| nettime's_script_kiddie on Wed, 9 Feb 2000 20:48:48 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| <nettime> |-| /\ >< 0 R 5 R U |_ 3!!! digest [fan/certain elements/hirsh] |
fan@shit.com (a fan )
Wired News : A Frenzy of Hacking Attacks
Certain elements <announce0016@rtmark.com>
Autodesk cowed by threat of attack by RTMark
jesse hirsh <jesse@tao.ca>
Denial of Service Attacks & the Nets
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Date: Wed, 9 Feb 2000 09:08:37 -0800 (PST)
From: fan@shit.com (a fan )
Subject: Wired News : A Frenzy of Hacking Attacks
A note from a fan :
hakkers reclaiming the net
============================================================
From Wired News, available online at:
http://www.wired.com/news/print/0,1294,34225,00.html
A Frenzy of Hacking Attacks
Reuters
6:00 a.m. 9.Feb.2000 PST
SAN FRANCISCO -- Hackers pulled off a series of brazen attacks on
major Web sites Tuesday, leading to shutdowns at Buy.com Inc. and eBay
Inc. after a similar assault hit Yahoo! Inc. the day before.
Datek Online Holdings Corp., the No. 4 U.S. online broker, on
Wednesday said its Web site crashed for 35 minutes as it became the
latest apparent victim of computer hackers that have wreaked havoc
across the Internet this week.
Was Yahoo Smurfed or Trinooed?
Support your self with Infostructure
Keep up with the candidates in Politics
Meanwhile, the CNBC television business channel and investors posting
messages on Yahoo! Inc.'s (YHOO.O) message board reported that E-Trade
Group Inc. (EGRP.O), the No. 2 U.S. broker, was also having problems
earlier in the day. E-Trade's Web site, however, was The attacks
followed the same pattern, with a massive flow of automated Internet
messages landing on the sites and swamping them with millions of
messages, effectively blocking them to routine traffic. Other sites,
too, appeared to be operating slowly, suggesting even more might have
been targeted.
Late Tuesday, online retailing giant Amazon.com Inc. (AMZN.O) also
appeared to have fallen victim to an attack, according to Internet
monitoring firm Keynote Systems Inc. Hackers also did serious damage
to the CNN Interactive, which administers the Web site of Cable News
Network, cnn.com, slowing content flow to a trickle for nearly two
hours, a CNN official said.
Keynote, which tracks Web sites' speed and reliability, said it noted
a sharp drop in Amazon's ability to let customers into its store and
minutes later was able to enter only about 1.5 percent of the times it
tried.
"Its inaccessibility looks very similar to what we saw with Yahoo and
eBay and Buy.com," a Keynote spokeswoman said, adding that the exact
cause of the failure was still unclear.
Amazon's site appeared to be back up and running normally about an
hour later. Amazon officials were not available for comment.
CNN Interactive spokeswoman Edna Johnson said hackers attacked the
site from 7 p.m. EST until about 8:45 p.m.
"We were seriously affected. We were serving content, but it was very
inconsistent and very little," Johnson said in a statement. It was the
first attack on the site since it was launched in August 1995.
By 8:45 p.m., the company's upstream providers had put blocks in place
to shield the site from further attacks.
The Federal Bureau of Investigation in San Francisco met Tuesday with
Yahoo, the first to be hit. The government has bolstered its efforts
to track down electronic crime on the Internet since e-commerce has
turned into a serious driver of the economy over the past two years.
"We are in a dialogue with Yahoo," a spokeswoman for the agency said.
"I can't comment further right now."
The FBI had no immediate comment on the eBay and Buy.com situation.
The rapid succession of disruptions on a massive scale suggests that
the same group was behind all of the attacks, said chief technology
officer Elias Levy, of Securityfocus.com, computer security
information service.
"It would be very difficult to assemble this level of attack so
quickly if it were a copycat," said Levy. "That doesn't mean it
couldn't happen. But to generate this level of traffic requires a lot
of machines working together."
