Home & Office

Experts: Web attacks not over yet

While Web sites pick up the pieces after the latest mayhem, security experts worry that these cyber disruptions are becoming impossible to prevent
Written by Robert Lemos, Contributor

Even as two more major Web sites suffered outages, security experts issued a chilling warning: The attacks could continue into Thursday.

E*Trade and ZDNet joined Yahoo!, eBay.com, Buy.com, The Microsoft Network, CNN and Amazon.com in the dubious ranks of victims of what is known as a "distributed Denial of Service" attack.

The techniques used against those eight major Internet sites use a large number of compromised servers to flood a target with data. It takes only limited technical expertise, has software tools to help attackers and can be very hard to stop.

Worse -- experts foresee little relief in sight. Steve Bellovin, network security research fellow for AT&T Labs, expects more attacks to hit other sites Wednesday night and throughout Thursday. "I think it is going to continue for at least a few more days until they can track down who is doing it," he said.

That, despite a well-publicised pledge by the FBI to hunt down those responsible for the attacks.

"We are committed in every way possible to tracking those who are responsible," said Attorney General Janet Reno at a news conference late Wednesday morning.

"The longer the attacks continue, the easier it will be to track the person or people down," said Bellovin.

As the incidents mounted, security experts declared that the outages were almost certainly the result of a coordinated effort.

"I don't see how they couldn't be," said Stuart McClure, the president and chief technology officer at Ramparts Security Group LLC in Irvine, California. "The symptoms are all the same, the effects are all the same -- every time I talk to people [at the afflicted sites] they all say the same things."

Not everyone agreed, however. One security specialist argued that a single teenager could have pulled off the attacks because tools to find and exploit security holes in the Internet infrastructure are readily available online.

Tools, such as the Tribe Flood Network and a variant known as Stacheldraht, allow an attacker to set up remote "agents" on cracked computer systems that can conduct the same sort of attack as those that hit Yahoo!, eBay and others.

"Basically you are giving a kid an electronic AK-47," said James Atkinson, president and chief engineer for counter-surveillance firm Granite Island Group, based in Gloucester, Massachusetts, who added that Internet service providers need to start protecting themselves better.

"ISPs are going to go out of business if they do not (put in better defences)," he said. "A lot of Web firms have been big, fat targets for quite a while. This is a wake up call." Atkinson has being consulting with several victims of the denial of service attacks.

However, even the most responsible ISPs cannot fully protect themselves from flooding attacks and remain connected the Internet.

In fact, security experts are concerned that Denial of Service techniques are evolving to the point where the attacks will be impossible to prevent.

"Denial of service is becoming more sophisticated," said Weld Pond, a hacker working for security firm @Stake. "The problem is not going away."

What do you think? Tell the Mailroom. And read what others have said.

Take me to the Denial of Service round-up

Editorial standards