Y2K OutGrowth Tooling FBI In Attacks!greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread |
Ahso! It comes into manifestation:[ Fair Use: For Educational/Research Purposes Only ]
http://www.vny.com/cf/News/upidetail.cfm?QID=63186
FBI's Elite Center Joins Probe
By MICHAEL KIRKLAND, Wednesday, 9 February 2000 12:47 (ET)
WASHINGTON, Feb. 9 (UPI) -- The FBI's National Infrastructure Protection Center is moving to counter repeated cyber-attacks against commercial sites on the Internet, sources told United Press International Wednesday.
The involvement of the elite center in the investigation signals that Internet commerce, which is helping to drive U.S. economic prosperity, has been shaken by the attacks.
NIPC, pronounced "Nipsy" by most FBI officials outside the unit, entered the fray after computer experts from the bureau's San Francisco field office conducted an initial investigation.
The "denial of service" cyber-assaults began with Yahoo on Monday. The Web's most popular site was effectively taken out of action for more than three hours. A massive wave of information requests apparently generated by one or more hackers overwhelmed the site, denying service to anyone trying to access it.
But the attacks continued Tuesday against other major Internet commercial sites, though the assaults did not appear to be as severe as the one against Yahoo. Among the new victims were eBay.com, one of the Internet's premier auction sites, and CNN.com, which was trying to report on the new attacks even as it was struck.
The FBI was keeping its cards close the vest earlier Wednesday, declining to answer reporters' questions until a general briefing tentatively scheduled at the bureau that afternoon.
However, sources told UPI that investigators had not yet located the source of the attack, nor did they know whether the attacks were launched by one controller or were being copied by other hackers.
NIPC officials were in the FBI's Strategic Information and Operations Center Wednesday morning trying to sort out the problem. SIOC, a huge windowless facility with more 30 rooms and seating for 450 on the fifth floor of FBI headquarters, is equipped with the latest computers and enables supervisors to keep in constant contact with field investigators during a crisis.
NIPC and the Computer Emergency Response Team, or CERT, at the Carnegie Mellon Institute have been warning Internet commercial sites for weeks that "distributed denial of service" tools were becoming more prevalent on the 'Net.
Both NIPC and CERT have been offering software through their Web sites to counter potential attacks.
--------------------------------------------------
-- Ashton & Leska (allaha@earthlink.net), February 09, 2000
Looks like the .gov learned a thing or two from Y2K and took it seriously -- good for them!
-- it was real (still@is.but.mitigated), February 09, 2000.
National Infrastructure Protection Center, JIT
-- h (h@h.h), February 09, 2000.
Didn't Koskinen say he wouldn't be going along this route after Y2K but was hoping to retire? Anybody remember?
-- rest (golf@sun.pension), February 09, 2000.
Feb 9, 2000 - 03:03 PMReno Promises Federal Battle Against Cyber-Vandals
By Ted Bridis, Associated Press Writer
WASHINGTON (AP) - Attorney General Janet Reno promised today that federal law enforcement authorities will do all in their power to combat a wave of Internet vandalism.
Responding to a rash of attacks that disrupted a number of flagship Web sites, Reno said "these cyber-assaults have caused millions of Internet users to be denied services."
She said the motives of the vandals are not known "but they appear to be intended to interfere with and disrupt legitimate electronic commerce."
"We are committed in every way possible to tracking down those who are responsible," she said.
Ronald Dick, a cyber-security expert at the FBI, said the hackers could face a maximum penalty of 5 to 10 years in jail and up to a $250,000 fine, or in some cases "twice the gross loss to the victim."
Internet vandals on Tuesday waged an unprecedented campaign of electronic assaults against Web sites belonging to some of the biggest names in cyberspace, disrupting access for consumers to the some of the Web's most popular sites.
Even today, the online brokerage, ETrade, said its Web site was attacked. "Customer accounts were never compromised," spokesman Patrick DiChiro said. Fewer than one-fifth of its customers were affected by the clogged traffic for about 90 minutes before the company blunted the attack, he said.
On Tuesday, a rash of attacks struck sites that included those of eBay, Amazon, CNN and Buy.Com, all in unusually forceful assaults similar to one that overwhelmed Yahoo! a day earlier.
Reno said the Justice Department, the FBI and other law enforcement agencies, in cooperation with the business community, are seeking "to keep pace with the cyber-criminals of the new millennium."
