FBI Vows All-Out Effort to Catch Internet Attackers

FBI officials said Wednesday that they are launching the largest computer crimes investigation ever to catch the perpetrators of a series of cyber-attacks that have temporarily crippled some of the world’s most popular Web sites.

The attacks disrupted service for millions of Internet users by temporarily overloading Web sites, starting with Yahoo on Monday, sweeping through others including auction site Ebay on Tuesday, and Wednesday pummeling leading financial sites such as E-Trade and Datek, plus the ZDNet news site.

The aggressive government response, outlined by Atty. Gen. Janet Reno, reflects not only the Internet’s central role to the nation’s economy, but a sense among officials that it is also an increasingly important public communications tool.

Authorities said they have not identified any suspects, and some FBI officials speculated that the crimes could be the work of overseas terrorists “trying to misuse the Internet to the detriment of the United States.”

“This is a wake-up call,” said Commerce Secretary Bill Daley. “It’s obvious from the news of the last few days that [law enforcement] efforts have to be expanded on.”

But underscoring the ease with which such crimes can be committed in the Internet Age, computer security experts said that this massive Internet sabotage may ultimately be traced to a single, gangly teenager typing away on an ordinary PC.

In fact, the federal probe is likely to focus on the murky world of computer hackers, an underground populated mainly by loose bands of adolescent males seeking virtual thrills and peer recognition.

No group has claimed credit for these attacks, but their magnitude has already earned the anonymous perpetrators a permanent place in the computer crime pantheon.

“This is much bigger than the hacking of . . . the White House Web site,” said a hacker using the name Weld Pond, who was one of the original members of a Boston-based hacking group called Lopht.

Nevertheless, he and other hackers expressed a certain amount of disdain for the latest attacks, saying they were impressive for their audacity and magnitude, but required little technological sophistication in an age when hacking tools are as easy to find on the Internet as food recipes.

“The technology is such that it could almost be one person, even a 14-year-old kid,” said Weld, who requested anonymity and now works as a researcher for a computer security firm called Atstake.com. “But it’s probably a small group of people. Typically, a lot of these things are just done for bragging rights.”

At a news conference on Wednesday, Reno pledged a massive mobilization of resources, including cooperative efforts with the U.S. intelligence community and military investigators.

“At this time we are not aware of the motives behind these attacks,” Reno said, “but they appear to be intended to interfere with, and to disrupt, legitimate electronic commerce.”

Reno said the National Infrastructure Protection Center, a section of the FBI, is working closely with agency field offices and specially trained prosecutors around the country. She declined to say whether the agency has any significant leads, but other federal officials privately said the attacks appeared to have been “bounced” through computer networks in New York, Chicago and Dallas.

The attacks appear to be violations of the computer fraud and abuse act, a federal statute that makes it a felony to cause damage to computers. Sentencing guidelines call for a minimum of six months in jail for each count, and a maximum of five years and fines of up to $250,000. Officials said each intrusion could constitute a separate count.

But even with this enormous commitment of resources by law enforcement, many security experts remained skeptical that the individuals behind the attacks will ever be caught, because the hacking technique used is extremely difficult to trace.

The attacks involved a technique known as “distributed denial of service” in which a small army of computers is essentially enlisted against its will to bombard a particular Web site with so many requests for information that the site collapses under the load.

Experts said the attacks probably began with the downloading of a hacking tool that probes university, corporate and government networks for unprotected machines. These machines are then instructed to coordinate the simultaneous bombardment of a targeted site with service requests, thus overwhelming its capacity.

The sheer enormity of the attack means that hundreds and perhaps thousands of computers were involved, experts said.

The strategy takes advantage of hacking programs readily available at numerous Web sites. Such attacks are nearly impossible to prevent and difficult to trace because they come from disparate locations and carry fake return addresses.

Finding the perpetrators would require painstaking research that traces the attacks back through every point of the Internet they crossed. “It’s like a package that was routed through different mailboxes,” Weld Pond said. “You can’t look at the return address and expect it to take you to the original sender.”

Even extensive efforts to retrace the attacks could lead to a series of dead ends if the perpetrators took measures to disguise their work. For that reason, many security experts and law enforcement officials quietly hope that the bragging-rights psychology of hackers--and typical clumsiness--may eventually be the perpetrators’ undoing.

“From a technological standpoint, there’s no reason why they have to get caught,” said Kevin Poulsen, who served five years in prison for hacking crimes in California in the early 1990s but who now works for online security firm SecurityFocus.com. “It depends on to what degree they screwed up.”

But if the people behind the attacks are caught, many believe it will be because of human weaknesses, not technological ones. The hacking underground is fueled by rivalries among groups and individuals seeking the recognition and respect of their peers. The people who took down Yahoo, in other words, are going to face enormous temptation to brag about it, even to their closest allies.

“Whoever did this, even though they didn’t make a public statement, there are a lot of people who know about it,” Poulsen said. “And once the pressure is on, someone is going to sing.”

In fact, the most prominent hacks in recent years have generally been accompanied by attempts to take credit for them. Last year, for instance, dozens of Web sites were defaced--including the FBI’s in May--by groups that then scrawled their monikers across the pages like graffiti artists.

Reno on Wednesday appealed to Congress to approve President Clinton’s request for $37 million in additional funds to help the FBI fight cyber-crime, a request that was part of the administration’s budget earlier this week.

Indeed, this week’s attacks serve as an ironic reminder of how Web sites that often seem to be collecting mounds of information on everyday computer users can be at a total loss when their sites are bombarded by intruders.

Such attacks could become increasingly common, experts suggest, because once hackers write software to invade Web sites in this manner, they post it online where it can be easily downloaded and reused by others.

“People who wrote the original code are probably sophisticated, but people who use it don’t have to be,” said Chris Painter, an assistant U.S. attorney in Los Angeles who has prosecuted a number of hacking crimes.

In contrast to computer viruses that may destroy software or data files, or hackers looking for corporate secrets, these recent attacks did not compromise user or company information.

But the attacks still cause substantial damage to the affected companies--reducing consumer confidence in their services and, in some cases, disrupting critical commercial transactions, such as online stock trading at E-Trade. On Wednesday morning, E-Trade suffered an attack that blocked about 20% of its users from making trades, the company said.

E-commerce companies fear that such attacks are so easy to mount that they will increase in the future.

“A 15-year-old kid could launch these attacks. This is not something that it takes a great deal of sophistication to do,” said Ron Dick, chief of computer investigations for the FBI. “Security in the Internet is a community effort. It is not something that can be done by any one organization, any one federal agency [or] the government itself. It is a partnership between all of us.”

(BEGIN TEXT OF INFOBOX / INFOGRAPHIC)

Hackers Attack

Some hackers sabotage computer networks by gaining administrative access, but the commercial Internet sites hacked this week were crippled by a “denial-of-service attack.” Here is how it works.

*

The hacker breaks into a large number of computers connected to a high-bandwidth network. Corporate or government computers often fit this description.

*

The hacker installs a utility that lies dormant and undetected on the computers.

*

From a remote location, the hacker specifies a target network, such as Yahoo, and activates the planted utility. That triggers a continuous, unmanageable flood of access requests to the target.

*

Six Web sites that have been attacked recently are among the most popular on the Internet:

*--*

Web site Unique Visitors (millions) Yahoo.com 36.4 Amazon.com 15.9 EBay.com 10.4 ZDNet 9.4 Buy.com 4.9 CNN.com 4.5

*--*

*

Sources: Associated Press, Media Metrix

*

Staff writers Robert L. Jackson and Walter Hamilton contributed to this report.