ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Feds warn about rise in attacks against e-commerce sites


(IDG) -- As the busy holiday shopping season gets into full swing, a federal security agency affiliated with the FBI is warning that attacks by malicious hackers against e-commerce Web sites and other companies doing business online are on the rise.

The Washington-based National Infrastructure Protection Center (NIPC) issued an advisory last Friday saying that FBI investigations and unspecified additional information point to an increase "in hacker activity specifically targeting U.S. systems associated with e-commerce and other Internet-hosted sites."

  Computerworld's home page
  Federal cyberlaws fraught with problems
  A hacker with a cause
  Freeze! drop that download!
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

The NIPC, which is located at FBI headquarters, said most of the intrusions were made against systems running Microsoft Corp.'s Windows NT operating system, although Unix-based machines also were reported to have been victimized. The center didn't include any specific examples of attacks in its advisory, and a spokeswoman for the NIPC declined to comment on that today. According to the NIPC's advisory, attackers "are exploiting at least three known system vulnerabilities to gain unauthorized access [to systems] and download proprietary information" from unsuspecting companies. Most of the attacks had been under way for several months before being discovered, the center added.

"Although these vulnerabilities are not new, this recent activity warrants additional attention by systems administrators," the advisory said. "The NIPC strongly recommends that all computer network systems administrators check relevant systems and apply updated patches as necessary. Specific emphasis should be placed on systems related to e-commerce or e-banking/financial business."

Eric Hemmendinger, a security analyst at Aberdeen Group in Boston, said the agency's alert should be taken seriously by IT managers because it comes from the government, not from security firms or antivirus software vendors warning of the end of the world as we know it.

"What might be a little bit unusual about this is not what the warning is, but where it's coming from," Hemmendinger said. "When the federal government wakes up to a problem, they're usually not the first ones [to see it]. That means it's worth paying attention to."

Hemmendinger said users can defend themselves against virus attacks and network intrusions by updating their antivirus programs and making sure they apply any available security patches to their applications. But companies are still vulnerable to distributed denial-of-service attacks, which can crash their Web sites, he added. "In the case of denial-of-service attacks, there is no really good answer right now," Hemmendinger said.

That problem was evident last February, when major Web sites such as the ones operated by Yahoo, eBay, and were shut down by a string of denial-of-service attacks.

In a more recent high-profile security incident, Microsoft confirmed that its internal computer network was broken into by an attacker who was able to view some of the software vendor's source code for a future product that's under development. Microsoft said it tracked the intruder's movements inside its network for 12 days before reporting the attack to the FBI.

The NIPC's advisory points users to Web site links with information about how to plug the security holes that it said are being exploited by attackers. The center, which is continuing its investigations into the attacks that have been reported thus far, also asked companies to report any suspicious online activities to it or to the FBI.

European ISPs could bill customers for cybercrime costs
December 5, 2000
The Netherlands adopts cybercrime pact
November 30, 2000
Cyber cop unit to fight Internet crime
November 13, 2000
Users show some sympathy to Microsoft over security
November 9, 2000
Industry group: Security key to 'next generation' Web
November 8, 2000

How to prevent one-click hack attacks
(PC World)
Virus writers send holiday greetings
(PC World)
Cyberinsurance: Prepare for the worst
NASA hacker pleads guilty
Mideast tensions prompt 'cyberconflicts'
Federal cyberlaws fraught with problems
A hacker with a cause
(The Industry Standard)
Freeze! drop that download!
(PC World)

National Infrastructure Protection Center
FBI Warning

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.