From...

February 14, 2000
Web posted at: 11:21 a.m. EST (1621 GMT)

by Jennifer Couzin and Miguel Helft

(IDG) -- Nail-biting, heightened vigilance and plenty of full-fledged paranoia Wednesday characterized sites untouched thus far by a recent "denial of service" spree, as companies anxiously watched and waited.

"People are saying, 'Am I going to be next?'" said Alex Samonte, chief engineer for SiteSmith, a Santa Clara, Calif.-based company that manages Internet operations for clients ranging from About.com to RedCart.com. Samonte said SiteSmith has received twice as many calls from worried customers in the past two days as in all of last month.

RESOURCES Check here to see how a denial of service attack works.     ALSO The denial-of-service aftermath Consulting firm says its server was used to attack AOL Transcript: A chat with Avi Rubin about Internet Security and Denial of Service attacks Denial of service hackers take on new targets Justice Department wants more funds to fight cyber crime TIME: Classic Hackers Decry Heavy-Handed Upstarts Net execs to meet with Clinton     MESSAGE BOARD  Insurgency

Samonte pointed out, though, that "there is not a lot that individual customers can do," adding that the attacks have affected the infrastructure of the hosting companies that power the sites of most large Internet companies.

A representative for Excite (ATHM) said the site had ramped up security and, like other portals considered at risk, was monitoring the situation closely. But, along with almost everyone else, Excite refused to specify what steps it was taking, pointing out that being outspoken about its efforts was likely to attract the attention of "crackers," or harm-bent hackers.

Indeed, paranoia that media coverage would make them targets was palpable at over a dozen e-commerce, online media and portal sites. "The last thing I want to do is raise our profile," said David Emanuel, an AltaVista spokesman, as he sought to account for his refusal to elaborate on AltaVista's security measures.

"We don't discuss the routine maintenance procedures or any of the precautions that we take in our Web site operations for competitive and security reasons," said Ken Ross, a spokesman for eToys. During the holiday shopping season, the online toy retailer was the victim of attempts to slow the site down, as part of a legal dispute with Etoy, a European group of cyberartists.

But, despite being tight-lipped when it came to discussing security, many companies acknowledged keeping a watchful eye on the situation. "We are on a full state of alert," says the CEO of a leading consumer electronics e-commerce site who asked not to be identified. The electronic retailer is unusual in that it hosts its own Internet servers and data centers. "We have guys living there around the clock," the CEO said.

MORE COMPUTING INTELLIGENCE

IDG.net home page

A primer: Denial-of-service attacks

eToys attacks show need for strong Web defenses

Hackers express disdain for Web "vandals"

A media site, which spoke only on the condition of anonymity, reported that it had taken steps to prevent being used as an "accessory" platform by which crackers could launch their attack. Other companies refused to comment on whether they too had installed technology that would preclude their use as innocent accessories.

Though the attackers have not yet been caught, the FBI and Department of Justice are working to trace the attacks. Officials at Bluelight.com, the e-commerce subsidiary of Kmart (KM) , said they hoped law enforcement would step in to stop the person or people who were disrupting sites.