Skip to main content

In the Wake of Web-Site Hacking, No Easy Answers, or Solutions

The FBI faces a daunting task finding the culprits, companies face a tough task preventing recurrence.

Point and click, point and click.

The ease, accessibility and convenience of the Internet has rapidly changed the way Americans read, shop and invest. But a series of attacks that disrupted several popular Web sites this week left even the businesses that provide Internet service confused and raised more questions than answers.

As the


confronts a long, laborious investigation, several companies declined to discuss their security precautions in detail. Public relations officials at other companies simply handed the telephone over to their software engineers.

While hacking is not a new phenomenon, the denial-of-service attacks, comparable to intentionally clogging a telephone line, drew more widespread attention to online vulnerability than ever before.

Internet service providers began discussing ways to prevent the problems, but no definitive plans had been made, said Secret Fenton, a spokeswoman for

Global Center

, the Internet service provider that stores the data of



, the first Web site to be attacked this week.

The company has determined the cause of Monday's disruption of Yahoo!, but what it has learned shows that the FBI's job -- finding the culprit or culprits -- will be a daunting task. A Yahoo! spokeswoman confirmed Global Center's account.

The attacker or attackers sent a flood of information requests known as pings to Yahoo!, according to Fenton. The requests essentially ask the computers storing Yahoo! data whether they are available to exchange information. The type of request falls under the category of Internet control message protocol, or ICMP, normally used to check status.

The requests were sent to Yahoo! indirectly. The attacker or attackers actually sent a flood of requests through networks that fraudulently listed Yahoo! as a return address.

While this cripples the server's ability to deliver Web pages, it doesn't violate the integrity of the system or allow access to data stored on the server. As such, these attacks don't threaten such sensitive data like credit card numbers and other personal information.

The ICMP requests can be distinguished from legitimate attempts to log on to the company's Web site, Fenton said. In the case of Yahoo!, the requests were received at a rate of one gigabyte per second, representing more traffic than some of the top-50 Web sites receive in a year, according to Shannon Stubo, the Yahoo! spokeswoman.

Fenton said the requests came from about half of the other service providers that carry data transmissions to Global Center.

Stubo said about 50 service providers carried bogus requests to Yahoo!.

That means it is possible that one person built software that commanded many different computers, using many different service providers in many different geographic areas. It is also theoretically possible that millions of people simultaneously sent the malignant information requests.

Net Hacking: Join the discussion on our

message boards.

"It was just coming from everywhere," Fenton said. "That's why it's so hard to trace. I don't think anybody knows."

The FBI contacted Yahoo! on Tuesday and the company is cooperating with the investigation, Stubo said. The company has software that can separate the bogus requests from real requests to access the site, she said.

Fenton said Internet service providers discussed using rate-limitation devices, the routers that accept electronic requests, to monitor the volume of requests and halt incoming requests when the volume becomes too great. Global Center has not experienced problems with other clients.

While Global Center has installed rate-limitation devices since the Yahoo shutdown, it is impossible to know whether they are helping prevent attacks, she said.

"The denial-of-service attacks happen quite frequently," Fenton said. "They just don't happen to this magnitude."

Some security experts said Wednesday's attackers could be copycats, and opinion varied on how many people would be needed to carry out one attack. Software could be written to link computers together to simultaneously send requests, or hundreds of people could be sending multiple requests.

"Yahoo! likely had a million legitimate hits," said Jeffrey Bedser, managing director of

Internet Crimes Group Inc.

, a Princeton, N.J., Internet investigation firm. The information requests are "not that difficult to send through anonymous proxies."

Each electronic request for data can be multiplied 225 times, and the return address of the request can be made to appear as the victim's own address.

"These hackers have the power to leverage almost unlimited bandwidth," said Chris Rouland, an executive at

Internet Security Systems


, which develops security software for Internet companies. "This is not a problem that you can solve by throwing money at it. It needs technology."

Rouland added that so-called intrusion software to combat this problem just became available in November. The intrusion software detects the problem, allowing companies to race to reconfigure a service provider to circumvent the problem. Existing software can automatically reconfigure servers, but few companies actually use it, Rouland said.

"Everybody is vulnerable," said Alan Alper, an analyst at

Gomez Advisors


"People don't put procedures in place to prevent it because of the time and the money it takes," Alper said. "Solutions to the problem are only reactive and there's not much you can do to prevent it."