ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Feds warn about rise in attacks against e-commerce sites

Computerworld

(IDG) -- As the busy holiday shopping season gets into full swing, a federal security agency affiliated with the FBI is warning that attacks by malicious hackers against e-commerce Web sites and other companies doing business online are on the rise.

The Washington-based National Infrastructure Protection Center (NIPC) issued an advisory last Friday saying that FBI investigations and unspecified additional information point to an increase "in hacker activity specifically targeting U.S. systems associated with e-commerce and other Internet-hosted sites."

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Computerworld's home page
  Federal cyberlaws fraught with problems
  A hacker with a cause
  Freeze! drop that download!
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  TechInformer
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

The NIPC, which is located at FBI headquarters, said most of the intrusions were made against systems running Microsoft Corp.'s Windows NT operating system, although Unix-based machines also were reported to have been victimized. The center didn't include any specific examples of attacks in its advisory, and a spokeswoman for the NIPC declined to comment on that today. According to the NIPC's advisory, attackers "are exploiting at least three known system vulnerabilities to gain unauthorized access [to systems] and download proprietary information" from unsuspecting companies. Most of the attacks had been under way for several months before being discovered, the center added.

"Although these vulnerabilities are not new, this recent activity warrants additional attention by systems administrators," the advisory said. "The NIPC strongly recommends that all computer network systems administrators check relevant systems and apply updated patches as necessary. Specific emphasis should be placed on systems related to e-commerce or e-banking/financial business."

Eric Hemmendinger, a security analyst at Aberdeen Group in Boston, said the agency's alert should be taken seriously by IT managers because it comes from the government, not from security firms or antivirus software vendors warning of the end of the world as we know it.

"What might be a little bit unusual about this is not what the warning is, but where it's coming from," Hemmendinger said. "When the federal government wakes up to a problem, they're usually not the first ones [to see it]. That means it's worth paying attention to."

Hemmendinger said users can defend themselves against virus attacks and network intrusions by updating their antivirus programs and making sure they apply any available security patches to their applications. But companies are still vulnerable to distributed denial-of-service attacks, which can crash their Web sites, he added. "In the case of denial-of-service attacks, there is no really good answer right now," Hemmendinger said.

That problem was evident last February, when major Web sites such as the ones operated by Yahoo, eBay, and Buy.com were shut down by a string of denial-of-service attacks.

In a more recent high-profile security incident, Microsoft confirmed that its internal computer network was broken into by an attacker who was able to view some of the software vendor's source code for a future product that's under development. Microsoft said it tracked the intruder's movements inside its network for 12 days before reporting the attack to the FBI.

The NIPC's advisory points users to Web site links with information about how to plug the security holes that it said are being exploited by attackers. The center, which is continuing its investigations into the attacks that have been reported thus far, also asked companies to report any suspicious online activities to it or to the FBI.




RELATED STORIES:
European ISPs could bill customers for cybercrime costs
December 5, 2000
The Netherlands adopts cybercrime pact
November 30, 2000
Cyber cop unit to fight Internet crime
November 13, 2000
Users show some sympathy to Microsoft over security
November 9, 2000
Industry group: Security key to 'next generation' Web
November 8, 2000

RELATED IDG.net STORIES:
How to prevent one-click hack attacks
(PC World)
Virus writers send holiday greetings
(PC World)
Cyberinsurance: Prepare for the worst
(Darwin)
NASA hacker pleads guilty
(Computerworld)
Mideast tensions prompt 'cyberconflicts'
(Computerworld)
Federal cyberlaws fraught with problems
(Computerworld)
A hacker with a cause
(The Industry Standard)
Freeze! drop that download!
(PC World)

RELATED SITES:
National Infrastructure Protection Center
FBI Warning

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.