BANKS KNEW SPAM BOMBS WERE COMING

Just days before last week's massive spam bombings that jammed several major Web sites, computer experts at some of the largest American financial institutions got detailed warnings of impending cyberthreats at least eight times - but thanks to a regulatory quirk not widely known to the public, the banks were unable to pass the warnings on outside their own industry.

Meanwhile, the FBI is reportedly preparing to question suspects in the massive Web jams which hit several major sites in the second week of Feburary, including a hacker living in Germany who may have created software used in the attacks.

The first alert in the latest attacks went out on Feb. 4, when insiders saw some machines compromised, and Yahoo was jammed with a spam bomb attack four days later, the AP says. Banking officials never passed the warnings on to law enforcement, the AP says, even as alerts increased from the first spam bombing against Yahoo to those at eBay, Amazon.com, Buy.com, CNN.com and others.

These alerts, by e-mail and page, warned dangerous attack software was found implanted on "powerful computers" around the U.S., with the messages said to have identified, ultimately, specified Internet addresses of the attacking machines.

But the banks in question were banned from sharing the warnings with government probers, the AP continues, because of rules of an "unusual" private security network created for the financial industry in recent months. According to the Treasury Department, mandated disclosure might block banks and others from being straight about attacks by rogue employees, software bugs, viruses or hackers, the AP says.

"Everybody felt comfortable sharing information," William Marlow, executive vice president for Global Integrity Corp., which runs the network, tells the AP. "The government wasn't involved, everything was anonymous. The private sector can help each other without additional regulation."

But the high-tech world struggles with the problems of sharing information openly about new e-threats, even as companies fear admitting Net vulnerabilities to governments or rivals, the AP says. That's likely to be one topic on the Feb. 15 agenda when top Internet players meet with President Clinton to discuss Internet security.

"These denial of service attacks obviously are very disturbing," the President says. Clinton said Monday. "And I think there is a way that we can clearly promote security." Clinton also pressed consumers not to panic over the spam-bombings.

The banking warning network sprang from Clinton's orders for better protection from cyberattack for important American industry, the AP says. It's run from the "secretive" Financial Services Information Sharing and Analysis Center. To encourage open participation by banks and other financial firms, the AP says, Treasury decided that information disclosed would not be turned over to federal regulators or law enforcement agencies. It worked well last week for banks, which enjoyed early warnings about pending attacks, but it also guaranteed the same warnings weren't widely distributed.

Only licensed banks and other government-regulated financial firms that become subscribers are able to exchange information or tap into the network's details of known security threats, the AP says. Urgent alerts are sent by e-mail, pager and cellular phones to a bank's experts, the news wire continues, who pay $13,000 to $125,000, depending on how many employees use the information.

Meanwhile, the Washington Post says the FBI has linked online aliases like mafiaboy and Coolio to real names and addresses, with agents due to have started questioning suspects Feb. 15 - the same day as President Clinton holds his mini-summit on Internet security with some of the Web's biggest players.

The FBI has confirmed one machine used remotely in the spam bombings was in Portland, OR, but the machine isn't identified yet, according to the Associated Press. Previous reports also indicated computers at Stanford University and the University of California at Santa Barbara may also have been used to route the attacks.

The agency is also reportedly seeking a hacker known online as Mixter, living in Germany, who created Stacheldraht, a software which may have been used in the attacks. The AP says the FBI doesn't think he's a suspect but that he might have useful information.

Coolio - not to be confused with the rap star - lives in the U.S., according to the Post, which adds his name was used by a person who defaced a company Web site Feb. 13. Another suspect is said to be a Canadian teen calling himself mafiaboy, while a third is reported to have confessed to a staffer at Attrition.org, a popular Web security site.

The massive spam-bombings, which jammed such sites as Yahoo, eBay, Amazon.com, CNN.com, and others, were estimated to have caused millions in losses and rising fears on Internet safety.