WASHINGTON -- The FBI launched an investigation yesterday after computer vandals stepped up their unprecedented three-day assault against some of the most popular Web sites.
The electronic sabotage is a jolting alarm call for e-commerce. Unless this new menace can be quickly countered, the reliability of the rapidly expanding world of cyber-business could be badly tarnished.
Such concern sent high-flying Internet stocks plummeting yesterday and prompted top American officials to put out the message that authorities were going to do everything possible to combat the mysterious cyber vandals.
"We are committed in every way possible to tracking those who are responsible", U.S. Attorney General Janet Reno told a news conference.
While the motives of the vandals are still not understood, their actions appear to be intended to interfere with and disrupt legitimate electronic commerce", Ms. Reno said.
The attacks, which appear to be coordinated, spread yesterday to the ETrade online brokerage site, the ZD-Net news site that covers technology, and other major sites.
On Tuesday four other popular Websites were disrupted following an earlier attack on Yahoo!
Many thousands of simultaneous "junk" messages every second crippled the sites. The very openness of the Internet, one of its greatest assets, makes it especially vulnerable to these incursions.
Each company said its site had suddenly received an avalanche of bogus visits that prevented legitimate callers gaining access. The hackers did not get inside the sites or retrieve sensitive information such as customers' credit card details. It took one to three hours for the sites to filter out the attackers and resume normal service.
"Technically they haven't broken into the sites, and that's very important", said David Jones, a computer science professor at McMaster University, and president of Electronic Frontier Canada, a group concerned with protection of privacy on the Internet.
"The key technical term is 'denial of service'", Dr. Jones said. the server is flooded with messages that overwhelm it, slowing or preventing others from getting through -- much like a traffic jam blocks a highway.
"I would say it's a type of sabotage", Dr. Jones said. "I don't think that what's happening today is a national security issue."
"However, I think agencies like the RCMP and the FBI and CSIS and so on, are worried that, if we look two years down the road when we're even more dependent on the Internet, if we are still vulnerable to this kind of traffic jam or 'denial of service', it could be used to temporarily have a widespread, significant impact."
CNN said its site was "seriously affected" before technicians were able to shield its computers from the hackers. The attack on Buy.com coincided with the company's initial stock offering, which went ahead successfully. The shares nearly doubled in price.
No one admitted responsibility for the attacks. Nor have the attacks been linked to any one group.
In the U.S., hackers could face a maximum penalty of five to ten years in jail and fines of up to $250,000 or even "twice the gross loss to the victim", said FBI cyber-security expert Ronald Dick.
Dr. Jones said it's hard to see what Canadian law the hackers broke. Visiting a Web site [and sending packets to it] isn't a crime.
As a rule, hackers are teenage computer addicts looking for the illicit thrill of breaking into important sites to corrupt files and leave a signature of electronic graffiti. The latest attacks are on a far broader scale and some wonder whether the authors could be a more sinister breed of cyber-terrorists, possibly even foreign agents.
Microsoft Corp's MSN.com was among the popular sites affected, though its problems were caused indirectly by disruptions to Internet service providers carrying its traffic.
ETrade, Amazon.com, and Yahoo! saw their stocks plunge over news their sites had proved vulnerable.
Buy.com, which crashed under an onslaught eight times its site's capacity, said it had traced the co-ordinated attacks to big computers in Boston, New York, and Chicago.
Jeff Mallett, president of Yahoo Inc., said that more than 50 powerful computers were hacked into across the United States, a reasonably simple task for skilled hackers, and were instructed to send reams of false data to Internet routers that in turn bombarded the Yahoo! site with more requests a second than many e-retailers receive in a year.
Yahoo!, a much-visited search engine and portal that came under attack a day earlier than the four major Web sites, thought it had safeguards against an invasion.
The mass hits have their own jargon: they are known as "denial of service" attacks or "pingstorms". They enlist remotely controlled "zombie" computers that simply carry out orders. Software to organize a "pingstorm" is available free on the Internet. It acts as an amplifier to churn out thousands of copies of requests.
Because the messages come from so many different sources, it's hard for the server that's hit with a "pingstorm" to figure out which messages are from hackers and which are from legitimate customers, Dr. Jones said. ,p> But it may be possible to turn back the tide. The firm that provides servers to Yahoo! said that it was exploring ways to activate a simple computer code that would deny access to the amplified requests.