Hacker probe widens as Canada attacked John Greenwood National Post

The RCMP has been called in to join an international investigation of hackers vandalizing commercial Web sites, after HMV Canada revealed yesterday that it, too, was targeted in this week's wave of cyber attacks.

HMV Canada said its Web site was knocked out for about an hour on Monday, apparently by the same group of vandals that disabled a string of high-profile sites in the U.S.

"Our site was responding really slowly and as we looked into it, we realized our system was being overwhelmed so we shut it down," said Frank Koblun, director of consumer e-commerce at HMV.

The company launched its Toronto Web site last July.

Mr. Koblun said HMV, a subsidiary of one of the world's leading music retailers, is working with the RCMP to try to track down those responsible.

The Federal Bureau of Investigation has reportedly narrowed its search for the hackers responsible for the U.S. attacks, and is now focusing on undisclosed locations in California and Oregon.

Officials said they still don't know whether they are looking for a group of precocious 15-year-olds or a sophisticated criminal.

The FBI said it has seized a computer at the University of California at Santa Barbara, after learning that the system may have been used by the hackers to send out millions of messages, clogging the target sites.

In what investigators believe is a co-ordinated attack, the hackers started their assault on Monday, hitting Yahoo.com, then moving on to other sites including CNN.com, Buy.com, eBay.com and Amazon.com.

Bill Clinton, the U.S. president, has weighed in, issuing invitations to executives from 20 leading computer and Internet companies to attend a meeting at the White House on Tuesday.

At the beginning of the month, Mr. Clinton asked congress to OK a $2-billion (US) expenditure to beef up the government's efforts to fight computer crime.

Mr. Koblun said that when the attack on the HMV site began on Monday, his company wasn't sure what to make of the sudden increase in traffic.

"Then on Tuesday and Wednesday the reports about the U.S. attacks started appearing in the papers and we thought we should say it's happening here, too", he said. The company initially had some difficulty communicating its problem. It called in the RCMP around five o'clock on Thursday but was told to call back on Friday "when someone is in. I went to three different people before I got the right guy."

HMV appears to be the first major Canadian company hit in the recent "access-denied" attacks -- so called because Web sites were bombarded with requests to get on the site and became so clogged that genuine users could not get in.

Major Canadian e-commerce organizations, including stock broker TD Waterhouse, the Royal Bank of Canada and the Toronto Stock Exchange say they were not hit.

However, visitors to the sites of some subsidiaries of U.S. companies, such as E*Trade Canada, did experience delays, since traffic there is directed to the U.S. parent's disabled computer systems.

"We were hit for about 90 minutes on Wednesday morning," said Bruce Seago, vice-president of operations at E*Trade Canada. Mr. Seago said that while the site wasn't shut down, customers found they either didn't get in or they experienced long delays in filling orders.

Some experts argue that HMV may not be the only Canadian site targeted by the hackers.

"These things are almost always international in scope," said Bob Davis, a computer crime expert with the RCMP. "The likelihood of this thing being limited to the U.S. is small."

One reason for that is that criminals realize that it's much more difficult for law enforcers to track them down and prosecute them if their crime takes place in more than one country. "Hackers realize that it's more difficult to trace a transnational crime, so it's a pretty standard technique for hackers to cover their trails [in this way]," said Scott Hutchinson, a criminal lawyer and author of the book Computer Crime in Canada.

http://www.canada.com/cgi-bin/np.asp?f=/news/nationalpost/stories/20000212/203105.html

-- Martin Thompson (mthom1927@aol.com), February 12, 2000