Hackers attack major web sites

While the attacks succeeded in attracting attention, no one person or organization claimed responsibility. As of late Tuesday, it was unclear who the hackers were, whether the companies were targeted by the same hackers or why the attacks were staged.

The back-to-back assaults now have Internet companies wondering who could be the next victim. And law-enforcement agencies, as well as myriad groups that monitor the Internet and the targeted companies themselves have begun trying to track down the source of the stealth attacks.

Debbie Weierman, a spokeswoman for the Federal Bureau of Investigation, said the bureau8217;s computer-intrusion squad in San Francisco is talking to Yahoo but hasn8217;t opened a formal criminal investigation. quot;Everything is in the early stages,quot; she said.

Regardless of the outcome, the success of the attacks highlights the vulnerability of all companies that rely on the Internet. Even the most sophisticated security controls can8217;t easily detect and deter an attack that relies on the simple action of requesting a Web page 8212; albeit repeated thousands of times a second.

Buy.com, the Internet8217;s No. 2 retailer of general merchandise behind Amazon, was hit a few hours after its shares began publicly trading for the first time.

quot;We were hit with a coordinated denial-of-service attack that appears to be very similar to what happened to Yahoo,quot; said Chief Executive Gregory J. Hawkins said. quot;It is like a revolving door spinning. A few people could get in and shop, but the majority of traffic was blocked by this attack.quot;

The timing of the attack, on the day of Buy.com8217;s initial public offering, underscored the risks even Internet investors face. In its Securities and Exchange Commission registration filings, Buy.com8217;s listing of risk factors included a caution that: quot;System failures could prevent access to our online store and harm our business 8230; and cause customer dissatisfaction or damage our reputation.quot;

Hawkins said the Aliso Viejo, Calif., company is researching the problem and has no idea who was responsible for the attack. The Buy.com Web site was back up and running by late yesterday after its Web-hosting service provider, Exodus Communications Inc., installed filters similar to those Yahoo used to end its attack the day before.

Amazon late last night said that it experienced a similar attack. quot;Today, like several other major Internet sites, Amazon.com came under a denial-of-service attack,quot; Bill Curry, a company spokesman, said. quot;A large amount of junk traffic was directed to our site, resulting in degraded service.quot; Mr. Curry said the attack occurred around 8 p.m. Eastern time and service was back to normal within an hour.

A spokesman for eBay, of San Jose, said its Web site went down at about 6 pm EST Tuesday, and was experiencing an attack similar to the others. quot;We are still trying to isolate the problem,quot; spokesman Kevin Pursglove said late last night. quot;Our engineers are still investigating.quot;

Yahoo, meanwhile, scrambled to recover from its attack Monday and said it too was trying to identify the perpetrators and taking measures to prevent a repeat strike. Officials at the Santa Clara, Calif., company said they had begun the arduous process of tracing the requests that jammed its server computers and brought down the service.

Yahoo programmers and engineers began searching for the origins of the requests, backtracking from their servers to the Internet-services provider that sent the original request from an Internet address or Web domain. Yahoo said it will try to follow the request back to the personal computer from which it emanated.

Yahoo said that because it must jump over security measures such as firewalls that protect an Internet-services provider or company, it must seek the cooperation of a number of companies to gain such access. quot;It8217;s too early to tell how long this will take,quot; Yahoo President and Chief Operating Officer Jeff Mallett said.

The attack affected server computers run for Yahoo by GlobalCenter Inc., the Web-hosting unit of international telecommunications carrier Global Crossing Ltd., of Bermuda. Laurie Priddy, executive vice president of systems and applications at GlobalCenter, said it has installed devices called rate limiters that prevent a surge in traffic to servers.

Priddy said that since the attackers appeared to take advantage of software that acts as amplifiers and create hundreds of copies of requests, GlobalCenter is considering activating a simple computer code that will deny such quot;amplifiedquot; requests. quot;Right now, everything is running well,quot; she said.

Yahoo said the attack on its systems created such demand in a short period of time that it was unable to serve all Web pages that were requested. The strike, known as a quot;denial-of-servicequot; attack, isn8217;t new to the Internet.

In December, a group calling itself the electrohippies shut down the Web-server computers of the World Trade Organization. The protesters used what is known as a quot;pinging program,quot; which automatically repeats a request for access to a Web site, thereby slowing traffic. Synchronized with the WTO summit in Seattle, the protesters generated hundreds of thousands of requests within a short period of time. Other government and university Web sites have faced similar-style attacks, which first occurred in 1996 when a hacker bombarded computers run by Public Access Networks Corp., a small New York company, with requests to send information.

Chat Room Speculation

Yahoo officials wouldn8217;t speculate as to why the company was targeted, but users of Yahoo8217;s message board speculated wildly. Some guessed the strike was prompted by day traders interested in driving down Yahoo stock. Others attributed the hit to simple jealousy over the popular portal8217;s success. Messages registered both outrage and glee.

quot;I am currently neither long or short on Yahoo but 8230; I would be pleased to spit in the face of these hackers8217; and see Yahoo gain 10 tomorrow!!!quot; wrote a user identified as quot;travelerzero.quot;

Meanwhile, Buy.com8217;s shares, priced at 13, opened at 30.125 on the Nasdaq, but fell to 25.125 by 4 p.m., after word had spread of Web-site problems. The Web-site sabotage didn8217;t emerge until several hours after trading began in Buy.com8217;s stock. The stock sale came off quot;about as well as you could hope,quot; Mr. Hawkins said. Analysts said they were surprised by the stock8217;s strong showing amid waning investor interest in cyberstores that are racking up huge losses and can8217;t predict when they may become profitable.