 |
|
 | technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
Hacker hunters follow lead to Germany
Web site attackers exploited Stanford computers
| ||||
In this story: High capacity computers fooled by vandals Network engineer there in minutes Firewall is first line of defense 'Lots of computers were vulnerable' RELATED STORIES, SITES 
|
BERLIN (CNN) -- Cyber detectives tracking hackers who launched an electronic offensive on several top Web sites have followed a lead to Germany.
A program called "Stacheldraht" (Barbed Wire) was used to carry out the attacks -- and whoever ran the program used its German name, a report in Die Welt newspaper said.
| |||||||||||||||||||||
The FBI-led National Infastructure Protection Center is working on a theory that the Internet vandal responsible for Tuesday's attacks may be based somewhere in Germany.
U.S. President Bill Clinton has called a summit on Internet security for next week.
High capacity computers fooled by vandals
Computers at a remote marine research campus operated by Stanford University near Monterey, California, were among those fooled on Tuesday into helping hackers attack some of the Internet's most heavily used sites, the head of Stanford's computer security department says.
Stephen Hansen, head of computer security at the school, said about 50 Stanford computers were fooled into helping route the denial of service attacks on Web sites, including eBay.com, CNN.com, Amazon.com, Buy.com and Yahoo!
Such computers are sometimes called "zombie" computers. In a denial of service attack, they send commands to high capacity computers that flood the affected Web site with millions of messages, blocking access to would-be users.
This kind of hack floods a Web site with so many requests it can't cope. Sources told CNN that Yahoo! was hammered with requests at one gigabyte per second.
That is similar to 104 million people dialing one company's phone lines at once.
Network engineer there in minutes
Hansen said, "Within minutes we had a network engineer there. He went into the configuration and said 'OK, turn that off, don't allow them to do that anymore.'
"Any time from that point on, any of those packets that arrived were ignored. I'm glad we were able to find it quickly and were able to deal with it in short order."
Universities can be sitting ducks to these attacks, since schools want professors, researchers and students to have easy access to computers to share research and swap information.
Stanford joins the University of California at Santa Barbara as victims of the high-tech hijackings, in which the zombie computers are enslaved to the command of hackers.
Kevin Schmidt, the UCSB campus network programmer, said, "If you go to a university, you have many different constituent groups. You've got research groups, you've got people here for one year, you've got visiting research faculty."
Firewall is first line of defense
The first defense against hackers is a software block called a firewall -- but that may also keep out the very people for whom the system is intended.
One of the Internet's original uses was to link scholars around the world easily. Research projects at universities typically make it difficult to implement an effective firewall, since a large number of openings are needed for people to go through.
The recent spate of attacks may force universities to choose between academic freedom and system security.
'Lots of computers were vulnerable'
Sources told CNN the denial of service hacks were not sophisticated. They were done using ready-made programs. The hope is that with so many attacks, one of them is bound to leave traces.
Tribal Village (TFN) and Trinoo are two of the programs that experts say are Internet time bombs -- ones used to jam the highly used sites.
Allison Taylor, of Network Associates, said, "They're roadmaps for people to copy from, and then you have copycat attacks over and over and over."
Taylor added, "We've found them in several places. They're prepackaged. The hacker downloads and hacks the program into a number of unsuspecting computers.
"For this attack to happen on all these companies there had to be lots of computers out there that were vulnerable."
RELATED STORIES:
Consulting firm says its server was used to attack AOL
February 11, 2000
FBI agents focus on university, business computers as cyber-attack launch pads
February 10, 2000
Denial of service hackers take on new targets
February 9, 2000
Cyber-attacks batter Web heavyweights
February 9, 2000
'Immense' network assault takes down Yahoo
February 8, 2000
Legendary computer hacker released from prison
January 21, 2000
RELATED SITES:
Stanford University
Federal Bureau of Investigation
National Infrastructure Protection Center: CyberNotes
HNN - HackerNewsNetwork
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.