Web site problems strike again for Microsoft
SEATTLE, Washington -- A week of Web woes continued for Microsoft Corp. Friday as its main site was nearly inaccessible to users.
The traffic congestion was the latest in a string of problems that has plagued microsoft.com since early in the week.
It was not clear whether a denial of service attack was behind this incident, but it was different from the problems that Microsoft had earlier blamed on a technical glitch, said Daniel Todd, chief technologist for public services at Web measurement company, Keynote Systems Inc.
A denial of service attack floods a system with so much data that legitimate traffic is slowed or halted.
"To a user it will seem similar since they can't download the Web page," Todd said.
Beginning at about 10 a.m. PST only 7 percent of Web users were able to access the site, said Todd, adding that the situation was still in progress an hour later. Only Microsoft can confirm whether it was a denial of service attack, he said.
Other problems were unrelated
Microsoft had said hacker attacks cut off access to some of its Web sites on Thursday as the software giant fell prey to the same kind of assault that took down other Internet giants last year.
Microsoft said a hacker or hackers had pounded some routers, the equipment that directs Web surfers to a site with a denial of service attack.
But the Redmond, Washington-based company said the attack was separate from an accidental outage at many of its Web properties, including its main corporate site and its MSN.com portal, from Tuesday evening to Wednesday evening.
"It is unfortunate that an individual or group of individuals would engage in this kind of illegal activity," Microsoft said in a statement.
"We apologize for any inconvenience this has caused customers, and want to assure our customers that we will be taking more steps in the days and weeks ahead to further protect them," Microsoft said.
Microsoft said the sites were working again and that it had notified the FBI.
A company spokesman declined to speak on the record, saying the matter was now a law enforcement issue.
The FBI said Friday it is looking into the attack.
"(Microsoft) did contact us yesterday, and yes we do have an investigation going," said Mike Sanders, spokesperson for the FBI's Seattle field office. He declined to comment further.
Microsoft joins the club
Denial of service attacks rose from obscure hacker lore to headline news last year when the sites of online auction house eBay, Internet retailer Amazon.com and portal Yahoo! were laid low by such barrages.
A Canadian teen-ager nicknamed "Mafiaboy" pleaded guilty this month to 56 charges relating to those attacks, which caused an estimated $1.7 billion in damages and raised concern about corporate and consumer vulnerability on the Internet.
The attack on Microsoft was not likely to be the last.
"I will almost guarantee that it will happen again," said Amit Yoran, chief executive of information security firm Riptech Inc. "We don't know when the next denial of service attacks will come but we know they're coming."
The security community would need more data from Microsoft about the attack before it could judge how hackers could bring the company's entire Internet empire to its knees so easily, Yoran said.
"My guess is that Microsoft has a fairly sizable infrastructure. Microsoft has a top-notch security team, so it's probably not something that was overlooked by them, but rather something that was not well known," Yoran said.
Another security incident
Whether or not Thursday's attack was due to bungling by the security team or an unusually crafty hacker, it was the latest embarrassing incident for the world's top software maker.
In October, a hacker tapped an unguarded Microsoft computer and prowled the system for days, making off with part of the source code for an unidentified product under development.
Microsoft's technical trouble earlier this week was also one of the broadest Web site outages in weeks. Earlier this month, eBay crashed for nearly 11 hours due to system failures, and in December, Amazon was down briefly several times during the busy holiday shopping season.
Microsoft chalked up the earlier outages to a technician who made a "mistaken configuration change" to the computers that guide Web surfers to the sites.
Microsoft had fixed that problem by Wednesday evening, but by Thursday morning many sites were inaccessible again.
Users and Internet monitoring firms reported trouble accessing several of Microsoft's sites, such as MSN, its Expedia travel site, and Hotmail free e-mail service.
Other Microsoft Web sites affected included the MSNBC.com news site, the Carpoint automobile buying service, the Homeadvisor home buying service, and the Windowsmedia entertainment guide.
CNN.com Technology Editor Daniel Sieberg and Reuters contributed to this report.
Report: Microsoft hack a U.S. security risk
December 29, 2000
Users show some sympathy to Microsoft over security
November 9, 2000
Analysis: Home workers can imperil systems
November 7, 2000
Canadian juvenile charged in connection with February 'denial of service' attacks
April 18, 2000
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.