Dr. Sauter's Home Page

IS Area Home

MSIS 491


E-Commerce in the News

Current Page

E-Commerce Links

Java Script Links



E.C. Student Home Pages

Denial of Service Attacks

Business Resource Pages
Denial of Service Attacks
Design Issues
SuperBowl Ads
Tax Issues

"Corporate Security Begins at Home" Computerworld (03/06/00) Vol. 34, No. 10, P. 14; (Harrison, Ann): Many companies are responding to last month's denial-of-service attacks on several Web sites by undertaking efforts to protect the security of telecommuter transactions conducted via their corporate VPNs. Zone Labs President Gregor Freund notes that "you can encrypt as much data in transit as you want, but if the PC that information originates from is not secure, then the entire system is not secure." The company's free ZoneAlarm personal firewall has been downloaded from the Zone Labs Web site more than 500,000 times in the past month alone, and California-based Network ICE says sales of its BlackICE intrusion-detection and firewall product have increased 50 percent. Several companies now require their telecommuters to use personal firewalls on their home PCs in order to decrease the possibility that hackers could invade those PCs and use them to access confidential corporate material and attack the corporate VPN.

"Lawmakers Seek Better Shields Against Cyberattacks" Washington Technology (03/06/00) Vol. 14, No. 23, P. 14; (Gallagher, Anne): The Government Information Security Act, recently introduced in Congress by Sens. Joseph Lieberman (D-Conn.) and Fred Thompson (R-Tenn.), attempts to bring the IT industry and government together behind a comprehensive, long-term solution for computer security. The bill specifically relates to the federal government's information system and how to protect it from cyberattacks. It mandates that all federal agencies have their information security programs and practices audited by an outside agency annually, and it also allows the Office of Management and Budget authority to step up government-wide oversight of federal agencies. The bill is said to have wide support both within government and Silicon Valley, and it is possible that it will pass this year, according to some congressional staffers. At a recent hearing on computer security in the Senate, some experts said the Web sites that were recently hit with denial-of-service attacks should have expected such attacks and prepared for them. The experts also said that too many companies are placing their security in one solution, such as firewalls or encryption, instead of layering solutions and then constantly monitoring the situation. Those at the hearing contended that IT products must be designed with greater security protections, such as bigger firewalls. Security professionals at the hearing also said cyberattacks have increased dramatically in recent years. The Computer Emergency Response Team at Carnegie Mellon dealt with 132 computer security incidents in 1989, compared to 8,000 in 1999. "Life After the Hacks" Telephony (02/21/00) Vol. 238, No. 8, P. 10; (Quinton, Brian): The attacks on major Web sites earlier this month have catapulted network security to the top of many companies' priorities. Although "denial of service" attacks do not damage data, they do damage consumers' confidence in the Internet as a vehicle of commerce. A recent survey by PC Data shows that 45 percent of Internet users say that they are less likely to reveal their credit card numbers on the Web after the attacks; 37 percent say the attacks altered their opinions on Internet security as a whole; and 50 percent say the attacks changed their view of the Web sites that were hit. Experts contend that infrastructure companies will have to change spending priorities and purchase top-of-the-line security products. This is even more essential because hacking programs readily available on the Internet allow even the most rudimentary computer user the ability to launch an attack on a Web site. Security professionals say hacking software exploits the Internet's greatest attribute, which is its ability to connect huge networks of users, and that computer security needs to be improved so that every individual computer owner has complete control over the machine. This would effectively stop the hijacking of third-party computers to launch attacks. Analysts say that this goal may be facilitated by the recent liberalization of U.S. export rules on security hardware and software, which could bring computers around the world up to the same level of security that some American computer users enjoy. Regardless, while consumers may be demanding that Web sites practice greater security, and companies may be beefing-up defenses, experts admit that there is little that can be done currently to dissuade a determined hacker from launching an attack due to the structure of the Internet.

CYBER-ATTACK PROBE MAKES PROGRESS: U.S. law enforcement authorities say that progress is being made in tracking down those responsible for the recent denial-of-service attacks on major Internet sites such as Yahoo! and However, officials told a joint hearing of the House and Senate crime subcommittees that FBI analysts were currently analyzing over 630 gigabytes of data, the equivalent of several hundred truckloads of paper. Therefore, the investigation is expected to take a fairly long time. After the attacks, some lawmakers began introducing legislation that would make it easier for authorities to track and prosecute hackers; however, other legislators have said that the onus to protect data and networks should be on the private sector, not the government. (Washington Times, 1 March 2000)

