DOS ATTACK ON NYT - Computers shut down

greenspun.com : LUSENET : Current News - Homefront Preparations : One Thread

Tuesday October 30 7:21 PM ET

NY Times Computers Shut Down by Apparent Attack

NEW YORK (Reuters) - Internet connections at the New York Times Co (NYSE:NYT - news) were interrupted for several hours on Tuesday afternoon after the paper's computers were flooded with bogus information in an apparent attack.

``We don't know that it was malicious, but there seems to be no innocent explanation,'' wrote network administrator Terry Schwadron in an e-mail to newsroom employees.

The Times computers ``started receiving a huge amount of electronic transmission that flooded the machinery that protects the paper from hacker attacks,'' according to Schwadron's e-mail, in what he called ``denial of service activity.''

In a denial of service attack, thousands of fake messages are sent to server computers, tying up the recipient's network. The main White House Web site (http://www.whitehouse.gov) was hit with a similar attack in May.

The New York Times Web site (http://www.nytimes.com) was online as of Tuesday evening.

A spokeswoman for the company, reading a statement, said: ''Some New York Times employees are experiencing difficulty accessing the Internet through their computers. Our technical staff is trying to determine the reason for this. At this time, we do not know the cause.''

The spokeswoman did confirm the contents of Schwadron's e-mail.

The New York Times has gone through two anthrax scares since Oct. 12, but tests came up negative for the bacteria.

-- Anonymous, October 30, 2001

Answers

BBC Tuesday, 30 October, 2001, 12:55 GMT

Attacks from the heart of the net

White House website was hit by a denial of service attack

As the security improves on one part of the internet, malicious hackers are changing their tactics to take advantage of lapses elsewhere.

A report by the Computer Emergency Response Team has revealed that some computer vandals are now targetting the machines making up the fabric of the net.

Some attackers are starting to use routers - devices that pass data packets around the net - to bombard sites and servers with enormous amounts of data.

The report also warns that the pace of attacks is growing, and that security experts have a ever-shrinking opportunity to close holes or develop patches.

Smurfing

The report traces the development of the methods malicious hackers and vandals are using to carry out Denial of Service (DoS) attacks on websites and servers.

The first DoS attacks took place in February 2000 when popular sites such as Yahoo, Amazon, eBay and CNN were knocked offline by being bombarded with bogus data packets.

At the time anyone wanting to carry out these attacks had to use largely manual methods to find and compromise machines that could launch data packets on their behalf.

The response to these high-profile attacks meant that the tactic used to generate the net traffic, known as smurfing, became much more difficult to carry out.

But as one loophole closed, attackers moved on to develop new methods and strategies.

Now tools are available that can automatically scan for vulnerable machines and infect them.

Once infected, machines can be made to report their readiness to net chat services.

Many attackers co-ordinate the machines under their control via the same chat channels.

Intruders

One new strategy is causing particular alarm.

"One of the most recent and disturbing trends we have seen is an increase in intruder compromise and use of routers," said the report.

Routers are hardware devices that pass data packets around the net. They are attractive to attackers for very simple reasons.

"Routers are often less protected by security policy and monitoring technology than computer systems, enabling intruders to operate with less chance of being discovered," warn the authors.

The routers are being used to scan for vulnerable machines, to hide links to chat channels used to control compromised machines, as well as to launch streams of data packets.

The report paints a grim picture of the future and said DoS attacks are likely to prove "attractive and effective" in the future.

To make matters worse security experts who protect sites from attack are getting less and less time to learn about new threats and ways to counter them.

The report said: "The window of opportunity between vulnerability discovery and widespread exploitation, when security fixes or workarounds can be applied to protect systems, is narrowing."

-- Anonymous, October 30, 2001


I was just in a security meeting earlier this evening. In a warning similar to the FBI's notice the other day, the local PTB are warning sysops to be on the alert for wide-spread hacker activities, beginning at midnight tonight. Hacks can include the release of viruses and worms, as well as actual break-ins, (where the perps might leave a trojen horse behind or other problem). We are already experiencing some router problems in Central Ohio from increased traffic. Some believe a DOS attack is involved. I asked whether this was strictly an Ohio problem or believed to be more widespread. I got several different answers, so I pass this on to you as simply a "heads up" now that I see the NYT seems to be having problems.

Sorry about the weird prose. I'm not used to evening meetings -- that on top of SAR's news has done me in. G'night. Beware the spirits that walk tonight.

-- Anonymous, October 30, 2001


Moderation questions? read the FAQ