Click Here
ad info
Click Here

Video of the Day
Flying or driving? Which one is riskier? Find out what our survey says.

Watch more CNN VIDEO
CNN.com U.S. News
myCNN | Video | Audio | Headline News Brief | Free E-mail | Feedback


Search




U.S.
TOP STORIES

FAA to order emergency inspections of all MD-80 series aircraft

Forbes turns out the lights on his five-year campaign

Workers hurt at Philadelphia construction site

Law enforcement asks cyber-community for more vigilance

House to vote Thursday on marriage tax provision

Oil prices holding high, for now

(MORE)

TOP STORIES

FAA to order emergency inspections of all MD-80 series aircraft

FBI agents in several states on trail of hackers; probe could extend overseas

Forbes turns out the lights on his five-year campaign

Nasdaq posts record high; Dow closes down

(MORE)
SPORTS

WEATHER

Enter your U.S. Zip:

Click here for U.S. States or world cities
WORLD

POLITICS

TECHNOLOGY

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE

BOOKS



(MORE HEADLINES)
* U.S.
MULTIMEDIA:
DISCUSSION:
CNN WEB SITES:
CNN Websites
FASTER ACCESS:
TIME INC. SITES:
CNN NETWORKS:
Networks image
SITE INFO:
WEB SERVICES:







Hackers - Insurgency on the Internet
Main Page | Bracing for Cyberwar | Hacking Primer | Scenes from the 'Hacker Underground' | Hacking: Two Viewpoints | Timeline | Gallery | News Archive | Discussion | Related Sites

FBI agents focus on university, business computers as cyber-attack launch pads

hacker

February 11, 2000
Web posted at: 7:48 a.m. EST (1248 GMT)


In this story:

Investigation scope

Motive still unknown

Y2K daemons?

More vigilance catching intrusions

Pentagon checking its computers

RELATED STORIES, SITES icon



WASHINGTON (CNN) -- The FBI is pursuing leads that a series of attacks on popular computer Web sites was launched from high-capacity computer systems at a university or at businesses. Officials believe the school or businesses were an unwitting launch pad for the string of attacks.

According to government sources, the attackers infected those computer systems with denial of service programs.

VIDEO
VideoCNN's Marsha Walton reports on security measures for securing e-commerce sites.
QuickTime Play
Real 28K 80K
Windows Media 28K 80K

VideoJustice Correspondent Pierre Thomas reports on the investigation into the Web site attacks. (February 10)
Real 28K 80K
Windows Media 28K 80K
 
  RESOURCES
 
ALSO
 
MESSAGE BOARD
 

Those programs in turn forced the university or business systems to send out millions of messages aimed at overloading the targeted Web sites.

Investigation scope

The massive federal investigation into this week's string of cyber attacks may extend overseas, Justice Department officials say.

Deputy Attorney General Eric Holder said there is "no indication at this point that we are looking at anything that comes from outside the country, though there have been previous, similar attacks that have been launched from outside the country, so that is a possibility we'll certainly have to consider."

Senior officials said the multistate investigation now includes major efforts by FBI field offices in four states, and involves "countless numbers" of agents in several others.

Motive still unknown

"These are people who are criminals," Holder told reporters at a Justice Department briefing Thursday.

"The collective loss, and the cost to respond to these kinds of attacks, can run into the tens of millions of dollars or more."

On Wednesday, online brokerage E-Trade Group and technology news site ZDNet became the latest victims. Their sites were knocked out for more than an hour.

The attacks began Monday against Yahoo!, the largest independent Web site. They spread Tuesday to CNN.com and leading retailers Buy.com, eBay and Amazon.com.

The cyber bandits have been quick to exploit technology even as U.S. government investigators become more computer savvy.

"We need additional people," said Holder. "We need additional forensic capabilities. This is, as everybody understands, a fast-changing area."

It's both fast changing and potentially devastating to Internet commerce.

The Clinton administration is asking Congress to increase funding for the Justice Department's anti-cybercrime efforts by more than a third -- from roughly $100 million to $137 million.

Holder said investigators inside and outside the government were working together in a complex effort to track down the hackers. He said that while authorities do not yet know the motive of those responsible, officials consider the matter "very serious" and that the Justice Department may have to consider increasing penalties for cyber-criminals.