ISPS, TELCOS JOIN FORCES TO FIGHT WEB ATTACKS: Prompted by the recent string of denial-of-service attacks that disabled several popular Web sites, has teamed various ISPs and telecommunications companies together to form a group to prevent future attacks. Known as the Alliance for Internet Security, the group is dedicated to improving Internet security technologies and practices through such means as reconfiguring routers and denying IP-directed broadcasts on perimeter routers. Alliance members are Cable One, Cable & Wireless, Digex, Global Crossing, GlobalCenter, GTE Internetworking, Level 3 Communications, and Sprint Communications. (Computer Reseller News Online, 25 Feb 2000)

Distributed Denial-of-Service Attacks,Contributory Negligence and Downstream Liability

SECURITY EXPERTS, UNIVERSITIES WILL FIGHT ATTACKS: The SANS Institute has joined with four vendors to help secure university networks, which are often used to launch hacker attacks because of the openness of these networks. University systems were exploited in the recent denial-of-service attacks on e-commerce sites including Yahoo! and Amazon, and school networks have also been used to hack into government sites such as the Department of Defense research site, experts say. Hackers often break into one computer and then use a sniffer to learn other passwords on the network, says Steve Acheson of the SANS Institute. Investigations into the recent denial-of-service attacks show a potential link to the WU-FTP file-sharing program used by many universities. The SANS Institute, along with RSA Security, SSH Communications Security, MIT, and Mindbright Technologies will offer free encryption software to U.S. universities that will offer secure logins to all students, faculty, and staff members. The initiative will provide stronger authentication for passwords with SSH's Secure Shell login program, which prevents identity spoofing by verifying users at both ends of a connection. (InternetWeek Online, 24 Feb 2000)

McAfee's virus warning system distributed the following message today via email to its subscribers.

(((((((((((((((((( Dispatch )))))))))))))))))))))

*************Information Dispatch - W32/Trinoo*************

Dear Dispatch Subscriber:

W32/Trinoo is a 32-bit Intel-based version of a Denial of Service (DDoS) attack program previously published as source code. AVERT has assigned it a LOW risk assessment. However, new infections are being reported, and AVERT is watching it closely.

W32/Trinoo arrives as an email trojan attachment. When run, it will install itself on the host system, and it will run as a service at the next Windows startup. It will then listen for commands on a pre-designated UDP port.

This trojan does not present a serious risk to individual users at this time, and no alert is being posted. However, AVERT and want to make our users aware that this trojan is out there, and that it is, in principle, capable of launching a Denial of Service attack from an infected machine.

From The SANS Weekly Security News Overview

SANS/GIAC FLASH! James Madison University has found 160 Windows98 computers infected with the trinoo distributed denial of service Trojan. The news here is that the infection has spread to personal computers. The vast number of PCs connected to the Internet, now able to be used in DDoS attacks, raises the threat level substantially. Please take time today to review the Consensus Roadmap For Defeating Distributed Denial Of Service Attacks at It's a solid call to action, laying out the specific problems and providing prescriptions for solving them. Two of the recommendations need to be implemented immediately. The Roadmap was unveiled on Tuesday at the Partnership for Critical Infrastructure Security meeting with the Secretary of Commerce and three Members of Congress and about 120 corporations in attendance. The Roadmap was created cooperatively by CERT and SANS with the help of a group of distinguished security experts including Bill Cheswick, Dr. Eugene Spafford, Stephen Northcutt, Dave Dittrich, Mudge, Randy Marchany, Eric Cole, and several others. Now it needs your help in identifying effective methods of monitoring and measuring progress in implementing the Roadmap, and even more important, your experience in the implementation process, including tools that you found made it easier and challenges you had to overcome. Email

HACKERS' WEB WEAPONS TEST-FIRED ON CHAT SITES: Internet Relay Chat (IRC) networks, the Web equivalent of CB radio, are subnets that are comprised of dozens of servers worldwide, allowing for the discussion of an enormous range of topics in real time. However, because log-ins can be conducted anonymously, some of these networks have become the domain of hackers, who trade information, pirated software, attack programs, and brag about their exploits. IRC networks also become victims of attacks that are tested on them first, and then used on more mainstream Web sites. The denial-of-service attacks that hit sites such as Yahoo! several weeks ago were tested on IRC sites long ago. Although investigators are patrolling the IRC to try to gather information about those attacks, the networks are still hit daily with similar attacks. This has led many universities, which used to host IRC services on their computers, to drop the services, leaving the private sector to take up the slack. The constant barrage of attacks on IRC sites has caused eight companies to leave the industry in the last year, and now less than 40 companies provide IRC networks. (Washington Post, 19 Feb 2000)

