Links in Computer Attacks Traced

AP Photo

By TED BRIDIS Associated Press Writer

WASHINGTON (AP) - Experts investigating recent attacks against major commercial Web sites say a computer and an Internet device used by vandals as weapons have been traced to two California universities.

The vandals used a desktop computer at the University of California, Santa Barbara, and an Internet router - a device that can amplify data traffic - from Stanford University, officials at both schools acknowledged Friday.

There was no indication that anyone at either university was directly involved, only that their equipment was used. Experts believe dozens of computers nationwide were hacked and had electronic attack software secretly installed.

``They've attacked us in a way that hurts what we do as a university, and hurts all universities,'' said Robert Sugar, chairman of the information technology board in Santa Barbara. The school's computer was believed used in the attack against CNN's Web site Tuesday.

Stanford said one of its routers located at a remote wildlife preserve was used to transmit some of the data aimed against the Web site of auction operator eBay for about 30 minutes before engineers blocked hackers from using it.

``It's really out in the middle of nowhere,'' said Dave Brumley, assistant computer security officer at the university. He said engineers have checked Stanford's other routers to prevent their similar misuse.

Meanwhile, investigators suggested that the vandals in Monday's attack against the Yahoo! Web site - the first to be shut down for hours - may have been far more sophisticated than originally believed.

Ronald Dick, a senior official with the FBI's National Infrastructure Protection Center, said earlier this week that automated hacker tools widely available on the Internet mean that ``a 15-year-old kid could launch these attacks.''

``This is not something that it takes a great deal of sophistication to do,'' Dick said.

But e-mail from engineers for search engine Yahoo! describing the attack in detail said the vandals apparently ``knew about our topology and planned this large-scale attack in advance,'' and that other companies hit this week also were targeted ``where it hurts the most.''

This e-mail, sent as a warning to some Internet providers and obtained by The Associated Press, also described the Yahoo! attackers as ``smart and above your average script-kiddie,'' a derisive term for an unskilled hacker. It said the vandals ``probably know both Unix and networking ... pretty well and learn about site topology to find weak spots.''

An executive at GlobalCenter Inc., which provides Yahoo!'s Internet connection, also said Friday that engineers there were surprised during the attack, which flooded Yahoo! with more data each second than some major Web sites receive under normal conditions in a week.

``About an hour into the initial attack, they were already commenting about what appeared to be some level of sophistication,'' said Laurie Priddy, the company's executive vice president. ``These (vandals) seemed pretty smart who were doing it.''

``Denial of service tools are widely available and do not require great sophistication to use,'' said a federal law enforcement official who requested anonymity. ``But what we've seen already does seem to be a somewhat sophisticated attack.''

At the White House, President Clinton said the Internet offers new opportunities for people ``just mischievous and people who have far darker motives.'' But he also held out hope that America will ``develop better defenses and better defenders.''

``If you go back from the beginning of time, where things of value are stored, people with bad motives will try to get to those things,'' Clinton said. ``Now vast things of values are stored in our computers and transactions of great values occur on the Internet.''

Also Friday, Excite.Com - a popular search engine for the Web - said its site also was targeted earlier this week by attackers. A flood of data disrupted service for about half its customers for about one hour Wednesday night until the attack suddenly ended without warning, spokeswoman Kelly Distefano said.

In these attacks, called ``distributed denials of service,'' hackers secretly install software tools on dozens or hundreds of powerful but insecure computers - usually those of corporations or universities - then remotely direct crippling floods of electronic data at target Web sites.

• 2 Links in Computer Attacks Traced (February 11)
• Links in 2 Computer Attacks Traced (February 11)
• One Link in Computer Attacks Traced (February 11)
• Attacks Alert Public to Web Risks (February 11)
• Public Aware Of Digital Age Risks (February 11)

Full Coverage See a Yahoo! special report on Hackers and Crackers

Related News Stories · Hackers Generate Business Windfall - AP (Feb 12, 2000) · Insurance Can Ease Hacking Pain - Yahoo! News/ZDNet (Feb 12, 2000) · Clinton mobilizes government, corporate forces in fight against hackers - AFP (Feb 12, 2000) · Web Users: Attacks Not Catastrophic - AP (Feb 12, 2000) · Hacker May Have Stolen Passwords - AP (Feb 12, 2000) More In Full Coverage

Related Web Sites · CERT/CC Denial of Service - general overview of attacks in which the goal is to deny the victim(s) access to a particular resource. · ICSA.net - features a special section on Distributed Denial Of Service Attacks, which brought down several major Web sites in February, 2000. · Infrastructure Protection and Computer Intrusion Squad (IPCIS) - responsible for investigating unauthorized intrusions into major computer networks. · A Hacker's Glossary - "phreaking," "spaghetti code," and the hacker's preferred term for a malicious computer vandal -- "cracker." From Discovery Online's Hackers' Hall of Fame. · Attrition - includes the security errata page, which debunks various media information on hacking, and an index of hacked sites. More In Full Coverage

Opinion & Editorials · Hackers part of Web life - Seattle Times (Feb 11, 2000) · Pranksters who cause harm should face penalties - Dallas Morning News (Feb 11, 2000) · Interview: FBI Computer Crime Squad - ECommerce Times (Feb 11, 2000)

Magazine Articles · Where Is the Firewall? - Intellectual Capital (Feb 10, 2000) · Criminal code? - Salon (Feb 9, 2000) · A Private Little Cyberwar - Forbes (Feb 7, 2000)

Audio · "Internet vandals have been responsible for a rash of attacks" - BBC (Feb 11, 2000) · Excite Web Site Confirms Attack - NPR (Feb 10, 2000) More In Full Coverage

Video · Hackers helping to secure ecommerce sites - CNN (Feb 10, 2000) · "Hacking is something financial institutions are afraid of" - BBC (Feb 10, 2000) · FBI press conference on Denial of Service hackers - Channel 2000 (Feb 9, 2000)

Related Full Coverage · Cybercrime and Internet Fraud · Yahoo! UK & Ireland: Website Hack Attacks · Internet Privacy Issues

Yahoo! Categories · Kevin Mitnick · Hacked Websites · Hacking More In Full Coverage