Internet Worm More Damaging Than Some Thought
The weekend attack on the Internet crippled some sensitive corporate and government systems, including banking operations and 911 centers, far more seriously than some experts thought possible.
The nation’s largest residential mortgage firm, Countrywide Financial Corp., told customers who called Monday that it was still suffering from the attack. Its Web site, where customers usually can make payments and check their loans, was closed with a note about “emergency maintenance.”
Police and fire dispatchers outside Seattle resorted to paper and pencil for hours Saturday after the virus-like attack disrupted operations for the 911 center that serves two suburban police departments and at least 14 fire departments.
American Express Co. confirmed that customers couldn’t reach its Web site to check credit statements and account balances during parts of the weekend. Perhaps most surprising, the attack prevented many customers of Bank of America Corp., one of the largest U.S. banks, and some large Canadian banks from withdrawing money from automated teller machines on Saturday.
President Bush’s No. 2 cyber-security advisor, Howard Schmidt, acknowledged Monday that what he called “collateral damage” stunned even experts who have warned about uncertain effects on the nation’s most important electronic systems from such disruptions.
“One would not have expected a request for bandwidth would have affected the ATM network,” Schmidt said. “This is one of the things we’ve been talking about for a long time, getting a handle on interdependencies and cascading effects.”
The attack, alternately dubbed “slammer” or “sapphire,” began early Saturday morning and sought out vulnerable computers to infect using a known flaw in popular database software from Microsoft Corp. called SQL Server 2000.
The attacking software scanned for victim computers so randomly and so aggressively that it saturated many of the Internet’s largest data pipelines, slowing e-mail and Web surfing globally. South Korea was among the hardest hit.
On Saturday, Rick Miller, a Microsoft spokesman, said administrators were trying to download the crucial software patch that Microsoft had made available to protect vulnerable computers. But Internet congestion prevented them from accessing the patch and prevented consumers from contacting Microsoft over the Internet to unlock the anti-piracy features of its latest products, including the Windows XP and Office XP software packages.
Officials of the companies hardest hit said Monday that they were concerned that people might lose confidence in financial networks. “Their bread and butter is the public being able to get access to their accounts when and where they want them,” said Ron Dick of Computer Sciences Corp., formerly with the FBI’s National Infrastructure Protection Center.
