ad info technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Consulting firm says its server was used to attack AOL


February 11, 2000
Web posted at: 6:57 p.m. EST (2357 GMT)

In this story:

AOL: Assault didn't amount to a pinprick

FBI focuses on California, Oregon locations

Server compromised

How they did it


NEW YORK (CNN) -- Envisioneering Group, a Long Island technology consultant, told CNN on Friday that one of its servers was hijacked on two separate days to launch a version of a denial of service attack on a major Web site.

In such assaults, hackers hijack multiple third-party computers and use those "zombie" computers to flood target sites with data, essentially shutting down access to the sites for would-be users.

The first intrusion was on January 29 and involved using a computer to pass large volumes of e-mail from a third party on to a Web site server in an attempt to overwhelm the site.


In the span of 15 minutes, several dozen e-mails a second were sent through the Envisioneering server to both Yahoo! and America Online.

During the attack, engineers at Envisioneering stopped the attack, according to Envisioneering Group President Richard Doherty.

"We dumped all the pending mail, and that stopped the repeated attacks [on Envisioneering]," Doherty said.

Yahoo! was jammed by messages on Monday.

The Envisoneering server was used again in the same fashion on Tuesday, a day when highly trafficked Internet sites such as, and were hit with denial of service attacks.

But in the second incident involving his server, Doherty says he doesn't know exactly where the messages were sent.

AOL: Assault didn't amount to a pinprick

The first attack could have been a form of target practice to confirm that the Envisioneering server was vulnerable with the intention of using it in the later attack.

AOL, for its part, reported no out of the ordinary traffic on either of the dates cited by Doherty. The attack had no effect on the huge Internet service provider, an AOL spokeswoman said.

Envisioneering uses Mindspring for its Internet access. but even if a hacker somehow gained control of the entire Mindspring network and pointed it at AOL, it wouldn't "register a significant amount of volume to cause a problem," according to AOL spokesperson Tricia Primrose.

This is because of Mindspring's relatively small total bandwidth. With the known resources of the intruder -- one computer at Envisioneering Group -- the assault didn't even amount to a pinprick, Primrose said.

Yahoo! did not immediately return calls for comment.

AOL has proposed buying Time Warner Inc., the parent company of It is awaiting approval from the Federal Trade Commission.

FBI zeroing in on locations in California, Oregon

Meanwhile, CNN has learned the FBI is zeroing in on undisclosed locations in California and Oregon as it attempts to unravel this week's cyber assaults.

According to sources familiar with the investigations, the FBI is hoping to obtain computers that it believes were used in an attack on

No arrests are considered imminent.

The FBI's planned action comes after investigators discovered the computer system at the University of California at Santa Barbara was used in the attack against

As the smoke begins to clear from the spate of attacks, CNN continues to get sporadic reports about other major Web sites assaulted.

Excite@Home confirmed that it was attacked Wednesday night at 7 p.m. PST. The attack lasted about an hour, according to a spokesperson. About 50 percent of users trying to access the Excite portal and search engine couldn't reach the site during the attack, which targeted and overloaded routers. Only the Web site was under attack, the @Home cable network was not affected.

"We're working with the Internet community to try to find out what's going on," says Excite@Home spokesperson Kelly Distefano.

Server compromised

A University of California- Santa Barbara network administrator has confirmed that a server at the university was compromised and used in at least one of the attacks against major Web sites this week.

Sources declined to identify the owners of the computers that are being targeted. While those owners may emerge as suspects, sources point out that their computers might have been programmed without their knowledge.

Still, the belief is that these computers may have been used to direct commands to a computer system at UCSB.

This computer then flooded the affected Web site with millions of messages -- blocking access to customers.

UCSB administrator Kevin Schmidt said an intruder entered the UCSB machine at least twice. After entering the first time to open doors needed later, the intruder returned to install a software package designed to carry out an attack, Schmidt said.

The program, once executed, began its assault by sending out connection requests to the target Web site creating a "denial of service" attack.

With enough requests sent to a single Web site, the site can be rendered inaccessible to legitimate users.

In order to conceal the attack, the program began rotating the origination addresses of the requests. This method, known generally as "spoofing," is used to thwart filters on the target machine designed to identify and weed out malicious data.

Schmidt said the intruder was "sloppy" in his work and failed to destroy all the logs monitoring activity on the server.

"There wasn't a great effort to hide their presence," Schmidt said. "I don't think this behavior was atypical" of an untrained hacker.

How they did it

The intruder entered the UCSB computer through a known vulnerability in an installed network service.

These vulnerabilities are frequently announced through Carnegie Mellon University's CERT group, National Infrastructure Protection Center and other network security forums.

To plug the holes, administrators simply need to install patches or workarounds. However, with so many individual machines on the Internet and other demands competing for the time of a network guru, many computers are left unsecured.

Along with, other attacks were carried out against Yahoo!, eBay and

As CNN has reported, the programs needed to make a denial of service attack are very simple to find on several Web sites. They are ready-made programs that are easy for almost anyone to use.

FBI agents focus on university, business computers as cyber-attack launch pads
February 10, 2000
Denial of service hackers take on new targets
February 9, 2000
Cyber-attacks batter Web heavyweights
February 9, 2000
'Immense' network assault takes down Yahoo
February 8, 2000
Legendary computer hacker released from prison
January 21, 2000

RELATED SITES: - The Internet Superstore
Federal Bureau of Investigation
National Infrastructure Protection Center: CyberNotes
HNN - HackerNewsNetwork

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.