Internet Sabotage Frenzy Continues




SAN FRANCISCO -- The sabotage this week against three of the most popular Internet sites in the United States are part of a malicious trend: Software that can disrupt web sites has become so easy to obtain and use - yet so difficult to trace - that attackers can invade public web sites and usually escape without a trace.


On Monday, such an attack on Yahoo blocked millions of Internet users for three hours from the most popular site on the World Wide Web.


Similar attacks Tuesday hit two other major web sites. Web retailer, Buy.com, was inaccessible for about three hours - embarrassingly, the same day of the company's initial public stock offering.


And eBay, the leading online auctioneer, suffered an attack that disabled some of the background information portions of its site and blocked access for some users.


And as e-commerce becomes more central to our economy, such attacks could grow from a major inconvenience to a potentially crippling risk to the economy, experts say.


"The tools [for such attacks] are widely available for free on the web. Anyone can download them," said Richard Power, editorial director of the Computer Security Institute in San Francisco.


Shutting down even a major web site "is a lot less demanding than it used to be," he added.


"When somebody really bright figures out how to do something really nasty, they [post it], and the next person doesn't need a similar level of expertise."


Yahoo, Buy.com and eBay were struck by a well-known tactic called "distributed denial of service attack," or an avalanche of simultaneous bogus requests for service.


In Yahoo's case, the saboteurs instructed at least 50 different Internet sources - each of which could be connected to vast computer networks - and turned them into the computer equivalent of "zombies."


Unlike a computer virus - which can invade computer files - or a hacker seeking corporate secrets, in this case the attack bombarded Yahoo's web site and blocked off legitimate users.


Of 520 large corporations and government agencies surveyed by Power's group last year, 129 reported experiencing such attacks. And that number is sharply rising, according to preliminary data in the current year's survey. Institutions experiencing severe attacks on their web sites in the last two years include major universities, National Aeronautics and Space Administration and the U.S. Navy.


But the successful attack on Yahoo - which experiences several such episodes on a far smaller scale every year - holds symbolic significance.


"It's a shame for the industry, because we think our service is the best or one of the best for taking all precautions," said Jeff Mallett, Yahoo's president and chief operating officer.


"Can we guarantee that this isn't going to happen again? Unfortunately not."


Hackers can sometimes be caught if they operate from one specific point on a network.


In contrast, attacks such as the one that shut down Yahoo are nearly impossible to prevent and difficult to trace because they are coming from disparate locations.


Yahoo is working with the FBI to discover who mounted the attack.


"We're not going to be a wallflower on this," Mallett said.


"We need to send a message on behalf of the entire industry that this kind of behavior won't be tolerated," he said


But the prospects of finding the perpetrator are slim, experts say, because it would require cooperation and detailed research by dozens of service providers whose systems may have been exploited by the attacker.


Some computer experts believe Yahoo-like attacks will become more common as high-speed Internet connections, such as those provided over cable television lines, become prevalent. Computers using such high-speed networks are always switched on, are always connected to the network and so are subject to being hijacked by hackers, especially if they are not protected by security software.


"We've made a lot of progress in computer security in the last few years, but these problems ... remain incredibly frustrating," said Doug Tygar, a professor of computer science at the University of California, Berkeley.


Part of the difficulty, he said, derives from the rapidly changing nature of the threat.


Unlike, say, a home security alarm system that remains reliable one year to the next, new invasion schemes crop up regularly, meaning security software requires continual improvement.


Eventually, these attacks could become less common if businesses and individuals with high-speed Internet links install fire walls - software or hardware that prevents unauthorized access to slow Yahoo-style attacks.


Security software is not foolproof, but just as a home-alarm system scares off burglars, it prompts most hackers to move on to an easier target.


"These attacks really point out that your security on the Internet depends on other people's security," said Jed Pickel, a security expert with the Computer Emergency Response Team at Carnegie Mellon University.


"This points out the need for collaboration between sites to solve these problems."