Thursday, February 10, 2000
Hackers' latest attacks difficult to stop, trace
BY ANICK JESDANUN
The Associated Press
NEW YORK — This week's electronic assaults on high-profile Web sites direct attention to a type of attack known to security experts for years.
Called “denial of service,” the attack involves flooding a site with so much traffic that legitimate customers cannot get through. Traffic can be a request to access the home page, or it can be blank — an envelope with nothing inside, yet requiring effort to open.
Picture hundreds of pranksters constantly dialing a single telephone number. The recipient might decide to leave the phone off
the hook, blocking all calls. Even if the recipient continues to answer calls, friends trying to dial that number would likely get busy signals because each prank call ties up the line for a few seconds.
Some questions and answers about the cyberattacks:
Question: If these attacks have occurred for years, why are they getting attention now?
Answer: Hackers have become more sophisticated and have developed programs that automate such an attack. The programs essentially direct tens or hundreds of computers around the world to send traffic to a specific site at once. That allows hackers to overwhelm some of the most prominent sites already designed to handle large amounts of traffic. Security experts became aware of the tools last fall. Patrick Taylor, vice president of risk assessment for the Internet Security Systems in Atlanta, said the tools allow “people with lower degree of skills to execute what are sophisticated attacks.”
Q: How can hackers get hundreds of computer administrators to cooperate?
A: They don't. But some of their automated tools find weaknesses in computer systems to plant the damaging program that will remain dormant until the appointed time of attack. If the hackers route the program through someone else's computer, it makes them harder to trace.
Q:. What can sites do to prevent such attacks?
A: Little, according to Mark Zajicek, a team leader at the CERT Coordination Center at Carnegie Mellon University. He said the focus instead must be on increasing security of other computers so that they cannot be commanded to launch such attacks. Once a site is targeted, one recourse is to trace the traffic back to the third-party computers and alert their administrators. The process can take hours.
Q: So why can't sites simply accept traffic only from legitimate customers?
A: Even the process of determining whether traffic is legitimate uses precious computing time. The site's Internet service provider might be able to stop some traffic from reaching the site to begin with, but the traffic comes from various locations and often carries fake return addresses, so it's hard to sort the good from the bad.
Q: Why are these attacks occurring?
A: Attorney General Janet Reno said Wednesday that while a motive has yet to be determined for the attacks, “they appear to be intended to interfere with and disrupt legitimate electronic commerce.” Investigators also have yet to determine whether a single individual is behind all the attacks. But Ms. Reno said, “We are committed in every way possible to tracking those who are responsible.”
Analysts say that after Yahoo! was hit Monday, other sites might have been targeted by copycat hackers. There's no evidence that hackers gained access to the sites' internal data. But Randy Sandone of Argus Systems Group Inc. in Savoy, Ill., warned that denial-of-service attacks might one day be used as a decoy. While security personnel are busy trying to block traffic, a hacker might try to gain access to sensitive data.
Continuing coverage from Associated Press
Area firms work to secure Web sites
Hackers' latest attacks difficult to stop, trace
Tristate tourism set record in '99
Barleycorn's fights ouster
P&G sues competitor over its fabric freshener patents
TRISTATE BUSINESS SUMMARY
COMMERCIAL REAL ESTATE TRANSFERS
TRISTATE MARKET SPOTLIGHT