A senior Justice Department official involved in the probe said it's likely the hacker or hackers who clogged several popular Internet sites used "dozens or even hundreds" of computers to launch the attacks.

The official, asking not to be identified, said after officials discovered certain "distributed denial of service" tools in December, a warning was sent out.

Information:

The FBI asks that any suspected criminal activity be reported to the NIPC Watch and Warning Unit (202) 323-3204/3205/3206 or nipc.watch@fbi.gov
FBI's recommended steps for victims of illegal computer intrusion:

  • Respond quickly to greatly reduce potential damage and monetary losses.

  • Consider activating Caller ID on inbound lines.

  • Have pre-established points of contact for the general counsel, emergency response personnel, law enforcement, etc.

  • Appoint one person to handle potential evidence. Establish a chain-of-custody.

  • Do not "duel" with the hacker. This typically invites more attacks.

  • Do not use your network's E-mail functions to discuss the incident. The mail server may have been compromised.

  • If you reside within the Washington, D.C. Metropolitan area, contact the WFO IPCIS.

Y2K daemons?

The official said these tools, called daemons, can be planted on hundreds of innocent third-party computers, and await a command issued much later from a remote location to launch attacks on a single target.

The official refused to comment on whether the daemons found in the intensive preparations to guard against Y2K problems were involved in the current attacks.

A Senate leader who has conducted a series of hearings on countering the cyber threat issued a statement Thursday saying the government had failed to be prepared for such cyber attacks, and he promised additional hearings. "Efforts to protect critical computer networks have unfortunately not kept pace with the march of technology," said Sen. Jon Kyl, R-Arizona.

"I have been a firm believer that it was always a question of when, not if, our vulnerabilities would be exploited by someone with malicious intent," Kyl said. "The events of the last three days confirm that view."

More vigilance catching intrusions

One positive development from the attacks is that some network administrators are being extra careful about checking possible intrusions.

The Los Angeles Times Web site, latimes.com, received a warning from its Internet service provider, GTE Internetworking, that there had been several attacks against the ISP and urged its customers to be more vigilant.

On Wednesday morning, engineers discovered that one of the latimes.com servers was running a "little abnormally," according to Dan Royal, operations manager for the site.

They found that someone had entered the server from the outside and placed an "Internet relay chat" program that took up so much bandwidth as to create a disturbance. The incident had no effect on users.

"It caused no damage, other than a whole lot of people pulling their hair out," Royal said.

Pentagon checking its computers

Pentagon officials stressed the military has not been hit by the denial of service attacks and said there's nothing to indicate the systems have been compromised.

"We've been watching with great interest," said Rear Adm. Craig Quigley at Thursday's Pentagon briefing. "We need to be aware of potential hacking into the DOD computer system and be able to defend against some of those attacks."

The Defense Department is putting out a message to its computer network administrators to check the hard drive systems.

Quigley said the Pentagon wants "to see if someone has planted some of this denial of service tools on the drives of Defense Department computers." The spokesman said the check is to make sure the Pentagon's computers could not have unwittingly been a part of the denial of service regime that's being used to clobber some of the other servers."

Pentagon computers were updated and prepared for any Y2K rollover glitches in a $3.6 billion fix over 18 months leading up to January 1.

There was no estimate on how long the new checks would take, but the spokesman said Pentagon officials will be on their toes and aware of what's happening.

The Defense Department is the federal government's single biggest user of computers. "We have no reason to suspect that any of our systems are in fact involved in this, but we're also not sure until we check."

Justice Department Correspondent Pierre Thomas, Producer Terry Frieden, Pentagon Producer Jim Barnett, Technology Editor Ian Hopper and Reuters contributed to this report.



RELATED STORIES:
Government sees cyber-attacks as disruption of commerce
February 9, 2000
Justice Department wants more funds to fight cyber crime
February 9, 2000
Brazilian police arrest two hackers accused of diverting millions
February 8, 2000
DVD and the digital copyright act
February 4, 2000
CERT warns of malicious code on Web sites
February 4, 2000
Legendary computer hacker released from prison
January 21, 2000

RELATED SITES:
Federal Bureau of Investigation - FBI
  • Washington Field Office Infrastructure Protection and Computer Intrusion Squad
  • National Infrastructure Protection Center Information; TRINOO/Tribal Flood Net
National Infrastructure Protection Center


Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Search


Back to the top 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.