datek dropped to about 10 percent of normal levels, according to Brian K. Dorf, associate manager of public relations for the company.

Technicians labeled the incident as a network router failure but are still checking into the possibility that the company was the target of an attack. Users were able to continue trades, Dorf said, by using a different address that took them to other ISPs. No trading information was compromised, Dorf said.

Other targets included retail giant, electronic auction house eBay, discount retailer and CNN Interactive, all hit Tuesday, and the portal Yahoo!, hit on Monday.

The denial of service attack, where hackers jam a Web site with useless data that tie up the site's computers, slowed the news site's operations for nearly two hours, spokeswoman Edna Johnson said.

"We were seriously affected. We were serving content, but it was very inconsistent and very little," Johnson said in a written statement. "By 8:45 p.m., our upstream providers had put blocks in place that are shielding us, and we are now serving content."

No claims of responsibility

There was no credible claim of responsibility for the attacks. An NIPC spokesman said law enforcement is running down all leads and is prepared for the search to extend worldwide. There are no current suspects.

Officials indicated they plan to prosecute any suspects under Title 18 of the United States Code, which prohibits anyone from knowingly causing damage to a computer involved in interstate commerce or communication. The maximum penalty for multiple counts can be up to 10 years and fines reaching up to double the gross monetary loss to the victim.

The NIPC's Ron Dick stressed the need for community awareness, especially among companies. " You need to keep up to date with your patches and workarounds," he said.

The denial of service tactic used is similar to phone lines being tied up by too many calls, allowing no callers through. At, a premier e-commerce site, spokesman Bill Curry said the site was hit between 8 p.m. and 9 p.m. EST.

"Users who tried to log on to experienced slower load time for Web pages, but Amazon was still able to process orders," he said. "A large amount of junk traffic was directed to our site, resulting in degraded service for an hour." -- which had its initial public offering earlier Tuesday -- was down for about three hours. While the site experienced increased traffic as a result of the IPO, a company spokesman said it was not the cause of the Web site's crash -- hackers were.

Good news for a company coincided with another attack. Just Tuesday, a day before it was hit, Ziff-Davis released a positive earnings statement.

Background: Denial of Service Attacks

A denial of service attack is a massive stream of information sent to a target with the intention of flooding it until it crashes or can no longer take legitimate traffic. Unlike most other "hacks," it does not involve the attacker gaining access or entry into the targeted server. The information frequently is sent in the form of "pings" -- small packets of data used as a signal between computers. If the pinger lies about its real address, the target computer can't return the ping to make the connection. In that case, the target waits and finally gives up. In great amounts, this can overwhelm a server.
More on denial of service hacking

At the hacked eBay, officials said a preliminary investigation shows that users were unable to view certain pages, like those describing items for auction.

Tactic 'difficult to address'

The attacks sent ripples through the Web world.

"This happens by some malicious people writing a computer program that send too, too many requests to a Web site," said Gene Shklar of Keynote Systems, which measures Web site performance.

The attack on CNN Interactive marked the first major hack on the site since it launched in August 1995. Both CNN and CNN Interactive are owned by Time Warner Inc.

"What better Web site to attack than the Web site of the TV network that's doing news about this very occurrence?" Shklar said.

Richard Power, an official of the Computer Security Institute, said tools have been in place "for a while" for hackers to orchestrate such attacks.

"There have been attacks before, but these are the first highly publicized ones," he said. "Denial of service is one of the most difficult challenges in terms of securing the Internet that we face, actually, and it will be one of the most difficult things to address."

Denial of service hackers take on new targets
February 9, 2000
Cyber-attacks batter Web heavyweights
February 9, 2000
'Immense' network assault takes down Yahoo
February 8, 2000
Legendary computer hacker released from prison
January 21, 2000

RELATED SITES: - The Internet Superstore
Federal Bureau of Investigation
National Infrastructure Protection Center: CyberNotes
HNN - HackerNewsNetwork

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.