Hackers Strike Again

Law enforcement officials and security experts scrambled to
keep up with a new slew of hacker attacks on prominent Web sites today.

The Federal Bureau of Investigation scheduled a 2 p.m. press
conference to discuss the series of computer attacks that have
temporarily blocked access in recent days to websites including
Yahoo, eBay, Amazon, CNN.com and Buy.com. The latest sites to fall
victim to the attacks today include ZDNet, and E-Trade, the online
brokerage.

"What is scary about this is as we've become more dependent on
technology and its availability, we become more vulnerable to
any 18-year-old in a garage anywhere in the world," said Mark
Rash, a former federal prosecutor and computer security
consultant at Global Integrity in Reston.

The kind of attack - known as a "distributed denial of service"
attack - does not involve actually breaking into the target
computer system. It more closely resembles piling trash up in
front of the door so that others can't get in.

The standard denial of service strike, which has been used by
hackers against smaller Web sites for several years, involves
flooding the target computer with requests for information,
blocking access for other users. The new twist - distributing
the attack over tens or even hundreds of other computers to
make the same calls in a coordinated torrent, like the mini-
broomsticks in the "Sorcerer's Apprentice" - has proved effective
at bringing down sites that most observers would have believed
to be big enough to handle any amount of traffic.

Jed Pickel, a member of the technical staff at the federally-
funded CERT Coordination Center at Carnegie Mellon University,
said CERT convened a conference last November to discuss the
new threat and to help develop tools to fight it; those programs
are now available on the http://www.cert.org site. Along with
measures that companies can take to shore themselves up
against attack, CERT also offers guidelines aimed at helping
Web sites keep themselves from passing along the bogus messages
that make up such attacks.

"There's not anything you can do to prevent being a victim of this
sort of attack," Pickel said, "but there are things you can do to
plan for it and respond to it."

Fixing systems once an attack has taken place is not especially
difficult, said Monty Mullig, CNN's vice president for Internet
technologies; last night's 7 p.m. attack was beaten back before
9 with cooperation from the company's Internet service provider.
"I'm not saying we're made of steel now," Mullig said. "But we're a
little stronger than we were yesterday."

A spokesman for E-Trade said today its Web site was attacked,
but "customer accounts were never compromised." The company
blunted the attack after about 90 minutes.

ZDNet.com, a popular news site that covers technology, said its
Web site was shut down for two hours early today and also
"appeared to have been the target of a denial-of-service attack."

Reported by Newsbytes.com, http://www.newsbytes.com

16 Responses to Hackers Strike Again

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.