An American government agency had warned over a month before this week's mass spam bombings that the attacks which jammed several high profile Web sites were possible, if not definite.
An Australian e-paper, The Age, says the U.S. National Infrastructure Protection Center had handed up a warning Dec. 30 that it saw numerous reports of cyberintruders installing distributed denial-of-service tools on various computer systems to build large host networks able to launch major, coordinated spam floods.
According to the advisory, the NIPC suggested potential motives for the hacks included exploit demonstration, exploration and reconnaissance, or preparing for widespread DOS attacks. Other theories on motives for the attacks included stock market tampering, especially since some of the bombing victims who trade publicly saw their stock prices jump the day after they were hit.
The bombings began when Yahoo was jammed for three hours Feb. 7. The following day, the cyberbombers hit Amazon.com, eBay, Buy.com, and CNN.com. The day after those attacks, the cyberbombers struck two online stock traders, E*Trade and Datek.
The NIPC advisory reportedly said multiple DOS tools like TRINOO and Tribe Flood Network were reported on systems around the United States, The Age says. They're embedded on remote systems, joined through a broadband link, and saturate targeted Web servers.
At this writing, there have been no further such attacks, but the FBI has launched a massive probe to find the sources and the motives. The Wall Street Journal says the victimized e-companies have also brought in their own gumshoes to trace the attacks.
The Journal says the bureau is trying to reconstruct the attacks by looking into the records of the targeted companies and their Web partners, as well as Internet service providers who may have been used as pipelines, but the paper says one key problem with that approach is that some Internet service providers don't keep records. Another: privacy policies mean companies can turn such information as they have only by FBI subpoena.
And because the software needed to launch these types of attacks are available as easily as they are online, and the hackers responsible for getting them may have shared them widely, the Journal says, it could prove difficult to prove whether the attacks were individual attacks or a coordinated raid through the same program(s).