"Holes in the Net" Newsweek (02/21/00) Vol. 135, No. 8, P. 46; (Sandberg, Jared; Hayden, Thomas): Computer security experts say the denial-of-service attacks launched last week against several major commercial Web sites were elementary, and that true hacking pros could cause much worse damage. Experts contend the real problem is the inherent insecurity of the Web, which was originally designed for a small group of trusted users to share information. High-tech firms admit that they are unable to write software that does not contain bugs, which are used by hackers to break into Web sites and filch personal data. In last week's attacks, hackers exploited well-known bugs that allow unauthorized users to write commands. Bugs can also be used for identity theft, which is much more serious than denial-of-service attacks. Thieves who commandeer bank and credit accounts can wreak havoc on victims' lives, and the resulting damages can take years to undo. This problem is compounded by the fact that many financial-service firms demand that users display their Social Security numbers to get onto their Web Sites, meaning that a smart hacker could "sniff out" this information. Computer security professionals say with all the new nightmare scenarios that are proliferating, there is a serious dearth of skilled computer experts who can help protect the Internet from predators. More students graduated from college with computer-science degrees 12 years ago than today. This often leaves the security of the Internet in the hands of Web site administrators and ISPs, who must keep up to date with the latest antivirus and security products. However, many administrators do not do this, either out of a lack of knowledge or because they do not want to spend the time and money required. Experts say such negligence is a major part of many recent security incidents, as the technology to guard against most of these attacks is on the market.

"New Hacker Software Could Spread by Email" CNet (02/23/00); (Borland, John): An anonymous hacker group has posted a new version of software called Trinoo, which is believed to have launched the recent denial-of-service attacks on major e-commerce sites such as Yahoo! and Amazon. The new version of Trinoo makes it easier for hackers to commandeer computers to send the attack data to targets. With the new version, hackers can infect a broader range of desktops with harmless-looking email attachments. Computers with DSL or cable modem connections are especially at risk, experts say. "(The previous attacks) took someone who knew what they were doing," says Trend Micro's David Perry. "This turns it into a kid-on-the-street problem." Antivirus firms are now working on tools to eliminate the new Trinoo software. Meanwhile, the FBI has pursued several leads in the attacks, but has not yet reported any significant breakthroughs.

"Attacks to Benefit IT Consulting, Web-Hosting Companies" TechWeb (02/17/00); (Mosquera, Mary): The denial-of-service attacks on top e-commerce sites last week could boost Internet consulting, Web hosting, and security services as businesses look to outsource more IT functions, according to Monument Internet Fund, the leading Internet fund for 1999. Companies are likely to pay more attention to security as a result of the attacks, which drew the attention of regulators and legislators, says Monument's Alexander Cheung. Security tools that can stop many types of online attack are widely available, and companies will now begin spending more on this technology. In addition, Investors are likely to focus more on the security measures a company takes, Cheung says. Many people working with businesses that are moving online have little knowledge of the Internet, so companies will turn to Web hosting and consulting firms such as USWeb and Proxicom, as well as security firms such as Entrust and VeriSign, says Monument's Michael Gallipo.

"Data Shows Web Sites Swiftly Bounced Back From Hacker Attacks" Wall Street Journal (02/17/00) P. B8: Figures compiled recently by the Internet-research firm Media Metrix indicate last week's sabotage of several major Web sites has not significantly altered the surfing habits of Internet users. Media Metrix found traffic at Yahoo! the day after the site's shutdown was up 9 percent from the same day a week earlier, and up 6 percent two days following the attacks. Media Metrix found similar figures for other online businesses disabled by the hackers. However, a poll released Monday by PC Data Online shows that despite the absence of changes in Web traffic patterns, the sabotage has raised concern among Internet users over the security of online transactions and damaged consumer confidence in electronic communications.

McAfee's virus warning system distributed the following message today via email to its subscribers.

(((((((((((((((((( Dispatch )))))))))))))))))))))

__________________INFORMATION DISPATCH______________________

[This message is brought to you as a subscriber to the Dispatch. To unsubscribe, please follow the instructions at the bottom of the page.]

**** Information Dispatch - "Denial of Service" Attacks ****

Dear Dispatch Subscriber:

There's been some confusion about the recent "Denial of Service" attacks on a number of major commercial Web sites.

The first thing to realize is that attacks of this kind are very unlikely to pose any threat to the average user, though they may be quite inconvenient.

Here's a rough outline of how these attacks work:

1. A hacker breaks into someone else's computer, and places a special program (called a "Zombie") on that computer.

2. The hacker activates the Zombie program, which begins sending data to the computers of one or more major Web sites. These "packets" of data mimic the signals sent by a legitimate user requesting information from the Web site.

3. The Zombie program sends out so many data packets so quickly that the Web site servers are overloaded, and are unable to respond to requests from legitimate users.

At no time during this kind of attack does the hacker actually break into the data stored on the Web site's computers. Therefore, there is very little danger that any personal users' information is at risk of being stolen.

The reason the hacker breaks into a third party's computer in step (1) is to use it as a launching pad for their attack. If not for the fear of getting caught, they could just as well launch their attack from their own computer. The Zombie program, by itself, does no damage to its host computer.

