'Zombie attacks': Web crackdown widens
Published: 21 Feb 2000 10:06 GMT
This month's rash of "zombie attacks" on popular Web sites is already resulting in greater cooperation between law-enforcement agencies and the Internet industry, computer security experts said Friday. Like the earlier concerns over the Y2K bug, the attacks on Yahoo!, eBay and other Internet powerhouses have raised public awareness -- and are sparking new ideas about rapid response to security gaps.
Security experts issued the first warnings about the vulnerability, known as distributed denial-of-service attacks or DDoS attacks, months ago. The technique involves breaking into a number of computers and planting programs designed to lay dormant, waiting for the command to attack. When the order is given, the programs focus a hail of data traffic on the targeted Web site, overwhelming the victim.
The first high-profile DDoS attacks came to light last week, temporarily crippling Yahoo! and eBay, CNN.com, Amazon.com and other e-commerce sites. Investigators say the attacks have continued this week, and the tally of victims has reportedly risen to at least 13. Agents are said to be focusing on computer users with the online nicknames "Coolio" and "Mafiaboy".
The federal investigation involves FBI agents in 17 field offices, said Daniel O'Connor, intelligence operations specialist at the National Infrastructure Protection Centre. The operation involves "tracking down a lot of leads, and it is frustrating", he said Friday after a session on cyberterrorism at the annual meeting of the American Association for the Advancement of Science.
The distributed nature of the DDoS strategy means that Internet service providers and law enforcement officials must cooperate to track down the attackers -- and fend off further attacks. "I get a sense that the community has a handle on what's going on," O'Connor said. Other security experts agreed with O'Connor that the latest attacks have raised public awareness about the need for government-industry cooperation.
"The ISPs are energised to look at this," said Gary Gagnon of MITRE, which advises governmental agencies as well as private companies. He said Internet service providers were getting "fed up" with cybervandals who use their servers as launching pads for break-ins in cyberspace.
The federal government has made anti-DDoS tools freely available for downloading by system administrators, and just this week the White House convened a summit on computer security. Gagnon said representatives from more than 200 companies would be meeting next week in Washington in a forum called the Partnership for Critical Infrastructure Protection.
Gagnon said it was critical for businesses to share information quickly about security concerns -- not only about actual break-ins, but also about suspicious activities such as massive port-scanning that could be the prelude to a break-in. He emphasised that rapid response is a key ingredient: "Timely information is many times more important than 'perfect' information... We need to get ahead of the curve, not stay behind the curve."
He noted that the DDoS attack received some attention in the buildup to the Year 2000 rollover, but that some administrators may have let their guard down after a successful Y2K switch. The experts at Friday's session also said the latest attacks may spark new legislative initiatives -- in the United States and abroad -- to make it easier to search through server logs and other online files on Internet time.
Scott Charney of PriceWaterhouseCoopers, a former Justice Department cyber-crime expert, said European countries may have to modify their relatively strict guidelines on data privacy protection. "It's going to put increasing pressure on these countries to investigate these matters in real time," he said.
That could mean having technically literate law-enforcement agents on duty 24 hours a day to respond to Net attacks, he said, as well as building in "a legal regime that allows you to freeze the data" collected by Internet service providers, so that investigators can go back at a later time and retrace the attackers' steps.
What do you think? Tell the Mailroom. And read what others have said.
For full coverage see the Denial of Service Roundup.
Did you find this article useful?
49 out of 104 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
