RealTime IT News

Attacks Cripple Popular Web Sites

Another wave of denial of service attacks hit Internet sites Wednesday, prompting harsh words from top law enforcement officials.

"We are committed in every way possible to tracking down those who were responsible, to bringing them to justice, and to seeing that the law is enforced," said U.S. Attorney General Janet Reno at a media conference Wednesday in Washington, DC.

Reno said the investigation would be a top priority, assisted by specially trained federal prosecutors and the FBI's National Infrastructure Protection Center.

The third day of attacks brought brief outages and degraded service to at least three major sites including brokerage firms E*Trade Group Inc. (EGRP) and privately-held Datek, as well as ZDnet (ZDZ), the technology news service.

Representatives of the sites confirmed that they were hit by an abnormal flood of bogus requests for data, which caused severe restrictions in the bandwidth available to legitimate visitors.

While focused on high-traffic sites, the attacks also affected performance on the Internet as a whole. UUnet, a major backbone provider, reported "routing instabilities" throughout the western United States Tuesday evening, but those problems appeared to be mostly resolved Wednesday.

Previous victims Amazon.com (AMZN), Buy.com (BUYX), CNN.com, eBay (EBAY) and Yahoo! Inc. (YHOO), also appeared to have mostly recovered from the attacks that disrupted their visitors on Tuesday.

FBI investigators didn't disclose details on the precise source and method of the attacks, but officials confirmed speculation by Internet security experts that the floods of requests were being launched from dozens or even hundreds of innocent Web servers with high-bandwidth connections to the Net.

"It's highly likely that the origin of these attacks is not from witting or knowing individuals or businesses. Their systems have been intruded into to launch attacks against the victims," said Ron Dick, chief of the computer investigation and operations section of the FBI's National Infrastructure Protection Center.

These compromised systems, known by experts as "zombies," likely had been previously penetrated by attackers who secretly installed programs to remotely coordinate denial of service attacks. Programs known to be capable of such distributed denial of service attacks include trinoo and Tribal Flood Network.

Elias Levy, chief technology officer of Securityfocus.com, the security information service, said the unwillingness of early victims to share information about the attack and their solutions has created difficulties for other sites.

"Unless a rogue engineer from Yahoo! or eBay comes forward and tells us what really happened, we still don't have much to go on," said Levy.

While Reno vowed the Department of Justice would "take steps to ensure that ecommerce remains a secure place to do business," Dick of the NIPC cautioned that Internet security is a community effort.

"It is not something that can be done by any one organization or federal agency. It is a partnership between all of us, most importantly the private sector. Your security or the lack thereof can cause ha