The only danger to an individual PC user in this sort of attack is that they may be used in this way (although Zombie programs typically target Unix or Linux systems). This is a danger primarily for PCs that have "always-on" Internet connections, such as DSL or cable modems. The simplest preventive measure in this case is to turn off the computer when not in use. This will vastly reduce the opportunities for a hacker to break into a PC and use it to launch a Zombie attack.

Chinese Site Suffers Attack ( By REUTERS:, a top Chinese Internet portal, suffered a hacker attack around the same time several popular American Web sites were crippled by online raids, a executive said.

Dave Dittrich's internet security page.

Internet Executives Are Reassured After White House Meeting

Chat Systems Yield Clues in Web Attacks by Hackers

LEADS NARROW LIST OF SUSPECTS IN WEB ATTACKS Computer security experts have located several of the systems used in last week's cyberattacks on major e-commerce sites, finding evidence that implicates at least two hackers. Investigators are focusing on the two suspects, known only by their hacker names at this point, as a result of information obtained from network traffic analysis, computer-security logs, and monitoring of hackers on Internet Relay Chat (IRC). The individual suspected in the Yahoo! attack was especially skilled, experts say. The suspect, who recently stopped using IRC, is believed to live in the U.S. A second, less-sophisticated hacker, who experts believe lives in Canada and uses the online name "mafiaboy," is being monitored as a potential copycat. Investigators have determined that computers at a number of California universities, including Stanford, the University of California at Santa Barbara, and the University of California at Los Angeles were used in the attacks. School officials say their systems were hijacked and used to launch the data that bombarded target sites. (Wall Street Journal, 14 Feb 2000)

"In Wake of Hacks, Banks Called Relatively Safe" American Banker (02/14/00) P. 7; (Weitzman, Jennifer): Last week's "denial of service" attacks on several major commercial Web sites did not affect any online banking operations, according to Keynote Systems, an Internet performance monitor. In fact, technology security experts say that online banks and brokers came out of last week's attacks better than any other sites, mainly because they have better security processing and more sophisticated security software, such as "intrusion-detection" technology. Experts say that banks are also somewhat insulated against denial of service attacks because service interruptions are very common in the industry, even before the advent of online banking. However, banks are still tempting targets for hackers due to their nature, and security professionals warn that banks may be in danger if they have too many links to other Web sites. Therefore, banks need to be very certain that those connecting sites practice good security, such as implementing solid firewalls and creating and enforcing strict security policies and procedures.

HACKER TARGETS CREDIT CARDS A hacker broke into the Web server of RealNames last week and tried to steal the credit card information and other data of 15,000 customers. The attack differed from the denial of service attacks launched last week because the hacker did not shut down RealNames' site, but instead seized a Web server, using it to steal information from other computers. RealNames, which sells users a simple keyword or phrase to use in lieu of long Internet addresses, has alerted its customers and the FBI to the incident, although it says that it is not yet sure whether any credit card information was stolen. Security experts say that the incident is an anomaly only because RealNames was so open in discussing it; a recent FBI report says that 62 percent of Fortune 500 companies experienced computer breaches within the last year, but only a fraction make the incidents public, for fear of scaring off customers and investors. (, 12 Feb 2000)

CLINTON TO HOLD INTERNET SECURITY SUMMIT: President Clinton will hold an Internet-security meeting next Tuesday with some of the major players in the industry to address the recent attacks on some of the world's biggest Web sites. Companies such as Yahoo!, eBay, America Online, and Microsoft are said to have been invited to the summit, where they will meet with President Clinton, Attorney General Janet Reno, Commerce Secretary William Daley, and National Security Adviser Samuel R. Berger. The National Security Council is in charge of the hastily organized meeting, leading analysts to speculate that the government considers the recent attacks as bona-fide security risks, not just economic disruption. The meeting is expected to discuss whether the government should take a greater role in regulating the Internet, as well as self-policing initiatives for Internet firms. (Wall Street Journal, 11 Feb 2000)

NY Times (and others) coverage of the recent e-commerce attacks:
Yahoo Attributes a Lengthy Service Failure to an Attack
Several Web Sites Are Attacked on Day After Assault Shut Yahoo
Reno promises federal battle against cyber-vandals
Spread of Attacks on Web Sites Is Slowing Traffic on the Internet
Companies Won't Say if They Were Insured for Net Attacks
Big Sites Should Have Been Ready (and how to Avoid their Mistakes)
Are you Next? How to Protect Your Site from Denial of Service Attacks
Web Under Attack!
ZDNet Tech Poll Results
Evidence Suggests Web Attacks Were Work of More Than One Group

| | | |

| Go to UM-St. Louis Home Page | College of Business Page | IS Home Page |

Page Owner: Professor Sauter (

© Vicki L. Sauter. All rights Reserved.