By repeating the attacks, the perpetrators are raising the possibility
that they will be apprehended, he said, but because their attacks can
be directed from anywhere on the globe they could be difficult to
find.
The incidents have relied mostly on brute force, not obscure
technology, to do damage. The hackers are simply inundating the
commercial Web sites with so much traffic they can no longer operate.
Yahoo's site was pounded with one gigabit, or one billion bits of
information, per second, or about what some sites handle in an entire
week, at the height of Monday's attack.
The data was sent from "zombie" machines taken over by a single person
or group of people from a remote location.
"The problem is to find the command center that's controlling all of
the machines," said Christopher Klaus, chief technology officer of
Internet Security Systems Inc. "This is a nontrivial problem."
The hackers avoid detection by jumping from one computer network to
another to cover their tracks, and by immediately erasing any data
that might identify them.
Yahoo, the biggest stand-alone Web site and the first to be hit, was
almost completely shut down for over two hours on Monday, although the
company said it expects no financial impact from the incident.
"From a financial standpoint, there isn't any impact," said a Yahoo
spokeswoman.
Yahoo, which generates much of its revenue through advertising, was
able to reschedule ad spots. But since an estimated 100 million pages
would have been viewed during the two hours the site was down, the
company could potentially have lost as much as $500,000, analysts
said.
Yahoo said the attack on its site has been narrowed to 50 Internet
addresses, though computer security experts said that even with that
number, it would take time to track any hacker or hackers with the
skill to shut down Internet giant Yahoo.
The attack is called a distributed denial of service attack, a
concerted move to inundate a site from many points. Since computer
programs are used, a single person could launch the attack, although
it seems to be coming from many points.
But investigators need to go behind the target computers to find the
command center that directed the attack and Gordon predicted an answer
would be elusive in the near future.
Buy.com became the second major site hit, as its operations were shut
on what should have been a big day for the Internet shopping service,
which completed a successful initial public stock offering and saw its
stock nearly double in price from the $13 offer price. It closed at
$25.125. EBay later reported it had been hit by "a coordinated denial
of service attack."
Wall Street analysts have shown more tolerance for companies which are
hit by outside hackers than those whose own systems have failed or
whose data has been corrupted. Yahoo stock was up despite the raids,
gaining $19.125 to stand at $373.125, in a day of strong trading in
Internet issues.
But despite Wall Street's willingness to shrug off the shutdowns,
security experts warned that the industry needs to deal with the issue
or it will continue to disrupt the emerging e-commerce economy.
"This should remind us that the Internet is fairly new and fragile,"
said Securityfocus.com's Levy. "E-commerce is growing faster than the
building blocks underneath the Internet, and we have to go back and
take a look at them."
E-Trade officials were not immediately available for comment.
Datek said one of the three routers that it used crashed earlier in
the day after getting overloaded with traffic.
"It seems to be related to the 'denial of service' attack," Chief
Technological Officer Peter Stern told Reuters, referring to the
attacks on Yahoo!.
The router was down from 9:30 to 10:05 a.m. EST (1430 to 1505 GMT)
before going back into operation, he said, adding that Datek customers
had trouble logging on to its site as a result.
"I don't know if they were hackers, but I find it highly unlikely that
someone just pulled the plug," he said.
Some Datek customers were able to log on to the site by using one of
the other two routers that the broker had at its disposal, according
to a spokesman.
Officials at TD Waterhouse Group Inc. (TWE.N), which apparently uses
the same troubled router as Datek, could not be reached for comment.
Copyright 1999-2000 Reuters Limited.
