ad info

 
CNN.com  U.S. News
myCNN | Video | Audio | Headline News Brief | Free E-mail | Feedback  

 

  Search
 
 

 
U.S.
TOP STORIES

California braced for weekend of power scrounging

Court order averts strike against Union Pacific railroad

U.S. warning at Davos forum

Two more Texas fugitives will contest extradition

(MORE)

TOP STORIES

Thousands dead in India; quake toll rapidly rising

Davos protesters confront police

California readies for weekend of power scrounging

Capriati upsets Hingis to win Australian Open

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

POLITICS

LAW

TECHNOLOGY

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*   U.S.
 MULTIMEDIA:
 DISCUSSION:
  CNN WEB SITES:
CNN Websites
 FASTER ACCESS:
 TIME INC. SITES:
 CNN NETWORKS:
Networks image
 SITE INFO:
 WEB SERVICES:

Law enforcement asks cyber-community for more vigilance

image
 

February 9, 2000
Web posted at: 7:26 p.m. EST (0026 GMT)


In this story:

FBI offers detection software

Hackers could face 10-year sentences

'A 15-year-old could launch these attacks'

RELATED STORIES, SITES icon



WASHINGTON (CNN) -- While vowing to use the FBI, military, Secret Service and the intelligence community to find the hackers behind this week's wave of major cyber-attacks, federal law enforcement officials also encouraged the Internet community to toughen its own defenses against hackers.

 VIDEO
VideoCNN's Marsha Walton reports on security measures for securing e-commerce sites.
QuickTime Play
Real 28K 80K
Windows Media 28K 80K
 
  ALSO
 
  MESSAGE BOARD
 

"We are committed in every way possible to tracking down those responsible, to bringing them to justice and to seeing that the law is enforced," Reno said at an FBI news conference.

Several e-commerce sites, portals and news outlets were hit by the computer attacks that began Monday, leaving them unreachable to the public for hours and flooded with junk data.

"These cyber-assaults have caused millions of Internet users to be denied services," said Reno. She said the motives of the hackers are unknown, but "they appear to be intended to interfere with and disrupt legitimate electronic commerce."

Ronald Dick, who heads computer investigations at the FBI, said it is highly likely that the attacks came from unwitting individuals or businesses whose computers have been compromised.

"Tools by which to launch these attacks have been placed there without their knowledge, and someone at a remote location is controlling those tools to launch attacks against the victims," Dick said.

He said a popular place for cyber-criminals to plant such software was on third-party computers, many of them belonging to Internet service providers, or ISPs. Logs at the ISPs will be crucial to the investigation.

FBI offers detection software

Tools and defensive measures exist that can be used against hackers to minimize damage, Dick said.

"Many of the distributed 'denial of service' tools currently are readily available out there on the Internet," he said. "You can download them, and it doesn't take any particular technical knowledge by which to utilize them."

Dick said prevention, such as implementing security measures, is the key to stopping attacks on computer systems, whether in the private or public sectors. He said it is the responsibility of the entire cyber community because any lapse of computer security by one entity could cause harm to others.

Dick said the FBI's National Infrastructure Protection Center (NIPC) has had multiple reports of computer intruders installing "distributed denial of service (DDOS) tools" on various computer systems. Those tools enable individuals to remotely launch cyber attacks.

Those DDOS tools can be detected by software the NIPC is making available on its Web site at http://www.fbi.gov/nipc/trinoo.htm.

 Information:
The FBI asks that any suspected criminal activity be reported to the NIPC Watch and Warning Unit (202) 323-3204/3205/3206 or nipc.watch@fbi.gov
FBI's recommended steps for victims of illegal computer intrusion:
  • Respond quickly to greatly reduce potential damage and monetary losses.
  • Consider activating Caller ID on inbound lines.
  • Have pre-established points of contact for the general counsel, emergency response personnel, law enforcement, etc.
  • Appoint one person to handle potential evidence. Establish a chain-of-custody.
  • Do not "duel" with the hacker. This typically invites more attacks.
  • Do not use your network's E-mail functions to discuss the incident. The mail server may have been compromised.
  • If you reside within the Washington, D.C. Metropolitan area, contact the WFO IPCIS.

Hackers could face 10-year sentences

Investigators will be challenged in tracking down the originators of the attacks because many source addresses have been "spoofed" or falsified.

However, Dick said they can ultimately be traced.

"We're running every lead down until we find who did this," he said. Investigators will use electronic surveillance to track back through ISPs and find who was at the keyboard, he said.

Asked if there had been any credible claims of responsibility, Dick said, "None that I'm aware of."

He said the attacks are a violation of federal statutes punishable by a minimum six-month prison sentence for first-time offenders and 10 years for repeat offenders. Criminal fines can range from $250,000 per count up to twice the gross loss of the victim.

'A 15-year-old could launch these attacks'

The cyber attacks began earlier in the week when Yahoo!, the Internet's most popular site, was jammed with messages beyond its vast capacity to handle them.

On Tuesday, sites such as Amazon.com, Buy.com, and CNN.com were the victims of similar attacks. The attacks continued Wednesday with on-line broker E*Trade being partially blocked along with computer information site ZDNet.com.

Under the onslaught of messages, said Dick, the victim's Internet site simply shuts down until filters can be put in place that turn away the bogus messages.

Dick said a high level of technical sophistication is not necessary to launch such cyber attacks.

"A 15-year-old kid could launch these attacks," he said.

But the search for those responsible likely will go global.

"Historically, this is not just a U.S. issue. Inevitably we wind up overseas, where an unwitting ISP is utilized as a launch pad," Dick said.



RELATED SITES:
Federal Bureau of Investigation - FBI
National Infrastructure Protection Center


Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 Search   


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.