Alberta university computer suspected

RCMP launch probe of link to cyber-mayhem

The University of Alberta is investigating whether its computer network was used in the attacks that shut down some of the Internet's biggest sites last week, an official says.

"We're investigating a complaint that we received from a university in California about some suspicious activity", said Barry Ladan, computer security administrator at the Edmonton institution.

"We're looking at all we have and seeing if we were one of the pieces in the puzzle", he added.

The university is doing its own forensic investigation and passing along information to the RCMP, Ladan said.

Security experts believe the denial-of-service attackers last week commandeered "zombie" computers and used them to overload Web sites with information, forcing them to shut down.

Several corporate and academic security organizations have spent the days and nights since the attacks "sniffing" the Internet for networks that could have been used.

Ladan said the suspicious activity has been traced back to one of the smaller systems connected to the university's backbone network. The U of A network connects some 14,000 computers and more than 200 smaller networks.

"It's a fairly complex task to try and trace back and figure out who was doing it", said Michael Byrne, director of the U of A's computing and network services.

Both officials said they were wary of providing too much information about the probe.

University computer systems are considered some of the most vulnerable to hackers since they often have thousands of users and are less secure than corporate networks.

Fernando Bonilla, security manager for Ryerson Polytechnic University's computer networks, said the computers there were used in similar, but smaller-scale attacks last summer.

In other news yesterday:

• U.S. law enforcement leaders said computer attacks are one of the fastest-growing areas of crime and that continually updated technology makes it nearly impossible to keep track of the problem.

  "How we deal with cyber-crime is one of the most critical areas we face", said U.S. Attorney General Janet Reno.

  Federal Bureau of Investigation Director Louis Freeh told a U.S. Senate committee yesterday the U.S. agency was following "fast-developing leads" in the investigation.

• Internet Direct, the Toronto-based service provider that once had a client who went by the Internet moniker "mafiaboy" (the nickname of a user suspected of being an Internet vandal connected to last week's cyber-mayhem), said yesterday the RCMP executed a search warrant at its Montreal office, after which it supplied the identity of the user.

  "It's out of our hands now. It's in their hands for investigation", company vice-president Colin Campbell said yesterday.

RCMP officials continued to refuse comment on the international investigation, saying that, because the FBI is leading the hunt, only that agency can talk to reporters.

An official also refused to comment about the RCMP-led investigation into an attack Feb. 7 on the Toronto-based HMV.com site.

But Paul Teeple, the civilian officer in charge of the force's technical security branch, said the department warned Ottawa on Jan. 19 to prepare for the new type of hit. He said no government sites have been hit.

Wilfred Camilleri, the manager of computer security at the University of Toronto, said yesterday he wasn't aware of the school's computers ever being used in a distributed denial-of-service attack.

Investigators in the United States have so far identified at least nine sites where computers were used as zombies. They say they suspect sites in Canada.

The FBI said yesterday it opened 547 "computer-intrusion cases" in 1998 and this number more than doubled to 1,154 in 1999.