Copyright 1994-99 Wired Digital Inc. All rights reserved.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Date: Wed, 9 Feb 2000 06:46:45 -0500 (EST)
From: Certain elements <announce0016@rtmark.com>
Subject: Autodesk cowed by threat of attack by RTMark
[nettime-specific subscription info deleted--tb]
February 9, 2000
FOR IMMEDIATE RELEASE
THE LEGACY OF ETOYS: AUTODESK
Trying to take over website, company buckles at threat of attack
Contacts: mailto:autodeskinfo@rtmark.com
Matthew Anderson: mailto:webmaster@the3dstudio.com
Autodesk, Inc.: mailto:martin.konopken@autodesk.com,
mailto:rootcsh2@autodesk.com
More information: http://rtmark.com/autodesk.html,
http://rtmark.com/netabuse.html,
etoy/eToys update: http://rtmark.com/etoynsi.html
(more contacts and links listed at end)
When thousands of activists forced Internet toy giant eToys to withdraw
its lawsuit against art site etoy.com last month, one of their bigger
goals was to create a chill on all of e-commerce, so that companies using
the Internet would think twice before trying to steal precious bits of
online public space.
This goal seems to be a few steps closer to being fulfilled. Last week
a user of http://The3DStudio.com told RTMark that Autodesk, a company
that makes a product coincidentally called 3D Studio, was attempting to
shut down the forum, which is used by hundreds of 3D artists to freely
trade graphics. According to The3DStudio.com webmaster Matthew Anderson,
he and the artists who use the site had written hundreds of e-mails to
Autodesk explaining the purpose of the forum and begging them to leave it
alone, but Autodesk had never replied to anyone.
Friday night, RTMark informed the parties concerned that it would help
sponsor an eToys-style attack against Autodesk.
Within hours, Autodesk announced that it would relent from its suit, and
on Monday morning Martin M. Konopken, Senior Corporate Counsel for
Autodesk, officially informed Anderson and RTMark that all threats against
The3DStudio.com were being withdrawn; a link to The3DStudio.com was even
placed on the Autodesk website. (See http://rtmark.com/autodesk.html for
full correspondence.)
"Now if they jump like that BEFORE being threatened, we'll have achieved
something nice," said RTMark spokesperson Ernest Lucha. But Lucha said
that goal is still far away. "So many companies are still behaving like
thugs on the Web. The HMO Health Net is trying to destroy
http://www.HealthNet.org, founded in 1993 by a Nobel-winning cardiologist
to connect doctors in the developing world; Leonardo Finance is suing the
thirty-year-old art magazine, Leonardo, for its name; even the Vatican has
gotten into the act, by stealing Vaticano.org from an artists' group with
the complicity of Network Solutions [the company that controls Internet
domain names]. We know of dozens of such cases. Each of these aggressors
must be informed that they're vulnerable to attack just like eToys, and
could easily lose it all in a matter of weeks." (E-mail addresses and
information links can be found at the end of this release.)
"We must ensure that eToys fulfills its role as the Brent Spar of
e-commerce," said Reinhold Grether, an Internet researcher and a
mastermind of the anti-eToys campaigns. "Just as the Brent Spar fiasco
forced the petroleum industry to listen to environmentalists, so
e-commerce companies must continue to be reminded that the Internet
doesn't belong to them, and that they can't do whatever they want with
it."
But even if RTMark and other activists are successful in intimidating
companies into behaving well on the Internet, there are bigger goals that
must also be kept in mind, said lawyer and RTMark member Rita Mae Rakoczi.
"Companies' fear of Web activists doesn't help the thousands of victims of
toxic waste dumps who are sued into silence, nor the scientists who are
intimidated into practicing shoddy science for the sake of corporate
profit, nor the millions of citizens--demeaningly called 'consumers'--who
reap the poisonous fruits of bad science and other corporate lies."
Rakoczi sees the solution to widespread corporate criminality in legal
reform. "It's not a matter of creating new laws; there are swarms of old
laws that need rescinding--starting with a flawed 1886 Supreme Court
decision granting corporations, those entities whose only possible aim is
profit, the rights of people. Then there are all the laws and decisions
built onto that, like the 'money = speech' decision that declares spending,
and hence political lobbying by huge corporations, a form of protected
free speech."
