FBI Opens Investigation to Track Attacks

Over the past two days, the Web sites of Yahoo Inc., Buy.com Inc., CNN.com, ZDnet, ETrade Group Inc. and eBay Inc. have been victimized by massive network-based denial-of-service attacks that made these sites unavailable to legitimate users for about three hours at a stretch. By carefully filtering out Web site traffic, the ISPs (Internet service providers) in each case managed to bring these sites back into normal use. The FBI, which has begun working with the victims to nab the perpetrators, claims the scale of the attacks is unprecedented.

"With the kinds of victims and the sequence of events, this makes it the most we have ever seen," said Ron Dick, chief of the computer investigations and operation section at the National Infrastructure Protection Center, which is housed at the FBI here.

The FBI, which is in close contact with all the victims, as yet has no motive or suspects in the series of attacks that appear to rely on the newer type of denial-of-service tools such as Trin00 or Tribal Flood Network.

Posted out on hacker Web sites for easy download, these tools work by allowing a single attacker to launch multiple SYN floods, pings or other network disruptions by coordinating the attack through hundreds of compromised machines. For the attacker, the trick is to secretly install the denial-of-service attack code on multiple servers. Then at his own desktop, the attacker can remotely command these multiple, compromised machines to attack the target.

The distributed denial-of-service attack code out on the Internet is so simple "a fifteen year-old could use it," Dick says.

The successful shootdowns of Yahoo and other high-profile targets have evoked a vow from U.S. Attorney General Janet Reno to track down the criminals.

"We're not aware of the motives behind these attacks, but they appear to disrupt legitimate e-commerce," said Reno at a press briefing here today. She said specially trained field prosecutors are working with the companies that were the victims.

"We're determined to track (the perpetrator) down and bring them to justice so that the law is enforced," Reno warned.

If convicted of the denial-of-service attacks, the perpetrator faces a five-year prison term for a first offense, a 10-year term if convicted of multiple attacks, and up to US$250,000 per count. The companies that were victimized could also press a civil case against the perpetrators.

Catching the criminals will probably take time, Dick said. "We're collecting all the logs of the victim's sites," he noted. "Historically, this has not just been a U.S. issue. We inevitably end up overseas where an unwitting ISP is involved."

Dick said the FBI will use its own network surveillance methods to track the crime back to its source on the Internet.

But he urged network managers at both enterprise networks and ISPs to check and make sure that their servers have not been compromised by secretly-installed denial-of-service attack code. Tools for making that check are available at the National Infrastructure Protection Center's Web site.

"Tools such as Tribal Flood Network and Trin00 we have seen being installed on various machines around the world," Dick said. "Most likely the origin of these attacks now are the networks of unwitting people. Intruders have placed tools there without their knowledge, and someone else is controlling them."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?