She told reporters at an afternoon news conference that among the chief concerns of law enforcement officials is to get prompt reporting of incidents of cyber-vandalism. Reno also said federal authorities are working with state and local counterparts to improve their capability to deal with such crimes.
President Clinton had said earlier he didn't know if there was anything Washington could do. "But I have asked people who know more about it than I do whether there is anything we can do about it," the president said today as he left the White House for a trip to Texas.
Early signs showed the problems on Tuesday were caused by the same type of electronic assaults as those launched against Buy.Com Inc. earlier Tuesday and against Yahoo! Inc. on Monday, industry officials said.
Investors have been mostly unfazed by the attacks, even boosting some of the shares afterwards. At midday today, ETrade was down 75 cents a share at $22.25 amid a 35-point decline on the Nasdaq Stock Market.
Among the week's other victims, Amazon.com was down $1.87 1/2 at $81.25, eBay was down $6.50 at $163.25, Yahoo! was down $12.50 at $364, and Buy.com was up $3.18 3/4 to $28.31 1/4.
eBay Inc., the online auction site with more than 10 million customers, said engineers were able to restore full service just before midnight EST. The company offered to credit any customer whose auctions were affected by the sabotage.
Amazon.Com Inc. said its site was inaccessible for more than an hour late Tuesday because large amounts of "junk traffic" were aimed at the company's computers, tying them up and preventing nearly all its customers from making purchases.
All the companies hit said hackers did not gain access inside their computers or retrieve information about their customers.
CNN said its Web site was "seriously affected." It fell under attack for nearly two hours before technicians were able to shield its computers from the hackers late Tuesday night.
eBay said it called the FBI, and that early signs showed problems caused by the same type of electronic assaults as those launched against Buy.Com Inc. earlier Tuesday and against Yahoo! Inc. on Monday.
Tuesday's attack against Buy.Com, which claims more than 1.3 million customers, apparently was timed to coincide with the company's initial stock offering. Chief executive Greg Hawkins described the sabotage in a statement as "an outside coordinated attack to our network that prevented access to our system." Some customers on the West Coast were unaffected.
"The whole thing happened so quickly," said Mitch Hill, the company's chief financial officer. He said the attacks were traced to powerful computers in Boston, New York and Chicago, and that Buy.Com planned to contact the FBI today.
These moves followed a brazen electronic attack Monday that for hours crippled Yahoo!, among the most popular sites on the Internet, though it was impossible to know immediately whether they were related.
"It's still in the early stages, but we're working to see if there are any common denominators," eBay spokeswoman Kristin Seuell said.
The problems also illustrated again the unique threats faced by online companies. Unlike their brick-and-mortar counterparts, these attacks using remotely controlled "zombie computers" can effectively shut down every Web storefront of an entire corporation.
Jeff Mallett, president of Yahoo! Inc., confirmed Tuesday that the FBI also was investigating the sabotage against his company. Mallett said the company, which makes most of its money from Internet advertising, does not anticipate a serious financial impact. In fact, its stock rose more than 5 percent Tuesday, or $19.13, to close at $373.13. Yahoo!'s flagship Web directory handles 36 million visitors each month.
Among the Internet underground, where craving for publicity often fuels dramatic attacks against high-profile computers, no one claimed responsibility for the moves against eBay, Amazon, Yahoo! or Buy.Com. Mallett and technical experts believe that about 50 powerful computers were hacked across the United States - a fairly trivial task - and instructed simultaneously to send falsified data to "routers" on the Internet that, in turn, were fooled into flooding the Yahoo! Web site with electronic signals.
Mallett estimated that during the attack's peak, Yahoo! was drowning in one gigabit of incoming data every second. A gigabit is roughly 130 million characters of standard text.
------------------------------------------
-- laramel (laramel@pbs.edu), February 09, 2000.
Feb 9, 2000 - 03:03 PMReno Promises Federal Battle Against Cyber-Vandals
By Ted Bridis, Associated Press Writer
WASHINGTON (AP) - Attorney General Janet Reno promised today that federal law enforcement authorities will do all in their power to combat a wave of Internet vandalism.
Responding to a rash of attacks that disrupted a number of flagship Web sites, Reno said "these cyber-assaults have caused millions of Internet users to be denied services."
She said the motives of the vandals are not known "but they appear to be intended to interfere with and disrupt legitimate electronic commerce."
"We are committed in every way possible to tracking down those who are responsible," she said.
