FBI leads cyber-vandal hunt

Janet Reno launches a full-scale campaign to nab the cyber criminals. Good luck, say experts, who caution this may be akin to searching for a needle in a haystack
Written by Jennifer Mack, Contributor and  Robert Lemos, Contributor

The FBI has launched a full-scale criminal investigation to apprehend the vandals who crippled at least eight Web sites in a series of cyber attacks over the last three days.

Law enforcement officials are in the process of collecting and analyzing logs from the sites targeted by attacks -- including eBay, Buy.com, Yahoo!, Amazon.com, CNN.com, MSN, E*Trade and ZDNet. But during a news conference on Wednesday, authorities were tight-lipped about whether they were any closer to solving the case than they were Tuesday.

"At this time we're not aware of the motives of these attacks, but they look to be intended to disrupt electronic commerce," said Attorney General Janet Reno.

Reno, who declared that "preventing cybercrime is one of our top priorities," added that the FBI is working with local authorities and the companies involved in the attacks to locate the perpetrators.

Meanwhile, the attacks caused tremors from Silicon Valley to Wall Street as a perception of vulnerability about electronic security contributed to a mighty tech sell-off in the stock market with rattled investors momentarily losing their bullishness about e-commerce companies.

The attacks began Monday against Yahoo!, the largest independent Web site, then spread Tuesday to leading retailers Buy.com, eBay, Amazon.com, Time Warner's CNN.com news site and Microsoft's MSN.com portal. Early Wednesday morning E*Trade and ZDNet were also attacked.

The rapidity and wide-ranging nature of the Denial of Service attacks exposed the soft underbelly of e-commerce -- the fact that there's no such thing as bulletproof security. It also led several security experts to warn that future attacks may be impossible to prevent.

It appears the sites were all targeted by coordinated, distributed Denial of Service attacks -- a technique in which attackers use a great number of compromised servers to flood a target with data. This type of attack takes only limited technical expertise and can be difficult to stop.

"Denial of Service is becoming more sophisticated," according to a "white-hat hacker" working for security firm @Stake who identifies himself as Weld Pond. "The problem is not going away."

Microsoft's MSN.com portal is the latest company added to the Denial of Service hit list. According to company spokesman Tom Pilla, a Microsoft partner that hosts MSN.com was hit at 6 p.m. PST Tuesday by Denial of Service attacks that continued into Wednesday morning.

Pilla declined to name the partner but added that he believes that full service has been restored. "One partner who provided services experienced a Denial of Service attack," Pilla said. "There was not widespread impact for MSN. Some MSN customers experienced problems, but not a continuous outage."

On Wednesday morning, online brokerage E*Trade told CNBC that it was the subject of an attack, but only a small percentage of customers were affected. The company said it had successfully redirected the attack. Brokerage Datek denied reports that a 30-minute outage Wednesday morning was caused by an attack.

ZDNet was offline for two hours starting at 4:30 a.m. PST Wednesday because of a Denial of Service attack. And users have reported sporadic problems accessing America Online on Wednesday, but a spokeswoman said she did not believe AOL had been attacked.

FBI: Locating suspects

In the news conference hosted by Reno, Ronald Dick, section chief of the National Infrastructure Protection Centre, emphasised the Internet community's responsibility to work together with authorities to determine the source of the attacks.

Dick said much of the "false" traffic used to bring down sites is being routed through unaware third parties who failed to implement appropriate security precautions.

From there, he said, "it's not unlike when you investigate a bank robbery. You ID where the subject was and follow them back to where they are."

The FBI has not ruled out the possibility that some of the attacks may have come from "copycats" or that the attacks may have originated outside the United States. At this point, Dick said, FBI agents are "following every lead we have out there" and the bureau will bring on "as many agents as it takes" to the case. The attacks could be a coordinated form of cyber-terrorism, or it could originate from a much more benign source.

"A 15-year-old kid could launch these attacks," he said. "This is not something that takes a great deal of sophistication."

If convicted under the Computer Fraud and Abuse Act, a first-time offender faces a maximum penalty of five years in jail and a minimum of six months. A repeat offender could go to jail for 10 years. Fines for the crime can be as much as $250,000 (£152,000) per count or, if the damage is more than that, damages can be awarded that are twice the gross loss to the victims. Civil charges can be filed as well.

Mary Jo Foley of Sm@rt Reseller and Charles Cooper of ZDNN contributed to this report

What do you think? Tell the Mailroom. And read what others have said.

Take me to the: Denial of Service Round-up

Editorial standards