Are major internet companies covering up y2k related equipment failures with false claims of hack attacks

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Are major internet companies covering up y2k related equipment failures with false claims of hack attacks

They certainly have the motive: tremendous financial stakes.

Before you dismiss this, as the ravings of a paranoid conspiracy theorist (I merely distrust corporate flacks who are paid large sums to lie to the public), consider the following item that was posted on a previous thread.

Also take a look at the numerous post CDC software/hardware problems that Cisco Systems, which provides most of the infrastructure for the internet, is having and see if you don't see some serious questions that need to be answered.

Some serious comment from technical experts on the following earlier post would be most useful:

I am beginning to suspect that the date-time stamp embedded in packets within the MAC layer of the tcp/ip stack have gone to negative numbers as a result of the CDC (century date change) and some of the routers and switches are having serious problems in reconciling packet reconstruction. This means that the recieving end routers of the tcpip stream (i.e. the 'hacked' sites) are not able to reconstruct the packet stream suffienctly enough to avoid triggering an error condition. This is predictable anamolous behavior (and may have been noted on the Cisco site field notations) if the date-time stamp algorithm were to deal with a year of '00'. This problem will also trigger security alarms and could be easily mistaken for an attack of the *denial of service* kind. Persons on site could use a packet sniffer to retrieve MAC layer address headers and determine if the most significant bit of the date-time stamp was - 1. If I am correct, then no hackers will take credit for what will become a daily increasing amount of 'hack' attacks. At some point it would be expected to level off at a near critical level for the internet. I would expect that this point would be reached when 24% of routers are involved. Note that this is a wild ass guess as there are many kinds of equipment and expected reponses within the class of routers. Some could be expected to just ignore the negative number. These, though, should exhibt garbaged messages as they could be expected to be reassembled in properly. Also should note that many cell phone tower packet handlers use the same algorithm.

-- pliney the younger (pliney@puget.sound.rain.light.chilly), February 09, 2000.

Here's the link to the thread on which the post above appeared.

http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002Wbr

Link to Cisco problems story:

http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002WEk

Link to Yahoo Story raising question about actual cause.

http://hv.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=002W9o

-- Carl Jenkins (Somewherepress@aol.com), February 09, 2000

Answers

Carl:

Every one of these incidents took place on weekday during normal business hours, even though all the sites are 24/7 operations. What do you suppose the chances are that all of these systems would only fail under these circumstances? It's a real attack and is potentially much more serious for the future of e-business than any Y2K problems.

-- Jim Cooke (JCooke@yahoo.com), February 09, 2000.


But why would all these web sites have this problem at the same time?

-- MrsPeal (...@...com), February 09, 2000.

Mr. Cooke: Why are hack attacks more serious than any Y2K problem?

MrsPeal

-- MrsPeal (...@...com), February 09, 2000.


The attacks did not all necessarily happen at the exact same time, and they appear to be directed at larger internet entities such as Yahoo, EBay, Amazon, etc.

-- CJS (cjs@noemail.com), February 09, 2000.

It would have made sense if this was immediately after Rollover if it was a date stamp problem...but it could be something subtle akin to, but not exactly the Crouch Echlin effect.

Look, my Gateway P II 450MHz was on during the Roll, no problems until yesterday when it powered up with the time EXACTLY one hour off (early). Y2K related???I don't think so but with CISCO having these problems, I can't rule it out.

-- K. Stevens (kstevens@ Did it ALL go away last month??.com), February 09, 2000.



It's not any kind of internal error. We've seen this at my current company and my previous company. It actually happens several times per year to some major corporation or another, I just think it got more publicity this time because the victims were ebay and yahoo, and several other very public-visible companies.

-- Bemused (and_amazed@you.people), February 09, 2000.

Mrs Peal:

Imagine you want to go to a store to buy something. When you arrive the store is closed because....I don't know, a pipe burst. Would you wait for that store to reopen to buy or go on to another store? Now imagine it's a whole shopping center that's closed. Same question. You'd probably go find another shopping center rather than waiting for the closed center to reopen.