Ronald Dick, a cyber-security expert at the FBI, said the hackers could face a maximum penalty of 5 to 10 years in jail and up to a $250,000 fine, or in some cases "twice the gross loss to the victim."
Internet vandals on Tuesday waged an unprecedented campaign of electronic assaults against Web sites belonging to some of the biggest names in cyberspace, disrupting access for consumers to the some of the Web's most popular sites.
Even today, the online brokerage, ETrade, said its Web site was attacked. "Customer accounts were never compromised," spokesman Patrick DiChiro said. Fewer than one-fifth of its customers were affected by the clogged traffic for about 90 minutes before the company blunted the attack, he said.
On Tuesday, a rash of attacks struck sites that included those of eBay, Amazon, CNN and Buy.Com, all in unusually forceful assaults similar to one that overwhelmed Yahoo! a day earlier.
Reno said the Justice Department, the FBI and other law enforcement agencies, in cooperation with the business community, are seeking "to keep pace with the cyber-criminals of the new millennium."
She told reporters at an afternoon news conference that among the chief concerns of law enforcement officials is to get prompt reporting of incidents of cyber-vandalism. Reno also said federal authorities are working with state and local counterparts to improve their capability to deal with such crimes.
President Clinton had said earlier he didn't know if there was anything Washington could do. "But I have asked people who know more about it than I do whether there is anything we can do about it," the president said today as he left the White House for a trip to Texas.
Early signs showed the problems on Tuesday were caused by the same type of electronic assaults as those launched against Buy.Com Inc. earlier Tuesday and against Yahoo! Inc. on Monday, industry officials said.
Investors have been mostly unfazed by the attacks, even boosting some of the shares afterwards. At midday today, ETrade was down 75 cents a share at $22.25 amid a 35-point decline on the Nasdaq Stock Market.
Among the week's other victims, Amazon.com was down $1.87 1/2 at $81.25, eBay was down $6.50 at $163.25, Yahoo! was down $12.50 at $364, and Buy.com was up $3.18 3/4 to $28.31 1/4.
eBay Inc., the online auction site with more than 10 million customers, said engineers were able to restore full service just before midnight EST. The company offered to credit any customer whose auctions were affected by the sabotage.
Amazon.Com Inc. said its site was inaccessible for more than an hour late Tuesday because large amounts of "junk traffic" were aimed at the company's computers, tying them up and preventing nearly all its customers from making purchases.
All the companies hit said hackers did not gain access inside their computers or retrieve information about their customers.
CNN said its Web site was "seriously affected." It fell under attack for nearly two hours before technicians were able to shield its computers from the hackers late Tuesday night.
eBay said it called the FBI, and that early signs showed problems caused by the same type of electronic assaults as those launched against Buy.Com Inc. earlier Tuesday and against Yahoo! Inc. on Monday.
Tuesday's attack against Buy.Com, which claims more than 1.3 million customers, apparently was timed to coincide with the company's initial stock offering. Chief executive Greg Hawkins described the sabotage in a statement as "an outside coordinated attack to our network that prevented access to our system." Some customers on the West Coast were unaffected.
"The whole thing happened so quickly," said Mitch Hill, the company's chief financial officer. He said the attacks were traced to powerful computers in Boston, New York and Chicago, and that Buy.Com planned to contact the FBI today.
These moves followed a brazen electronic attack Monday that for hours crippled Yahoo!, among the most popular sites on the Internet, though it was impossible to know immediately whether they were related.
"It's still in the early stages, but we're working to see if there are any common denominators," eBay spokeswoman Kristin Seuell said.
The problems also illustrated again the unique threats faced by online companies. Unlike their brick-and-mortar counterparts, these attacks using remotely controlled "zombie computers" can effectively shut down every Web storefront of an entire corporation.
Jeff Mallett, president of Yahoo! Inc., confirmed Tuesday that the FBI also was investigating the sabotage against his company. Mallett said the company, which makes most of its money from Internet advertising, does not anticipate a serious financial impact. In fact, its stock rose more than 5 percent Tuesday, or $19.13, to close at $373.13. Yahoo!'s flagship Web directory handles 36 million visitors each month.
Among the Internet underground, where craving for publicity often fuels dramatic attacks against high-profile computers, no one claimed responsibility for the moves against eBay, Amazon, Yahoo! or Buy.Com. Mallett and technical experts believe that about 50 powerful computers were hacked across the United States - a fairly trivial task - and instructed simultaneously to send falsified data to "routers" on the Internet that, in turn, were fooled into flooding the Yahoo! Web site with electronic signals.
