Hackers target small sites
Ivo Gorinov understands what the folks at Yahoo! Inc., Amazon.com Inc. and eBay Inc. are going through. Last May, his company network was brought down for 12 hours by attacks similar to those suffered by the three U.S. E-commerce giants last week.
"I was on vacation in Morocco and found out about the attack on my daily call to the office before heading down to the beach," said Gorinov, a computer consultant and president of Six.net, an Internet service provider.
Beach plans were cut short when Gorinov's technician told him 250 Six.net dial-up users were unable to access browsing and E-mail services and traffic was blocked to the 50 corporate Web-sites hosted on his server.
"I was under tremendous pressure - thousands of miles away from home and my entire network down, said Gorinov in his Bulgarian accented English. "My clients are increasingly using the Net to market their products and services but I had only a vague idea how deeply their reliance on the medium had become until I saw the desperate nature of the complaints I was getting.
It all started out innocuously enough. For several weeks Gorinov noticed a dial-up user attached to one of his corporate clients was getting "bumped" off the Net. Bumping, popular among certain pranksters means sending unrecognisable data to vulnerable users which terminates their connection. It's harmless enough since all that the user has to do to get reconnected is to dial up again.
"I made some inquiries, and it turned out to be a client's son, who was using the corporate connection to browse the Web, said Gorinov, who runs Six.net with his wife and a support technician. "He was apparently mouthing off in chat rooms and making enemies on-line."
Although Gorinov wasn't initially worried about what he saw as childish pranks, one day he received an ominous E-mail warning. "The anonymous note, was written by someone who knew a lot about my client's son, his name, address, description and place of employment."
The gist of the note was that Six.net's client was upsetting some powerful players on the Net and that his account should be cut off.
Cutting off a person's Web access is a touchy issue that goes beyond a business decision there are freedom of speech implications as well. Gorinov took the middle road he warned the client about his son's activities, and, after cutting him off briefly, made an agreement whereby access would be restored if the son would agree to stay out of chat rooms.
The attack came two weeks later. Like ones made against the high profile U.S. sites and more recently HMV Canada Inc., it consisted of millions of requests for information directed at Gorinov's client's account. The requests -- launched from a multitude of servers hijacked specifically for that purpose -- quickly jammed Six.net's entire network.
Fixing the problem from Gorinov's Morocco hotel proved to be quite a challenge. By working though a terminal in an Internet café and running up a huge long-distance phone bill with his technician, Gorinov was able to set up a temporary solution that got most of network up and running again.
But the real detective work would have to wait until he got back to Canada. "We finally traced most of the attacks as having come from servers in Japan," said Gorinov. "It was not their fault hackers are constantly scanning the Net for servers with security holes in them, and lists are routinely exchanged and posted at hacker sites."
According to Gorinov, almost any server can be appropriated by hackers to launch these "request for service" attacks. Properly run sites monitor this kind of usage and those playing foul are tracked. Lists of sites not tracking these stunts are thus in high demand in the hacker community.
Due to the open nature of Internet's design, there is little that can be done immediately to end these attacks, but the American government is nevertheless taking them seriously. President Bill Clinton is scheduled to meet government officials and leaders in the Internet business community later today to discuss responses to threats posed by the hackers.
But according to Gorinov it's important not to over emphasise the threat. "Although the attacks being publicised are deemed to be the work of "hackers", the culprits did not gain access to any company data they merely temporarily brought down the systems." The recent actions would probably be better described as vandalism attacks since the word hacker traditionally implies system penetration.
"The attacks are annoying and can cause a great deal of inconvenience. But in a way it's a good thing that we are patching up the security holes now, while the Net is still in a growth stage," said Gorinov.
"Because as more and more users come on-line, and these users reliance on the medium increases, future breakdowns are going to be far more costly."
Diekmeyer's articles are available on-line at: www.peterdiekmeyer.com. He can be reached at firstname.lastname@example.org.
|© 1998 Peter Diekmeyer Communications Inc.|