"Corporations use their legal standing in predictable ways," said Rakoczi,
"but not a one has ever received a lethal injection. Only wide-ranging,
visionary legal reform can address the enormous problems of corporate
crime. Protecting the Internet, important as it is, is only a stepping
stone to that goal."
RTMark aims to publicize the widespread corporate abuse of democratic
institutions like courts and elections. To this end it solicits and
distributes funding for "sabotage projects," groups of which are called
"mutual funds" in order to call attention to one way in which large
numbers of people come to identify corporate needs as their own.
Additional links:
HealthNet.com information: http://www.healthnet.org/notice.html
contact: (818)676-6775, mailto:webteam@healthnet.com
Leonardo Finance information: http://rtmark.com/leonardo.html
contacts: mailto:yves.delacour@leonardofinance.fr,
mailto:fmonnot@leonardofinance.fr,
mailto:valerie.virlouvet@leonardofinance.fr
The Holy See information: http://rtmark.com/vaticano.html
contact: +39-06-698.92.434/443/442,
mailto:accreditamenti@pressva.va
Skippy Peanut Butter information: http://www.skippy-scam.org/
contact: 201-894-4000, mailto:webmaster@bestfoods.com
eToys: http://rtmark.com/etoy.html
Network Solutions contacts: mailto:chrisc@netsol.com,
mailto:smcclorey@netsol.com
Shell Oil: http://rtmark.com/shell/
Other cases: http://rtmark.com/netabuse.html
Corporate history: http://www.poclad.org/
[nettime-specific subscription info deleted--tb]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Date: Wed, 9 Feb 2000 01:30:15 -0500 (EST)
From: jesse hirsh <jesse@tao.ca>
Subject: Denial of Service Attacks & the Nets
for more info:
http://abcnews.go.com/sections/tech/DailyNews/yahoo000208.html
Message-ID: <v04020a01b4c63d3e8725@[208.177.135.210]>
Date: Tue, 8 Feb 2000 14:43:27 -0800
Sender: State and Local Freedom of Information Issues
<FOI-L@LISTSERV.SYR.EDU>
From: Jim Warren <jwarren@WELL.COM>
Subject: who's doing what, with which, to whom, for why?
Let's see ...
On January 27th, Clinton said he wants to make electronic "law enforcement"
a high priority, in his State of the Union speech.
By January 30th, the *always*-silent National Security Agency suddenly
*alleges* very publicly, that its main computers -- that process covert
communications interceptions from around the nation and world -- had
inexplicably crashed from January 24th to the 28th.
Escalating the issue, in the first week of February, Clinton's budget
proposes to spend $240-million to massively expand his undetectable,
at-a-keystroke, remote wiretapping facilities, to be able to secretly snoop
on any phone in the nation.
And half of the $240-million is Defense Dept loot -- perhaps from secret
NSA appropriations (after all, wiretapping is what they *do*!). Note that
another President thought that wiretapping his political opponents was so
important that he risked -- and lost -- his presidency, trying to install
them.
By February 7th, the world's most prominant online information service --
Yahoo (I don't count AOL as a service :-) -- suffers a massive attack and
crashes for hours.
By February 8th, Missouri and Oklahoma phone systems have crashed. It
illustrates the horrors of vile cyber-terrorists, but without bothering
"important" people in Washington or on the East and West coasts.
Now, also on the 8th, the normally *very* reliable mail-server at
Concentric Networks -- a large national ISP -- has been refusing to respond
for more than an hour.
What better way to "prove" the need for massively expanded government
surveillance, and create a fenzy of support for it?!
Suddenly crackers seem to have become far better than any have ever been
before. But then again -- what organization has the best computer and
phone-system crackers in the world?! There is "No Such Agency."
--jim-the-paranoic
~~~~~~~~~
a message from the internet list
http://internet.tao.ca
the internet you say?
qui est-ce?
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
# archive: http://www.nettime.org contact: nettime@bbs.thing.net