Mallett estimated that during the attack's peak, Yahoo! was drowning in one gigabit of incoming data every second. A gigabit is roughly 130 million characters of standard text.
------------------------------------------
-- laramel (laramel@pbs.edu), February 09, 2000.
We the sheeple are being lead down the road to more Government control of the Internet.This is "For The Clintons". Excuse Me I meant to say "For the Children".
BaaBaa
-- BaaBaa (wethe@sheeple.org), February 09, 2000.
I've got two questions about the hackers doing this stuff.Where do they get the computer/communications power to manage attack of this size? They've got to have systems much larger than the ones they're going after to swamp those sites. Sending Gigs of data isn't some kids at home with a 56K modem.
Then, are these practice runs before going after something really big, like Fed.Gov itself? Maybe Wall Street? Or warning shots, perhaps?
Times could get really interesting in the next few days. But I'll bet that things don't stop where they are.
WW
-- Wildweasel (vtmldm@epix.net), February 09, 2000.
WW Thou art NOT a nice man. Any idea where in this country you might find this level of horsepower, except NSA, NIPC, ...???Or someone who has bought a couple T-3's, and is using some multi- processor Pentium3's or analogs??
-- confused and concerned (OCCAM@razors.R.us), February 09, 2000.
As I understand it , these "hackers" utilise a remote site(s) to send their message, they don't send the offending packets from their computers , so to speak. They find a insecure system(s) somewhere else and get those computers to transmit the packets that flood the target web site. The remote system(s) DO have to have a high bandwidth, but if there are lots of computers relaying this the need for any individual site to have a high bandwidth is reduced.
-- XOR (drwizzard@usa.net), February 09, 2000.
The following is all taken from the following thread posted 2-9-2000http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002Wnz
"Are major internet companies covering up y2k related equipment failures with false claims of hack attacks"
greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
Are major internet companies covering up y2k related equipment failures with false claims of hack attacks
They certainly have the motive: tremendous financial stakes.
Before you dismiss this, as the ravings of a paranoid conspiracy theorist (I merely distrust corporate flacks who are paid large sums to lie to the public), consider the following item that was posted on a previous thread.
Also take a look at the numerous post CDC software/hardware problems that Cisco Systems, which provides most of the infrastructure for the internet, is having and see if you don't see some serious questions that need to be answered.
Some serious comment from technical experts on the following earlier post would be most useful:
I am beginning to suspect that the date-time stamp embedded in packets within the MAC layer of the tcp/ip stack have gone to negative numbers as a result of the CDC (century date change) and some of the routers and switches are having serious problems in reconciling packet reconstruction. This means that the recieving end routers of the tcpip stream (i.e. the 'hacked' sites) are not able to reconstruct the packet stream suffienctly enough to avoid triggering an error condition. This is predictable anamolous behavior (and may have been noted on the Cisco site field notations) if the date-time stamp algorithm were to deal with a year of '00'. This problem will also trigger security alarms and could be easily mistaken for an attack of the *denial of service* kind. Persons on site could use a packet sniffer to retrieve MAC layer address headers and determine if the most significant bit of the date-time stamp was - 1. If I am correct, then no hackers will take credit for what will become a daily increasing amount of 'hack' attacks. At some point it would be expected to level off at a near critical level for the internet. I would expect that this point would be reached when 24% of routers are involved. Note that this is a wild ass guess as there are many kinds of equipment and expected reponses within the class of routers. Some could be expected to just ignore the negative number. These, though, should exhibt garbaged messages as they could be expected to be reassembled in properly. Also should note that many cell phone tower packet handlers use the same algorithm.
-- pliney the younger (pliney@puget.sound.rain.light.chilly), February 09, 2000.
Here's the link to the thread on which the post above appeared.
http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002Wbr
Link to Cisco problems story:
http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002WEk
Link to Yahoo Story raising question about actual cause.
http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002W9o
-- Carl Jenkins (Somewherepress@aol.com), February 09, 2000 END OF EXCERPTED THREAD
-- notsoquick (notsoquick@another.view), February 09, 2000.
What time/date stamp in the tcp packet ?? I didn't think that it included this. If there is a time/date stamp which osi layer is it in ?. Is this layer above or below routing level?. What cisco products, there are about 20 cisco products about 10 feet from me and not a single one of these had even the slightest problem.
-- XOR (drwizzard@usa.net), February 10, 2000.