Attacks Cripple Popular Web Sites

Another wave of denial of service attacks hit Internet sites Wednesday,
prompting harsh words from top law enforcement officials.

“We are committed in every way possible to tracking down those who were
responsible, to bringing them to justice, and to seeing that the law is
enforced,” said U.S. Attorney General Janet Reno at a media conference
Wednesday in Washington, DC.

Reno said the investigation would be a top
priority, assisted by specially trained federal prosecutors and the FBI’s
National Infrastructure Protection Center.

The third day of attacks brought brief outages and degraded service to at
least three major sites including brokerage firms E*Trade Group Inc. (EGRP) and privately-held Datek, as well
as ZDnet (ZDZ), the technology news service.

Representatives of the sites
confirmed that they were hit by an abnormal flood of bogus requests for
data, which caused severe restrictions in the bandwidth available to
legitimate visitors.

While focused on high-traffic sites, the attacks also affected performance
on the Internet as a whole. UUnet, a major backbone provider, reported
“routing instabilities” throughout the western United States Tuesday
evening, but those problems appeared to be mostly resolved Wednesday.

Previous victims Amazon.com (AMZN), Buy.com (BUYX), CNN.com, eBay (EBAY) and Yahoo! Inc. (YHOO), also appeared to
have mostly recovered from the attacks that disrupted their visitors on
Tuesday.

FBI investigators didn’t disclose details on the precise source and method
of the attacks, but officials confirmed speculation by Internet security
experts that the floods of requests were being launched from dozens or even
hundreds of innocent Web servers with high-bandwidth connections to the Net.

“It’s highly likely that the origin of these attacks is not from witting or
knowing individuals or businesses. Their systems have been intruded into to
launch attacks against the victims,” said Ron Dick, chief of the computer
investigation and operations section of the FBI’s National Infrastructure
Protection Center.

These compromised systems, known by experts as “zombies,” likely had been
previously penetrated by attackers who secretly installed programs to
remotely coordinate denial of service attacks. Programs known to be capable
of such distributed denial of service attacks include trinoo and Tribal
Flood Network.

Elias Levy, chief technology officer of Securityfocus.com, the security
information service, said the unwillingness of early victims to share
information about the attack and their solutions has created difficulties
for other sites.

“Unless a rogue engineer from Yahoo! or eBay comes forward and tells us what
really happened, we still don’t have much to go on,” said Levy.

While Reno vowed the Department of Justice would “take steps to ensure that
ecommerce remains a secure place to do business,” Dick of the NIPC cautioned
that Internet security is a community effort.

“It is not something that can be done by any one organization or federal
agency. It is a partnership between all of us, most importantly the private
sector. Your security or the lack thereof can cause ha

rm to others,” Dick said.

FBI officials gave no indication that they have any suspects. Nor have any
groups or individuals yet come forward to claim responsibility for the
attacks.