Cos. Urged To Boost Cyber Security
DAVID E. KALISH
Feb. 10, 2000
NEW YORK (AP) _ A broad electronic assault against some of the biggest sites in cyberspace is renewing calls for heightened high-tech security by businesses and government. But even proponents of stricter measures acknowledged there was no iron-clad defense.
Hackers stepped up a three-day electronic attack Wednesday against the world's most popular Web sites, inconveniencing millions of Internet users and unnerving Wall Street. The apparently coordinated attacks spread to ETrade, ZDNet and other major sites. All of them were crippled by a barrage of messages generated by hackers.
No major new attacks were immediately apparent this morning.
Federal officials urged businesses to install protective software and take other security precautions. And sensitive government systems were being quickly secured against potential attacks, Commerce Secretary William Daley said in a teleconference Wednesday.
``Right now there is no surefire defense, but we are trying to take some steps,'' he said. ``First we are taking special action to ensure that all federal systems, including civilian agency systems, and those of the Defense Department, are clean of these infections, which make some systems the unwitting partner in these attacks.''
Some security experts, though, said the publicity from government officials could merely encourage pranksters.
``It's what these guys go after _ to be known as the person or group of people who've pulled these attacks off,'' said Simon Perry, security business manager at Computer Associates International, a maker of business software. ``Instead of graffiti on the subway wall, they've climbed up to the 40th floor of the Empire State Building and put their messages there.''
The growing anxiety about the Internet's vulnerability contributed to a 258.44 point-slide in the Dow Jones average Wednesday and halted three straight record-high closings for the Nasdaq Composite Index, which is heavy with high-tech stocks.
The hacker technique, called a ``denial of service attack,'' involves directing a flood of messages to computers that run Web sites. The effect is comparable to erecting human barricades to block shoppers from entering a mall or unleashing a wave of calls to tie up a city's phone lines.
In one of several high-profile attacks Wednesday, the ETrade online brokerage's Web site was hit, but ``customer accounts were never compromised,'' spokesman Patrick Di Chiro said. Less than one-fifth of its customers were affected by the clogged traffic for about 90 minutes before the company blunted the attack, he said.
ZDNet.Com, a popular news site that covers technology, said its Web site was shut down for two hours and ``appeared to have been the target of a denial-of-service attack.''
Microsoft's MSN.com, another highly visited site, said it was indirectly affected because of disruptions to several Internet service providers carrying its traffic. A small proportion of users were unable to reach Web pages and others may have been unable to log on, said Microsoft spokesman Tom Pilla.
Major sites that came under attack Tuesday included eBay, Amazon, CNN and Buy.Com, all in unusually aggressive assaults similar to one that overwhelmed Yahoo! a day earlier.
``It's important to say what didn't happen,'' Yahoo! CEO Jeff Mallett said on NBC's ``Today'' this morning. Mallett, whose site was shut down for about three hours on Monday, compared the attack to a telephone busy signal, and said no information was stolen.
Mallett added that some protections are already in place to ward off potential hackers. But, ``there are so many access points, it's almost impossible to make sure it doesn't happen again.''
Some security experts noted that the attacks occurred around a three-day meeting of Internet service providers in San Jose, Calif., that ended Tuesday. The keynote speech at the meeting focused on denial of service attacks and was given Monday.
Hackers sometimes try to get publicity by timing attacks around certain events.
The attacks prompted top federal officials to remind wrongdoers of the potential penalties.
Hackers could face maximum penalties of 5 to 10 years behind bars and fines up to $250,000, or in some cases ``twice the gross loss to the victim,'' said FBI cyber-security expert Ronald Dick.
``We are committed to in every way possible to tracking those who are responsible,'' Attorney General Janet Reno said in Washington.
She said the motives of the vandals are not known, ``but they appear to be intended to interfere with and disrupt legitimate electronic commerce.''