E*Trade, ZDNet Hit by Internet Vandals

Updated from 12:43 p.m. EST.

The Internet was shaken for a third day Wednesday by cyber vandals who disrupted service on two more large Web sites, and federal law enforcement officials began a search for the people behind the attacks.

The latest targets were the Internet brokerage firm E*Trade Group (EGRP) and ZDNet (ZDZ), which operates a site that covers technology news.

These are the latest in a series of disruptions that started with an attack by computer hackers on the popular Web portal Yahoo! (YHOO) on Monday and spread to eBay (EBAY), Amazon.com (AMZN), Buy.com (BUYX) and the Web sites of the cable channel CNN on Tuesday.

E*Trade and ZDNet on Wednesday reported a similar string of events in which their Web sites were instantly hit with a deluge of information that temporarily crippled their sites.

All the disrupted sites appeared to be operating normally by midday Wednesday.

It could not yet be determined whether the same computer hackers were responsible for the attacks on the various sites.

Another Internet brokerage firm, Datek Online Holdings, also reported a 30-minute interruption at part of its Web site on Wednesday morning, and it first said the problem appeared to have been caused by computer hackers. But the company several hours later said the problems at its site did not seem to be related to an attack by hackers and instead were caused by an equipment failure at one of its Internet service providers.

Attorney General Janet Reno, at a news conference in Washington Wednesday afternoon, said the Federal Bureau of Investigation had begun a criminal investigation to find the people who had disrupted the Web sites.

"We are committed in every way to tracking down those who are responsible," Reno said.

Net Hacking: Join the discussion on our message boards.

She also said the Justice Department was requesting an additional $37 million in next year's budget to fight the growing problem of computer crime.

The online trading site of E*Trade experienced network problems early Wednesday morning. An E*Trade spokesman, Patrick Di Chiro, said the site was disrupted from 8 a.m. to 10 a.m. EST. "There seems to have been an external effort to tie up the network," he said.

E*Trade provided customers with another Internet address to circumvent the slowdown, Di Chiro said, adding that only a small number of the firm's customers were affected. But Gomez Advisors, a company that monitors Web site performance, said E*Trade's failure rate exceeded 35% nationwide around 9 a.m.

Di Chiro said E*Trade had been in touch with "the proper authorities" following the incident.

ZDNet said its site was shut down for nearly two and a half hours Wednesday morning.

A ZDNet spokeswoman, Martha Papalia, said the hackers are calculating inopportune times to attack. "We just reported great earnings after the bell last night and just as investors would be waking up to the news, our site went down," she said. "All signs are pointing to a denial-of-service attack."

ZDNet said it was working with the FBI and technology companies to solve the problem. "It's interesting that it lasted about the same amount of time that the others did," Papalia said.

So far, the disruptions appear to have had a somewhat limited effect on the stocks of the affected companies. But they have made investors nervous, and market analysts say the disruptions contributed to a selloff of Internet stocks.

Shares of E*Trade, Amazon.com, eBay and Yahoo! all fell. But Buy.com rose in its second day of trading, while ZDNet was little changed.

Most security experts think the attackers basically hijacked other computers around the Internet and instructed them to flood the target Web site with requests for information. The server of the target Web site cannot process the deluge of requests at once, so the time to download a Web page slows to the point that the page becomes inaccessible.

But while this cripples the server's ability to deliver Web pages, it doesn't violate the integrity of the system or allow access to data stored on the server. As such, these attack don't threaten such sensitive data like credit card numbers and other personal information.

At the Justice Department's news conference Wednesday afternoon, Ron Dick, an FBI spokesman, said there was no quick way to halt attacks on Web sites.

"This problem is difficult to prevent, but there are ways to minimize them on the Internet," Dick said. "The length of the attacks can vary from a few minutes to a few days depending upon the resources of the people behind the attack."

He said private companies and the government needed to work together to resolve the problem. Some companies, he said, are unwittingly becoming accomplices to hackers by not securing their own computers against hijackers. He noted that there are tools available to minimize that kind of attack, but that "the intruder community is actively developing tools to circumvent these programs."

The National Infrastructure Protection Center, a division of the FBI, has been investigating these types of attacks since late last year.

"The technical vulnerabilities used to install these denial-of-service tools are widespread, well known, and readily accessible on most networked systems throughout the Internet," the NIPC said in a statement on Dec. 30.

The FBI group said possible motives for the attacks include "exploit demonstration, exploration and reconnaissance, or preparation for widespread denial-of-service attacks."

>To order reprints of this article, click here: Reprints