|myCNN | Video | Audio | Headline News Brief | Free E-mail | Feedback||
Law enforcement asks cyber-community for more vigilance
WASHINGTON (CNN) -- While vowing to use the FBI, military, Secret Service and the intelligence community to find the hackers behind this week's wave of major cyber-attacks, federal law enforcement officials also encouraged the Internet community to toughen its own defenses against hackers.
"We are committed in every way possible to tracking down those responsible, to bringing them to justice and to seeing that the law is enforced," Reno said at an FBI news conference.
Several e-commerce sites, portals and news outlets were hit by the computer attacks that began Monday, leaving them unreachable to the public for hours and flooded with junk data.
"These cyber-assaults have caused millions of Internet users to be denied services," said Reno. She said the motives of the hackers are unknown, but "they appear to be intended to interfere with and disrupt legitimate electronic commerce."
Ronald Dick, who heads computer investigations at the FBI, said it is highly likely that the attacks came from unwitting individuals or businesses whose computers have been compromised.
"Tools by which to launch these attacks have been placed there without their knowledge, and someone at a remote location is controlling those tools to launch attacks against the victims," Dick said.
He said a popular place for cyber-criminals to plant such software was on third-party computers, many of them belonging to Internet service providers, or ISPs. Logs at the ISPs will be crucial to the investigation.
Tools and defensive measures exist that can be used against hackers to minimize damage, Dick said.
"Many of the distributed 'denial of service' tools currently are readily available out there on the Internet," he said. "You can download them, and it doesn't take any particular technical knowledge by which to utilize them."
Dick said prevention, such as implementing security measures, is the key to stopping attacks on computer systems, whether in the private or public sectors. He said it is the responsibility of the entire cyber community because any lapse of computer security by one entity could cause harm to others.
Dick said the FBI's National Infrastructure Protection Center (NIPC) has had multiple reports of computer intruders installing "distributed denial of service (DDOS) tools" on various computer systems. Those tools enable individuals to remotely launch cyber attacks.
Those DDOS tools can be detected by software the NIPC is making available on its Web site at http://www.fbi.gov/nipc/trinoo.htm.
Investigators will be challenged in tracking down the originators of the attacks because many source addresses have been "spoofed" or falsified.
However, Dick said they can ultimately be traced.
"We're running every lead down until we find who did this," he said. Investigators will use electronic surveillance to track back through ISPs and find who was at the keyboard, he said.
Asked if there had been any credible claims of responsibility, Dick said, "None that I'm aware of."
He said the attacks are a violation of federal statutes punishable by a minimum six-month prison sentence for first-time offenders and 10 years for repeat offenders. Criminal fines can range from $250,000 per count up to twice the gross loss of the victim.
The cyber attacks began earlier in the week when Yahoo!, the Internet's most popular site, was jammed with messages beyond its vast capacity to handle them.
On Tuesday, sites such as Amazon.com, Buy.com, and CNN.com were the victims of similar attacks. The attacks continued Wednesday with on-line broker E*Trade being partially blocked along with computer information site ZDNet.com.
Under the onslaught of messages, said Dick, the victim's Internet site simply shuts down until filters can be put in place that turn away the bogus messages.
Dick said a high level of technical sophistication is not necessary to launch such cyber attacks.
"A 15-year-old kid could launch these attacks," he said.
But the search for those responsible likely will go global.
"Historically, this is not just a U.S. issue. Inevitably we wind up overseas, where an unwitting ISP is utilized as a launch pad," Dick said.
Federal Bureau of Investigation - FBI
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.