FBI Opens Investigation to Track Attacks

Over the past two days, the Web sites of Yahoo Inc., Buy.com Inc., CNN.com, ZDnet, ETrade Group Inc. and eBay Inc. have been victimized by massive network-based denial-of-service attacks that made these sites unavailable to legitimate users for about three hours at a stretch. By carefully filtering out Web site traffic, the ISPs (Internet service providers) in each case managed to bring these sites back into normal use. The FBI, which has begun working with the victims to nab the perpetrators, claims the scale of the attacks is unprecedented.

"With the kinds of victims and the sequence of events, this makes it the most we have ever seen," said Ron Dick, chief of the computer investigations and operation section at the National Infrastructure Protection Center, which is housed at the FBI here.

The FBI, which is in close contact with all the victims, as yet has no motive or suspects in the series of attacks that appear to rely on the newer type of denial-of-service tools such as Trin00 or Tribal Flood Network.

Posted out on hacker Web sites for easy download, these tools work by allowing a single attacker to launch multiple SYN floods, pings or other network disruptions by coordinating the attack through hundreds of compromised machines. For the attacker, the trick is to secretly install the denial-of-service attack code on multiple servers. Then at his own desktop, the attacker can remotely command these multiple, compromised machines to attack the target.

The distributed denial-of-service attack code out on the Internet is so simple "a fifteen year-old could use it," Dick says.

The successful shootdowns of Yahoo and other high-profile targets have evoked a vow from U.S. Attorney General Janet Reno to track down the criminals.

"We're not aware of the motives behind these attacks, but they appear to disrupt legitimate e-commerce," said Reno at a press briefing here today. She said specially trained field prosecutors are working with the companies that were the victims.

"We're determined to track (the perpetrator) down and bring them to justice so that the law is enforced," Reno warned.

If convicted of the denial-of-service attacks, the perpetrator faces a five-year prison term for a first offense, a 10-year term if convicted of multiple attacks, and up to US$250,000 per count. The companies that were victimized could also press a civil case against the perpetrators.

Catching the criminals will probably take time, Dick said. "We're collecting all the logs of the victim's sites," he noted. "Historically, this has not just been a U.S. issue. We inevitably end up overseas where an unwitting ISP is involved."

Dick said the FBI will use its own network surveillance methods to track the crime back to its source on the Internet.

But he urged network managers at both enterprise networks and ISPs to check and make sure that their servers have not been compromised by secretly-installed denial-of-service attack code. Tools for making that check are available at the National Infrastructure Protection Center's Web site.

"Tools such as Tribal Flood Network and Trin00 we have seen being installed on various machines around the world," Dick said. "Most likely the origin of these attacks now are the networks of unwitting people. Intruders have placed tools there without their knowledge, and someone else is controlling them."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

PC World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?