Wake-Up Week for Web Security ; Hacker Attacks on Several Major Sites Reveal Difficulty of Safeguarding the Internet from Increasing Threats

Article excerpt

This week's unprecedented attacks against high-profile Web sites have revealed with startling clarity what security experts have been warning for years: Cyberterrorism is real and here to stay.

The threat will sorely challenge the world's traditional security apparatus because it poses entirely new threats.

Hijackers of the future may take over Internet sites rather than airplanes or buildings. Guerrillas of the 21st century could begin targeting e-commerce instead of government installations.

Despite the careful planning evident behind this week's actions, there's no public evidence so far that it was the work of an organized group. But the alternative is equally chilling: A lone hacker (or, more correctly, a "cracker") may have brought to a temporary halt a few of the world's largest e-businesses.

Either way, the attacks signal a new era in which anyone with an ax to grind may find the Web too tempting a target to pass up. Recent conflicts, such as Kosovo and China- Taiwan tensions, have featured cyberattacks. Even this week's action - the electronic equivalent of a shot across the bow - was enough to rattle Wall Street and galvanize the White House into action.

"This is war," says James Adams, founder of Infrastructure Defense Inc., an intelligence organization for cyberspace based in Alexandria, Va. "Conflict has migrated to cyberspace, and it's going to be a long and bloody conflict.... What you see," he says, "is this whole series of challenges government is not well-equipped to address. The private sector is the front line. We are all of us the front line."

Major Web sites crash

Although governments and security firms are working on solutions, this week's attacks represent the most public demonstration yet of how vulnerable today's Internet is. On Monday, Yahoo!, the Web's most trafficked site, was so overwhelmed with incoming bogus data that customers couldn't use the service for three hours. On Tuesday, other online firms including bookseller Amazon.com, retailer Buy.com, and auctioneer e-Bay, fell victim to a similar "denial-of- service" attack. On Wednesday, sites including e*Trade and ZDNet.com, a provider of technology news, came under fire.

These electronic bombardments did little damage besides depriving the sites of an hour or two of sales. The companies say no customer information was compromised and no money stolen. At this point, no one knows whether the point was to demonstrate an Internet weakness or to prepare for something larger.

Shortly after NATO's bombing of the Chinese Embassy in Belgrade, security experts detected a significant rise in electronic attacks against US government Web sites. The attacks appeared to be coming from Internet service providers in China, they add, although many of these may have originated in the US.

This week's attacks may prove far less sinister. "This was done for publicity," says Avi Fogel of Network-1 Security Solutions in Waltham, Mass. "I'm concerned about the attacks that we don't hear about."

"This is more a flexing of muscles," adds Patrick Taylor, vice president of risk assessment at Internet Security Systems in Atlanta. "You don't see them relentlessly pounding ... one company."

Attrition, a Web site that tracks Internet hacking events, received an anonymous e-mail Tuesday from someone claiming to have perpetrated this week's action to "put a 'Scare' into Internet stock holders. …