The FBI says it is investigating the string of attacks that knocked out several e-commerce and news Websites in the past few days, but warns the investigation may take time as law enforcement agents gather high-tech evidence.
Over the past two days, the Websites of Yahoo, Buy.com, CNN.com, ZDNet, ETrade Group and eBay have been victimised by massive network-based denial-of-service attacks that made these sites unavailable to legitimate users for about three hours at a stretch. By carefully filtering out Website traffic, the ISPs (Internet service providers) in each case managed to bring these sites back into normal use.
The FBI, which has begun working with the victims to nab the perpetrators, claims the scale of the attacks is unprecedented.
"With the kinds of victims and the sequence of events, this makes it the most we have ever seen," said Ron Dick, chief of the computer investigations and operation section at the National Infrastructure Protection Center, which is housed at the FBI here.
The FBI, which is in close contact with all the victims, as yet has no motive or suspects in the series of attacks that appear to rely on the newer type of denial-of-service tools such as Trin00 or Tribal Flood Network.
Posted out on hacker Websites for easy download, these tools work by allowing a single attacker to launch multiple SYN floods, pings or other network disruptions by coordinating the attack through hundreds of compromised machines. For the attacker, the trick is to secretly install the denial-of-service attack code on multiple servers. Then at his own desktop, the attacker can remotely command these multiple, compromised machines to attack the target.
The distributed denial-of-service attack code out on the Internet is so simple "a fifteen-year-old could use it", Dick says.
The successful shootdowns of Yahoo and other high-profile targets have evoked a vow from US Attorney General Janet Reno to track down the criminals.
"We're not aware of the motives behind these attacks, but they appear to disrupt legitimate e-commerce," said Reno at a press briefing here yesterday. She said specially trained field prosecutors are working with the companies that were the victims.