Latest Hacker Attacks Rattle E-Commerce

The Internet and e-commerce fell victim to a third full-scale hacker assault in as many days Wednesday, as online broker E*Trade and a number of other sites had traffic disrupted by a coordinated stream of data requests from multiple Internet addresses.

These incidents came on the heels of Monday and Tuesday’s orchestrated cyber-assaults on Yahoo!, Amazon.com, Buy.com ,eBay and CNN.com.

While causing little actual damage, the attacks sparked a broad Wall Street sell-off, according to some analysts. The Dow Jones Industrial Average and the Nasdaq experienced a 250 and 64.26 point plunge, respectively, on Wednesday.

Online Brokers Targeted

The latest onslaught of sabotage shut E*Trade down for a short time early Wednesday morning. However, a spokesman for the online brokerage said that less than 20 percent of the company’s customers were affected by the problems.

Meanwhile, online trading company Datek Online Holdings was blocked for some 35 minutes Wednesday, but company officials have reportedly determined that the difficulties were unrelated to outside activity.

Traffic Monitors

Despite setting up traffic monitors late Tuesday, online news publisher ZDNet was unable to prevent hackers from shutting down the site Wednesday morning. Requests were camouflaged as if they were coming from hundreds of thousands of individual computer addresses.

Additionally, giant Internet Service Provider UUNet reported slowness in parts of its network as a result of the attacks.

Clinton Speaks Up

Yesterday’s attacks also prompted responses from top U.S. officials, including President Clinton and Attorney General Janet Reno.

“I have asked the people who know more about it than I do if there is anything we can do,” Clinton said. Later in the day, Reno vowed to prosecute the perpetrators.

As of yet, no one person or group has claimed responsibility for the attacks. While some analysts dismiss the mayhem as “pranksterism,” others have speculated that it could be the work of cyber-terrorists that are bent upon trying to destabilize the economy of the United States.

Will There Be More Smurfing?

Ultimately, there is a consensus among security experts that stopping this sort of sabotage — or “smurfing” — will not be an easy task.

MCI Telecommunications Senior Vice President Vinton Cerf, who played a key role in developing TCP/IP and is often called the father of the Internet, told the E-Commerce Times that “Denial-of-service attacks are hard to combat because they look just like ordinary traffic — just too much of it. To be effective, a denial-of-service defense has to be effected fairly close to the originator of the traffic. Otherwise, you might just get the equivalent of network congestion in addition to overloading a particular server.”

Cerf added, “If it takes as much processing to decide an arriving packet is bogus as it does to process the arriving packet normally, the effect is about the same: overloading the server.”

“Controlling smurfing is difficult at best,” according to a report by Redwood, California-based Zona Research. “Hackers break into a huge number of computers around the Internet, install difficult-to-detect bombs that are set to go off when commands are sent to slave machines, and then start bombarding sites with information streams that clog targeted networks.”

While some observers predict that such attacks will become more common on the Web, Zona foresees that wider use of sophisticated filtering technology and vigorous prosecution by federal and state authorities will “become the order of the day.”

Cerf elaborated, “There is a technique called source filtering that could at least limit opportunity to falsify source addresses, but it takes up a lot of router capacity so it isn’t widely implemented if at all. I hope we can do that in hardware some day. That would only allow you to then put in filters at the host under attack to reject traffic from specific sources. If the source of the attack is agile, the filter has to change, too.”

“For e-consumers already reluctant to share financial and personal data online, smurfing may be far more than cartoonish child’s play,” the Zona report added.