If the buying public can't access web sites when they need them or don't have confidence in the security of the site then e-business will suffer a massive setback. Y2K problems, while annoying, can be fixed. A loss of public confidence takes a lot longer to cure.

-- Jim Cooke (JJCooke@yahoo.com), February 09, 2000.


Perhaps this is a date problem. All these mega web sites are having problems on the same amount of days from rollover/Jan.1 2000. Is it possible that these mega web sites were sold the same computer systems by Cisco? The large size of these internet companies does seem to be what they all have in common. Hence, all these concurrent problems...

Lucy

-- Lucy (windsng@123.com), February 09, 2000.


Perhaps this is a date problem. All these mega web sites are having problems on the same amount of days from rollover/Jan.1 2000. Is it possible that these mega web sites were sold the same computer systems by Cisco? The large size of these internet companies does seem to be what they all have in common. Hence, all these concurrent problems...

Lucy

-- Lucy (windsng@123.com), February 09, 2000.


Link explaining how and with links to the history of hacking.

-- Kyle (fordtbonly@aol.com), February 09, 2000.


Jim, concerning your statement that:

"Every one of these incidents took place on weekday during normal business hours, even though all the sites are 24/7 operations. What do you suppose the chances are that all of these systems would only fail under these circumstances? It's a real attack and is potentially much more serious for the future of e-business than any Y2K problems."

There are no "normal business hours for the internet. As you yourself pointed out, the internet is a 24/7 operation. And I wonder, did you bother to read the other posts from Cisco and Yahoo prior to reaching your conclusion?

It may be that these are hack attacks. However, Yahoo, et al, have a huge financial stake in this and I for one would not trust their press releases or the corp of alleged experts they are parading for the media to present a true picture of the situation.

-- Carl Jenkins (Somewherepress@aol.com), February 09, 2000.


I am only "guessing," but I suspect that the sites mentioned are busiest during "normal business hours" and thus more apt to receive a large number of defective packets. Systems are designed with varying degrees of robustness in accepting errors. Beyond some point, enough errors can crash a system. Perhaps the lower activity is why the systems have not crashed in the wee hours of the morning.

Please, no flames...these are just off-the-cuff ideas.

-- No Polly (nopolly@hotmail.com), February 09, 2000.


What seems wierd to me is the grouping of each category of breakdowns. First a severe shortage of diesel in the Northeast, then several large water mains burst, then several pipelines burst, then numerous problems with tail sections of a particular model of jet airplane, then several internet sites are hacked within a 2 day period. There was a discussion that the buffer for the embedded systems would overflow causing wierd results either wrong data, erroroneous reports or shutdown. Is this happening and is being covered up? This could be the Bruce Beach effect, the overflowed buffer effect, the Jo Ann effect, or any of several other analmous unanticipated impacts that may surface without warning. What will be next? Power plant failures have been rare to date. Will we have numerous reports of power plants shutting down for various unexplained reasons? Will telephones suddenly start having problems? I personally think that the embedded systems problem is a h_ll of a lot bigger problem that is aknowledged by the gobment and the experts. I am not an expert, only an observer.

-- Moe (Moe@3stooges.gom), February 09, 2000.

Time for the unexciting technical bit:

IP packets (or more correctly the IP packet header) do not really carry a "timestamp" as such. They do have an 8-bit "time to live" field, but in practice this is used as a "hop counter" rather than a "stopwatch", with each router decrementing the count by 1, and expired packets being destroyed (to prevent old packets from travelling endlessly and clogging up the system). The date is not included anywhere in the IP packet header. TCP counts IP packets in transit and counts time in seconds / milliseconds: it doesn't concern itself with the date. Neither, as far as I remember, is date and time mentioned in ethernet frame headers.

So I suppose that means the short answer is "no".

More on IP packets available here , and a quick summary of all network knowledge here.

-- randomdigits (r@r.r), February 10, 2000.


