 |
|
 | technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
Consulting firm says its server was used to attack AOL
| ||
In this story: AOL: Assault didn't amount to a pinprick FBI focuses on California, Oregon locations Server compromised How they did it RELATED STORIES, SITES 
|
NEW YORK (CNN) -- Envisioneering Group, a Long Island technology consultant, told CNN on Friday that one of its servers was hijacked on two separate days to launch a version of a denial of service attack on a major Web site.
In such assaults, hackers hijack multiple third-party computers and use those "zombie" computers to flood target sites with data, essentially shutting down access to the sites for would-be users.
The first intrusion was on January 29 and involved using a computer to pass large volumes of e-mail from a third party on to a Web site server in an attempt to overwhelm the site.
| |||||||||||||||||||||
In the span of 15 minutes, several dozen e-mails a second were sent through the Envisioneering server to both Yahoo! and America Online.
During the attack, engineers at Envisioneering stopped the attack, according to Envisioneering Group President Richard Doherty.
"We dumped all the pending mail, and that stopped the repeated attacks [on Envisioneering]," Doherty said.
Yahoo! was jammed by messages on Monday.
The Envisoneering server was used again in the same fashion on Tuesday, a day when highly trafficked Internet sites such as Amazon.com, Buy.com and CNN.com were hit with denial of service attacks.
But in the second incident involving his server, Doherty says he doesn't know exactly where the messages were sent.
AOL: Assault didn't amount to a pinprick
The first attack could have been a form of target practice to confirm that the Envisioneering server was vulnerable with the intention of using it in the later attack.
AOL, for its part, reported no out of the ordinary traffic on either of the dates cited by Doherty. The attack had no effect on the huge Internet service provider, an AOL spokeswoman said.
Envisioneering uses Mindspring for its Internet access. but even if a hacker somehow gained control of the entire Mindspring network and pointed it at AOL, it wouldn't "register a significant amount of volume to cause a problem," according to AOL spokesperson Tricia Primrose.
This is because of Mindspring's relatively small total bandwidth. With the known resources of the intruder -- one computer at Envisioneering Group -- the assault didn't even amount to a pinprick, Primrose said.
Yahoo! did not immediately return calls for comment.
AOL has proposed buying Time Warner Inc., the parent company of CNN.com. It is awaiting approval from the Federal Trade Commission.
FBI zeroing in on locations in California, Oregon
Meanwhile, CNN has learned the FBI is zeroing in on undisclosed locations in California and Oregon as it attempts to unravel this week's cyber assaults.
According to sources familiar with the investigations, the FBI is hoping to obtain computers that it believes were used in an attack on CNN.com.
No arrests are considered imminent.
The FBI's planned action comes after investigators discovered the computer system at the University of California at Santa Barbara was used in the attack against CNN.com.
As the smoke begins to clear from the spate of attacks, CNN continues to get sporadic reports about other major Web sites assaulted.
Excite@Home confirmed that it was attacked Wednesday night at 7 p.m. PST. The attack lasted about an hour, according to a spokesperson. About 50 percent of users trying to access the Excite portal and search engine couldn't reach the site during the attack, which targeted and overloaded routers. Only the Web site was under attack, the @Home cable network was not affected.
"We're working with the Internet community to try to find out what's going on," says Excite@Home spokesperson Kelly Distefano.
Server compromised
A University of California- Santa Barbara network administrator has confirmed that a server at the university was compromised and used in at least one of the attacks against major Web sites this week.
Sources declined to identify the owners of the computers that are being targeted. While those owners may emerge as suspects, sources point out that their computers might have been programmed without their knowledge.
Still, the belief is that these computers may have been used to direct commands to a computer system at UCSB.
This computer then flooded the affected Web site with millions of messages -- blocking access to customers.
UCSB administrator Kevin Schmidt said an intruder entered the UCSB machine at least twice. After entering the first time to open doors needed later, the intruder returned to install a software package designed to carry out an attack, Schmidt said.
The program, once executed, began its assault by sending out connection requests to the target Web site creating a "denial of service" attack.
With enough requests sent to a single Web site, the site can be rendered inaccessible to legitimate users.
In order to conceal the attack, the program began rotating the origination addresses of the requests. This method, known generally as "spoofing," is used to thwart filters on the target machine designed to identify and weed out malicious data.
Schmidt said the intruder was "sloppy" in his work and failed to destroy all the logs monitoring activity on the server.
"There wasn't a great effort to hide their presence," Schmidt said. "I don't think this behavior was atypical" of an untrained hacker.
How they did it
The intruder entered the UCSB computer through a known vulnerability in an installed network service.
These vulnerabilities are frequently announced through Carnegie Mellon University's CERT group, National Infrastructure Protection Center and other network security forums.
To plug the holes, administrators simply need to install patches or workarounds. However, with so many individual machines on the Internet and other demands competing for the time of a network guru, many computers are left unsecured.
Along with CNN.com, other attacks were carried out against Yahoo!, eBay and Amazon.com
As CNN has reported, the programs needed to make a denial of service attack are very simple to find on several Web sites. They are ready-made programs that are easy for almost anyone to use.
RELATED STORIES:
FBI agents focus on university, business computers as cyber-attack launch pads
February 10, 2000
Denial of service hackers take on new targets
February 9, 2000
Cyber-attacks batter Web heavyweights
February 9, 2000
'Immense' network assault takes down Yahoo
February 8, 2000
Legendary computer hacker released from prison
January 21, 2000
RELATED SITES:
Amazon.com
eBay.com
buy.com - The Internet Superstore
Federal Bureau of Investigation
National Infrastructure Protection Center: CyberNotes
HNN - HackerNewsNetwork
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.