SAN FRANCISCO (02/11/2000) - As federal authorities reportedly honed in on California and Oregon in their search for the person responsible for the denial of service attacks on six Web sites earlier this week, reports of similar mischief surfaced with at least two other sites.
Excite@Home Corp. confirmed Friday their main Web site was crippled for about an hour Wednesday night beginning at 7 p.m. PST due to a denial of service attack. EBay Inc., which had earlier reported that its Web site was affected for about 7 hours on Wednesday, confirmed Friday that another attack was attempted later Wednesday. However, that attempt was blocked and the site was not disrupted, an eBay spokesman said.
U.S. Web sites weren't the only ones victimized by the attacks. The Web site of MediaCash SA, a French reseller of Apple Computer Inc. computers, was down for 19 hours due to a denial of service attack, according to the Wall Street Journal. The attack could be related to one of those that affected the U.S. sites, since MediaCash is hosted on a server based in California whose other customers were also hit by the attack, the report said.
Citing unnamed sources, CNN Interactive reported that the Federal Bureau of Investigation was looking at undisclosed locations in California and Oregon in its investigation of the attacks that hit Yahoo Inc., eBay, CNN, E-Trade Group Inc., Buy.com, Amazon.com Inc. and ZD Inc.'s ZDNet news site earlier this week.
An FBI spokeswoman did not return calls seeking comment.
Meanwhile, authorities have pinpointed one of the computers used to launch one of the denial-of-service attacks. A University of California at Santa Barbara desktop computer was used as a launchpad for the attack on CNN, according to University spokesman Bill Schlotter. A school official noticed on Tuesday night that an intruder had managed to get access to the computer, he said. CNN's site was affected by the denial of service attack from about 4 p.m. to 8 p.m. PST.
"There is no indication that the attack came from anyone in the university," the university said in a statement. The university is cooperating with the FBI.
Federal officials asked that the school not release any more details on the matter, Schlotter said.
In a distributed denial of service attack, the victim Web site is bombarded with so many fake requests for information that legitimate traffic cannot get through, thus rendering the site inaccessible to a majority of people. This is accomplished when a cracker - a malicious hacker - uses other, unwitting servers from which to launch the attack. While users may be inconvenienced by not getting access to the Web sites, no personal information or other data is compromised.
Meanwhile, a more serious cracker attack exposing credit card information surfaced Friday with RealNames.com Inc., a company that sells keywords for easy Internet searches. The company realized it was attacked Wednesday after discovering that keywords from its database had been redirected to a Web address in China. Access to that database also meant the cracker had access to customer passwords and credit card information.