I am *not* a techie. I tend to look more at the psychological/personal side of an issue. So I can't speak to overflowing buffers and defective packets. That said, almost every major (and minor, for that matter) hacker attack I've seen, encountered, or read about in the past has come with a claim of responsibility. Rather like the IRA acknowledging that yes, the car bomb was ours and for such-and-such a reason. Has anyone claimed responsibility for these latest mega- attacks? I've not heard of any, and that makes me wonder  a lot. The answers could include embedded/router problems, I suppose. My own company had a major problem with a Cisco router just before CDC. Or it could be an attack by a, shall we say, highly organized offshore political entity that might have reason to want to prove to the US government that it has a certain capability. Or any of half a dozen other scenarios my fevered brain can imagine. Does any of this make sense, or has there been that public claim of responsibility by the previously unknown Black Death to E-Commerce Revolutionary Peoples Party?

-- Cash (cash@andcarry.com), February 10, 2000.


Mrs. Peal, Loved you on the Avengers! Keep up the good work.

-- Shoo (flyonthewalls@yahoo.com), February 10, 2000.

YES!!!

-- ImSo (lame@prepped.com), February 10, 2000.

From the Electronic Telegraph (via free subscription):

ET hacking article

Hackers cripple web sites with 'junk' messages By Mark Ward and Simon Davis

HACKERS are continuing to play havoc with some of the most popular web sites on the internet using an attack that turns the computer network on itself.

On Monday, the online directory Yahoo! was out of action for three hours as hackers flooded the site with bogus requests for data. On Tuesday popular sites such as Amazon, CNN, eBay and Buy.com were all hit by the same kind of attack. Buy.com was targeted on the day that its stock first went on offer on the US stock market.

Unlike other "hacks" these incidents do not lead to attackers gaining access or entry into the targeted computers. The hackers put the web sites off line using a "denial of service" attack. This bombards a web site with more requests for information than it can cope with, effectively cutting off access for anyone else. The tactic used is similar to telephone lines being tied up by too many calls.

The hackers' motive appears to be little more than to frustrate web users and to embarrass some of the biggest names on the internet. At Amazon.com, the world's leading e-commerce site, its spokesman, Bill Curry, said: "A large amount of junk traffic was directed to our site, resulting in degraded service for an hour."

No one has come forward to claim responsibility for the attacks but the FBI's National Infrastructure Protection Centre has traced hits to powerful computers in Boston, New York and Chicago. Tracing the hackers could be difficult because of the huge numbers of machines drafted into the attacks. Paul Cronin, a consultant at computer security firm CenturyCom, said: "You can be attacked from anywhere on the internet at any given time."

The software to mount these attacks has existed for years but they have become more popular with hackers lately because a way has been found to launch the attacks from lots of computers instead of just one. The attack on Yahoo! was launched by 50 computers.

Hackers have developed programs with names such as Trinoo, Tribe Flood Network and Stacheldraht (German for barbed wire) to find vulnerable computers on the internet and then use those to launch an attack.

-- Old Git (anon@spamproblems.com), February 10, 2000.


The attacks were made using one of the simplest methods available and they take advantage of carelessness on the part of the targets. At least two of the attacks were timed to coincide with major events for the hosts. They were at worst only briefly disruptive and (Ms. Reno's comments notwithstanding) are essentially untraceable.

Sounds both trivial and very effective to me: low cost, high visibility, maximum annoyance with minimal real damage, and difficult-to-impossible to track.

Whoever staged this wasn't really showing off technically, nor did they intend serious damage; it's far too easy to reconfigure your routers to fend off a DoS attack. If someone really wanted to crack one of those sites, there are far nastier weapons available.

-- DeeEmBee (macbeth1@pacbell.net), February 10, 2000.


The news this am said that the businesses themselves weren't hacked. Rather, there were many personal computers hacked, and programed to send email messages, or orders, to the companies. So Amazon, for instance, while not being hacked, was simply overwhelmed with orders.

I'm no techie, so I may not have gotten this quite right. Anyone who understands these things better than I care to comment?

-- jumpoff joe a.k.a. Al K. Lloyd (jumpoff@ekoweb.net), February 10, 2000.


Just a thought, does anyone think this could possibly be a wake up call from some cyber patriot to the big boys in light of the information in the article a few threads up from the book by the PLA?

Just a thought.....

-- Laurie in Idaho (laurelayn@yahoo.net), February 10, 2000.


Moderation questions? read the FAQ