• PC World
• » Security

Cybervandalism Can Be Costly

Those losses are real, security expert Lyle agrees. "Companies need to take this very seriously. There is a lot of money at stake."

Lyle theorizes the action is largely the work of uncoordinated malicious hackers who are engaging in copycat attacks. He says the spoofing technology is available through rogue software tools readily and long available on the Net.

"The thing that is really scary is that this attack is not that hard to do," Lyle adds. "All a hacker has to do is gain access to a couple dozen servers and install their hacking tools."

After surreptitiously installing software on divergent Web servers, an attacker can launch an assault from those servers working in tandem to fire rapid requests to a targeted Web site. This brings a targeted Web site to its knees.

Other Web sites feel side effects, says Eric Siegel, senior Internet consultant, Keynote Systems. He says 40 of the Internet's top Web sites became sluggish as the attacks siphoned off massive amounts of bandwidth. Keynote Systems monitors Web site performance.

"It's like the football game is over and stadium traffic just let out," Siegel says. "No matter what, huge amounts of traffic are going to cause things to slow down."

Keynote Systems reported Web sites such as Microsoft's portal MSN.com, financial site Fidelity.com, The New York Times' Web site nytimes.com, and Compaq's home page were taking twice as long to load because available Internet bandwidth was taxed by the traffic.

A Drag on the Web

FBI investigator Dick compares the attacks to an overload of telephone lines leading to constant busy signals.

"It's very analogous to things that have happened on our telephone systems in the past," Dick says. He adds that the length of the attacks can last for a few minutes to several days.

"At this time, we are not aware of the motives behind these attacks, but they appear to be intended to interfere with and to disrupt legitimate electronic commerce," Reno says.

Despite their effect, the online assaults are not necessarily coming from the mind of a tech wizard. "A 15-year-old kid could launch these attacks," Dick says, adding that the level of sophistication to pull it off is not extremely complex.

Dick urges e-commerce sites and private individuals to be responsible for the security breaches that made the third-party pawns a reality.

"Security on the Internet is a community effort. It is not something that can be done by any one agency," he says, adding, "The key to this is implementing appropriate security measures such that you do not allow your system to be used in some of these attacks."

The activity is causing skittishness at other sites. Datek Online Brokerage Services initially blamed the marauding hackers (or crackers, the term that distinguishes malicious hackers) when it experienced Web site problems Wednesday. Datek representatives later said site problems were related to computer problems with an unidentified Internet service provider.

Allison B. Ebel of Medill News Service contributed to this report.