FBI, Industry Scramble to Stop Hack Attacks

Web sites assess their vulnerabilities in the face of cybervandalism.

Cameron Crouch and Tom Mainelli, PC World

• Email
• RSS
• 0 Comments

"We are committed in every way possible to tracking down those who are responsible, to bringing them to justice, and to seeing that the law is enforced," Attorney General Janet Reno told a news conference at FBI headquarters Wednesday.

As the Feds scrambled to find the culprits, Webmasters across the Internet were checking for security holes that would permit attacks and rogue software that lets hackers use their sites as launch pads.

"Out of this will come new measures to strengthen things in the future," says Bill Wilson, president of Arca Systems, a security company that is a subsidiary of major Web-hosting company Exodus.

The attacks started Monday when Yahoo's servers were overloaded by false requests. Attacks followed on eBay, Buy.com, CNN.com, and Amazon. Next to be hit were ZDNet and E-Trade, both attacked early Wednesday.

However, the hacker offensive was set in motion much earlier, with software planted in computers throughout the network, says Sami Ahvenniemi, director of SSH Communications Security. "Hackers got into places like university networks or ISPs and seeded software on those computers. Now they've activated this software."

The intruders might have eavesdropped on passwords or log-ons, Ahvenniemi says. "That can be prevented by encryption."

But Bruce Schneier, president of the Internet securities firm Counterpane Systems, says encryption won't help because of the chain reaction of this kind of attack.

"Basically, the model of the attack is that someone would break into 1000 small sites, install an attack script, and then coordinate attacks against targets," Schneier says. "You might know where's it's coming from but not who."

What's a Site to Do?
Security companies recommend filters and other technology to block certain kinds of access. Unfortunately, that contradicts the very open nature of the Web.

Denials of service aren't new; they've been attempted on a smaller scale. This time, the size and high profile of companies makes them notable, says Wilson of Arca Systems. "The important thing is how companies respond to attacks."

"One can take steps such as hardening the servers," Wilson says. That means checking regularly for obvious weaknesses. It also helps to secure your systems from being used to launch such attacks, he adds.

The recent attacks hit so many servers that people haven't been able to filter them quickly enough, Ahvenniemi says.

Preparedness is key, according to Schneier. "The only thing to do is recognize that the products are inherently flawed, so you need to build processes to deal with them. Yahoo taking three hours to go up again means they weren't prepared."

An Internet company must periodically assess its servers, Wilson says. As companies grow rapidly, they must be careful not to "introduce vulnerabilities when expanding."

The victims of the past week's attacks took reasonable steps to deal with the moment, Wilson says. The whole Web community is learning from the experience.

• Email
• Print
• RSS