HOME
NEWS SUMMARY
U.S.
POLITICS
WORLD
BUSINESS
TECHNOLOGY
SCIENCE
HEALTH&LIVING
TRAVEL
ESPN SPORTS
ENTERTAINMENT
WEATHER.com
REFERENCE
LOCAL
ABCNEWS ON TV
TECH HEADLINES
Two More Sites Attacked
Amazon.com Subsidiary Probed
Buy.com Suffers Web Site Delays
Judge Extends Online TV Ban
Be Aims at Internet Appliances
SPECIAL SERVICES
Shopping Guide
Homework Help
SEARCH
ABC2000
ABC.com
THE CENTURY
EMAIL
ABCNEWS.com
SEND PAGE TO
A FRIEND
TOOLS AND
HELPERS
More Sites Attacked
At Least Three Leading Web Sites Have Now Suffered Outages After Coordinated Attacks This Week
An attack on Yahoo! lasts about three hours Monday. Buy.com and eBay suffer attacks Tuesday. For Buy.com, the service interruption comes during its initial public offering. The FBI will investigate.
By Jonathan Dube
Feb. 8 � A day after taking down Yahoo!, computer attackers knocked two more high-profile Web sites offline, raising the troubling prospect that an individual or a group is trying to wreak havoc across the Web.
Today attackers paralyzed Buy.com�s site for three hours on the day it was going public. ABCNEWS� Jack Smith reports on the cyberattack on Yahoo! RealVideo
(download RealPlayer)
Then they attacked eBay, the popular auction site, making it inaccessible starting at around 2:45 p.m. PST, according to Keynote Systems Inc., a Silicon Valley company that tracks Web site performance. The site is still having access problems and is working to solve them, said eBay spokeswoman Kristin Seuell.
CNN.com has been having accessibility problems since about 4 p.m. PST and Amazon.com since about 5 p.m. PST, according to Keynote.
�The problems have the same symptoms as the others that have been determined to be denial-of-service attacks,� said Dan Todd, Keynote�s director of public services. �The sites are behaving in exactly the same way as the others did.�
Officials at the companies say they have no information yet linking the attacks, but security experts say the timing and similarity of the attacks raise questions. The FBI plans to investigate.
�To see these attacks one day after the attack on Yahoo!, I would say whoever�s doing this has some kind of beef, has some kind of ax to grind, and it�s safe to say he�s active and out there and looking for more targets,� said Elias Levy, the chief of technology for SecurityFocus.com, which monitors computer security issues.
All three assaults were what are known as denial-of-service attacks, which entails someone bombarding a site with mock traffic. What results is an Internet traffic jam, effectively blocking out users.
Robin Zohn, a spokeswoman for Buy.com, told ABCNEWS.com the site was down from about 10:50 a.m. PST to 2 p.m. PST today � roughly the same time Yahoo! was inaccessible Monday.
The site was struck with 800 megabytes of data per second, more than 24 times the normal flow of data. It appeared to be a coordinated effort from multiple points on the Internet, just like the Yahoo! attack.
�For somebody to do this to Buy.com on their IPO date, that is just malicious,� Levy said.
eBay sent a note to its members this afternoon saying it was suffering from a denial-of-service attack and promising that no confidential information has been compromised.
�We are taking multiple measures to fight this, including working with local and federal authorities, ISPs including Sprint, UUNet and AboveNet, our vendors including Cisco, our partners, and other Internet sites that have recently been attacked in the same way.�
FBI Investigating Attacks
Monday�s attack on Yahoo!, one of the Internet�s most popular sites, was deemed so serious that the FBI contacted the company and said it plans to investigate.
�We are in communication with the FBI and plan to be meeting over the next few days once we�ve gathered more data so we can make that a meaningful discussion,� Yahoo! spokeswoman Diane Hunt said.
The attack on Yahoo! came from at least 50 different points on the Internet and appeared to be a coordinated effort, Hunt said.
At the attack�s peak, Yahoo! was flooded with one gigabyte of traffic a second � more than most sites get in a year. Yahoo! serves an average of 465 million page views a day.
Hunt said the site has been struck by smaller versions of this type of attack in the past, but in those cases the company was able to reroute the traffic to prevent disruption of service. Monday�s attack caught the company off-guard and came from so many locations, at the same time, that Yahoo! was unable to stop it.
Yahoo! has installed filters to prevent similar attacks. But Hunt acknowledged that even the new filters may not be foolproof.
�This was a very, very intense attack,� Hunt said. �And, unfortunately, there�s no way to guarantee that these types of attacks won�t happen to anybody in the future. You can put filters in place, but eventually hackers can figure out ways to work around those. So nobody can solve it 100 percent. I think it�s part of doing business, unfortunately.�
Little Financial Impact
The company emphasized that the site was not hacked into and no user data was compromised.
Yahoo! officials said they still do not know who was responsible for the attack and hope the FBI can help them figure that out.
�It�s a hard thing to determine with these types of attacks,� Hunt said. �It comes from multiple points, for one. And there�s a lot of things that people do when they initiate an attack like this that make it difficult to trace it.�
Yahoo! doesn�t expect the downtime to cost the company a significant amount of money. The company may place additional ads on pages to compensate for any ads that were supposed to be seen Monday but were not due to the outage.
Yahoo! Usually Reliable
Keynote Systems Inc. said that Yahoo! was down from about 10:15 a.m. to 1:25 p.m. PT.
After that, the site was about 70 percent accessible for the rest of the afternoon, Todd said.
Keynote said that while Yahoo! was inaccessible within the United States it was still 59 percent accessible internationally.
Yahoo! has historically been one of the most reliable sites on the Web, so Monday�s outage offers a cautionary note to anyone dependent on the Internet for business purposes: Even the sites with the most resources and best track records are vulnerable to attacks and service interruptions.
�I think it�s absolutely an indication that no matter how much preparation you do, no matter how many contingency plans you have, no matter how well you design your system, it�s always possible that something can go wrong,� Todd said.
Similar Outage Had Cost eBay Millions
Monday�s crash was the most high-profile Web site outage to date and the first to strike a leading site. Previously, the outage that attracted the most attention was when eBay, the leading auction site, crashed in June 1999 for about 22 hours. The outage sent the company�s stock into a tailspin, causing eBay to lose 26 percent of its value in five days and costing it $5 million in revenues in the second quarter.
The company also suffered a string of smaller outages in November, lasting a total of four hours during three days. It has since invested more than $18 million in engineering to improve site performance. a
Yahoo! has had minor outages in the past, but this was the first time the entire Yahoo! portal had crashed.
Five months ago, Yahoo�s e-mail service went down. The company attributed it to a glitch with the mail service�s Internet connection, which is provided by GTE.
Yahoo! is the second most-visited site on the Internet after America Online with more than 42 million unique visitors a month, according to the research firm Media Metrix.
Yahoo! has more than 100 million registered users and has been continually growing. Its average daily page views surged to 465 million in December, up from 167 million a year earlier.
On Wall Street, the attacks seemed to have little impact. After closing near where it opened Monday, trading of Yahoo! stock was up at midday today.
Buy.com, which sells a variety of products at steep discounts, had a market capitalization of $3.5 billion after today�s initial public offering, which raised $182 million.
http://abcnews.go.com/sections/tech/DailyNews/yahoo000208.html
-- Martin Thompson (mthom1927@aol.com), February 08, 2000