How Hackers Bombard Sites and Shut Them Down
This week’s electronic assaults on high-profile Web sites direct attention to a type of attack known to security experts for years.
Called “denial of service,” the attack involves flooding a site with so much traffic that legitimate customers cannot get through. Traffic can be a request to access the home page, or it can be blank--an envelope with nothing inside, yet requiring effort to open.
Some questions and answers about the cyber-attacks:
*
Question: If these attacks have occurred for years, why are they getting attention now?
Answer: Hackers have become more sophisticated and have developed programs that automate such an attack. The programs direct tens or hundreds of computers worldwide to send traffic to a specific site at once. That allows hackers to overwhelm some prominent sites already designed to handle heavy traffic.
*
Q: How can hackers get hundreds of computer administrators to cooperate?
A: They don’t. But some of their automated tools find weaknesses in computer systems to plant the damaging program that will remain dormant until the appointed time of attack. If the hackers route the program through someone else’s computer, it makes them harder to trace.
*
Q: What can sites do to prevent such attacks?
A: Little, according to Mark Zajicek, a team leader of the Computer Emergency Response Team, a security organization at Carnegie Mellon University. He said the focus instead must be on increasing the security in other computers so that they cannot be commanded to launch such attacks. Once a site is targeted, one recourse is to trace the traffic back to the third-party computers and alert their administrators. The process can take hours.
*
Q: Do consumers have any recourse if such attacks disrupt online services they use?
A: Generally, no. Online stock trading firms such as Datek, for instance, have users sign contracts stipulating that the site is not liable for technological disruptions beyond their control.
*
Q: So why can’t sites simply accept traffic only from legitimate customers?
A: Even the process of determining whether traffic is legitimate uses precious computing time. The site’s Internet service provider might be able to stop some traffic from reaching the site, but the traffic comes from various locations and often carries fake return addresses, so it’s hard to sort.
*
Q: Why are these attacks occurring?
A: Atty. Gen. Janet Reno said Wednesday that “they appear to be intended to interfere with and disrupt legitimate electronic commerce.” Investigators have yet to determine whether a single individual or group is behind all the attacks.
*
Q: Are personal data at risk from such attacks?
A: There’s no evidence that hackers gained access to the sites’ internal data. But Randy Sandone of Argus Systems Group in Savoy, Ill., warned that denial-of-service attacks might one day be used as a decoy. While security personnel are busy trying to block traffic, a hacker might try to gain access to sensitive data.
*
MARKET REACTION
Computer security stocks surge. C4
