Amazon added to major websites having problems

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Now Yahoo, eBay and Buy.com may all have been brought down by cyber attacks..it is possible. However, I offer this as food for thought. Wouldn't a great way to cover up problems(dare I say y2k)with servers/routing equipment be to just announce a big hack attack. Everybody buys it hook line and sinker.

Think critically whenever PR people for big companies speak. Equipment failures bring PR nightmares, litigation and stockholder and market wrath. Cyber attacks bring sympathy.... And I'm apparently not the only one who has recognized this. Here's a quote from the story below(almost at the end, of course):

"Wall Street analysts have shown more tolerance for companies which are hit by outside hackers than those whose own systems have failed or whose data has been corrupted. Yahoo stock was up despite the raids, gaining $19.125 to stand at $373.125, in a day of strong trading in Internet issues. "

Hackers on the Attack, Hitting Top Sites By Dick Satran

SAN FRANCISCO (Reuters) - Hackers pulled off a series of brazen attacks on major Web sites on Tuesday, leading to shutdowns at Buy.com Inc. (NasdaqNM:BUYX - news) and eBay Inc. (NasdaqNM:EBAY - news) after a similar assault hit Yahoo! Inc. (NasdaqNM:YHOO - news) the day before.

The attacks followed the same pattern, with a massive flow of automated Internet messages landing on the sites and swamping them with millions of messages, effectively blocking them to routine traffic. Other sites, too, appeared to be operating slowly, suggesting even more might have been targeted.

Late on Tuesday, online retailing giant Amazon.com Inc. (NasdaqNM:AMZN - news) also appeared to have fallen victim to an attack, according to Internet monitoring firm Keynote Systems Inc. (NasdaqNM:KEYN - news).

Keynote, which tracks Web sites' speed and reliability, said it noted a sharp drop in Amazon's ability to let customers into its store and minutes later was able to enter only about 1.5 percent of the times it tried.

``Its inaccessibility looks very similar to what we saw with Yahoo and eBay and Buy.com,'' a Keynote spokeswoman said, adding that the exact cause of the failure was still unclear.

Amazon's site appeared to be back up and running normally about an hour later. Amazon officials were not available for comment.

The Federal Bureau of Investigation in San Francisco met on Tuesday with Yahoo, the first to be hit. The government has bolstered its efforts to track down electronic crime on the Internet since e-commerce has turned into a serious driver of the economy over the past two years.

``We are in a dialogue with Yahoo,'' a spokeswoman for the agency said. ``I can't comment further right now.'' The FBI had no immediate comment on the eBay and Buy.com situation.

The rapid succession of disruptions on a massive scale suggests that the same group was behind all of the attacks, said chief technology officer Elias Levy, of Securityfocus.com, computer security information service.

``It would be very difficult to assemble this level of attack so quickly if it were a copycat,'' said Levy. ``That doesn't mean it couldn't happen. But to generate this level of traffic requires a lot of machines working together.''

By repeating the attacks, the perpetrators are raising the possibility that they will be apprehended, he said, but because their attacks can be directed from anywhere on the globe they could be difficult to find.

The incidents have relied mostly on brute force, not obscure technology, to do damage. The hackers are simply inundating the commercial Web sites with so much traffic they can no longer operate. Yahoo's site was pounded with one gigabit, or one million bits of information, per second, or about what some sites handle in an entire week, at the height of Monday's attack.

The data was sent from ``zombie'' machines taken over by a single person or group of people from a remote location.

``The problem is to find the command center that's controlling all of the machines,' said Christopher Klaus, chief technology officer of Internet Security Systems Inc. (NasdaqNM:ISSX - news). ''This is a nontrivial problem.''

The hackers avoid detection by jumping from one computer network to another to cover their tracks, and by immediately erasing any data that might identify them.

Yahoo, the biggest stand-alone Web site and the first to be hit, was almost completely shut down for over two hours on Monday, although the company said it expects no financial impact from the incident.

``From a financial standpoint, there isn't any impact,'' said a Yahoo spokeswoman.

Yahoo, which generates much of its revenue through advertising, was able to reschedule ad spots. But since an estimated 100 million pages would have been viewed during the two hours the site was down, the company could potentially have lost as much as $500,000, analysts said.

Yahoo said the attack on its site has been narrowed to 50 Internet addresses, though computer security experts said that even with that number, it would take time to track any hacker or hackers with enough skill to have shut down Internet giant Yahoo.

The attack is called a distributed denial of service attack, which is a concerted move to inundate a Web site from many points. Since computer programs are used, a single person could have launched the attack, even though it appears to be coming from many directions.

``The FBI may be able to do some back-tracking and coordination to find out who did this,'' said Scott Gordon, director of intrusion protection at Axent Technologies Inc. (NasdaqNM:AXNT - news), of Rockville, Md. But investigators need to go behind the target computers to find the command center that directed the attack and, ``we're not going to get an answer in the very near future,'' Gordon said.

Buy.com became the second major site hit, as its operations were shut on what should have been a big day for the Internet shopping service, which completed a successful initial public stock offering on Wall Street and saw its stock nearly double in price from the $13 offer price. It closed at $25.125. EBay also reported in late afternoon that it had been hit by ``a coordinated denial of service attack.''

Wall Street analysts have shown more tolerance for companies which are hit by outside hackers than those whose own systems have failed or whose data has been corrupted. Yahoo stock was up despite the raids, gaining $19.125 to stand at $373.125, in a day of strong trading in Internet issues.

But despite Wall Street's willingness to shrug off the shutdowns, security experts warned that the industry needs to deal with the issue or it will continue to disrupt the emerging e-commerce economy.

``This should remind us that the Internet is fairly new and fragile,'' said Securityfocus.com's Levy. ``E-commerce is growing faster than the building blocks underneath the Internet, and we have to go back and take a look at them.''

Link:

http://dailynews.yahoo.com/h/nm/20000208/ts/tech_hackers_2.html



-- Carl Jenkins (Somewherepress@aol.com), February 08, 2000

Answers

I responded with the following to a similar post below. Comments? ===========================================================

Good point about the DoS being a distraction from the real cause, such as router failures. The NSA also went down for 3 days due to router problems. But hackers have been boasting that they can bring down the Internet at any time. They have been practicing and refining their skills. Soon they may be able to hold the Internet hostage.

China has also boasted that it can degrade our info infrastructure and has developed info-warrier armies. What is about to happen that could justify a sudden, concerted attack on major Internet sites?

-- Ceemeister (ceemeister@hotmail.com), February 08, 2000.


Also see Carl's earlier Y2K related (finally, something not off- topic!) report about known problems with Cisco routers. Of course, Cisco is almost a complete monopoly, and the Justice Department ignores that. Cisco even boasts that their equipment runs virtually the entire Internet.

http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002WEk

-- Ceemeister (ceemeister@hotmail.com), February 08, 2000.


Oh, jeez - I got about 6 different credit card numbers stored in AMAZON's files.

-- Sheri (wncy2k@nccn.net), February 09, 2000.

Moderation questions? read the FAQ