-Caveat Lector- A HREF="http://www.ctrl.org/"
/A -Cui Bono?-
Here is a story I pulled off MSNBC.wondered what was up today.
Reading this, I wondered how much of this stuff is kid pranksters or is
it serious domestic sabotage against rival nets, etc.
Whoever they are, they are good and they are professionals - didn't
Japan allegedly state they would sabotage web.do not follow this
stuff that much.
Here is item:
Hack attacks hit Web giants
A browser displays an error message for Yahoo.com at 3:21 p.m. ET
Monday.
Yahoo's President COO Jeff Mallett explains how the site went down.
By Bob Sullivan and Brock Meeks
MSNBCFeb. 8 A series of attacks against high-profile
Web sites has security experts worried that the current assaults are
unstoppable. Just one day after overwhelming Yahoo's Web site, computer
vandals struck again Tuesday, knocking Buy.com and eBay offline. The
attacks begged the questions: If these sites are vulnerable, is every
site at risk? And who might the next victim be?
The "Stream" attack
Tribal Flood -- FBI
Tribal Flood attack -- CERT
A SOURCE CLOSE to the investigation of the Web site
attacks told MSNBC he had read an 18-page threatening letter written by
the attacker. In it, the alleged attacker writes, "This is a watershed
event of Net security debacle. We have shot across the bow of Yahoo.
It's a real wake up call. This attack is just the first of the assaults
that we will be launching on the Web ... three cheers for us."
The threats don't appear to have been idle. After service
on Buy.com and eBay.com was interrupted Tuesday, reports came in that a
number of other high-profile sites were under attack.
In his letter, the attacker complained about companies
"capitalizing" on the Internet; the investigator MSNBC spoke to believes
online brokerage companies like eTrade could be his next target.
The attack on Buy.com was untimely for the retailer,
coming within an hour of the Web retailer's initial public offering of
stock Tuesday.
Officials from Buy.com and eBay.com told CNBC they were
the victims of a coordinated attack targeting their service provider,
Exodus Communications. Exodus also hosts a number of other big-name
Internet sites. The tactic, called denial of service, appeared to be the
same used against Yahoo on Monday.
CNBC's Steve Frank explains some of the sketchy details of the Buy.com
hack attack.
An Exodus customer told MSNBC he received a page from the
Web hosting company at about 12:30 p.m. today with the message: "Denial
of service attack against Irvine IDC. Filters applied at Exodus borders.
Network is returning to normal." (IDC is the company's huge data center
located in Irvine, Calif.)
Stamps.com, which "shares a pipe" with Buy.com, received
the Exodus alert and decided to "proactively take down the service for a
brief time," a company spokesman told to MSNBC. "We were down for about
30 minutes until we were sure that our site was secure," the spokesman
said. Few customers were affected, the spokesman said, and the site
functioned normally when it went back online.
CNBC's Steve Frank reported that Exodus servers were hit
from three locations inside the U.S. Chicago, Boston, and New York
with 800 megabits of traffic per second, about eight times the
service's maximum capacity.
Similar to the Yahoo outage, Buy.com's troubles began at
1:50 p.m. and lasted for about three hours.
Buy.com's stock rises on debut
After his site had recovered from the attack, Buy.com CEO
Greg Hawkins couldn't promise the site wouldn't fall victim to the
pranksters again.
"It's not clear you could build anything that could
handle this amount of traffic," he said.
Russ Cooper, who maintains the popular security mailing
list NTBugTraq, said he expected the attacks to continue.
"Somebody is attempting to demonstrate the weakness and
fragility of the Internet and e-commerce," Cooper said. "Why they're
doing that, we don't know."
Yahoo! Inc. (YHOO)pricechange$373.1319.125Exodus Communications, Inc.
(EXDS)pricechange$126.943.313(BUYX)pricechange$25.1312.125eBay Inc.
(EBAY)pricechange$169.750.188Data: MSN MoneyCentral Investor and SP
Comstock
Security experts are still trying to learn who attacked
Yahoo on Monday and exactly what the vandals did.
There's nothing new about denial of service attacks, in
which a Web site is overwhelmed with so many requests that legitimate
users get the cyber equivalent of a busy signal. But they have come into
fashion of late, and updates to this old-fashioned cyber ploy have made
"DoS" attacks freshly sinister.
Yahoo COO Jeff Mallett left no doubt in statements Monday
that his site was crippled for three hours by a denial-of-service
attack.
"It appears that unfortunately it was a planned attack
that looked like it was directed at Yahoo specifically," Mallett said on
CNBC. "We had an excess amount of automated
