February 18, 2000

Universities have been advised to beef up their network security procedures after a wave of commercially destructive attacks on popular websites in the United States last week.

The computer attacks effectively forced Yahoo, eBay, Amazon, and, technology news site ZDNet and online brokers E-Trade off the network for several hours.

Officially unconfirmed reports suggested that a University of California at Santa Barbara server was "hacked" and used in at least one of the attacks.

Meanwhile, it emerged that a university outside Montreal unknowingly housed the secret website for a formidable American software piracy group for four years. The group, styled Pirates with Attitude, logged on to the Universite de Sherbrooke's website to obtain software, including the unreleased Microsoft Office 2000.

Last week, the FBI charged the group's alleged leader, Robin Rothberg, with conspiracy to infringe the copyright of thousands of software programs. The university was deemed a bystander by the bureau.

Andrew Cormack, head of the Computer Emergency Response Team at Ukerna, the United Kingdom Academic Network Organisation, whose software was used by FBI investigators to detect a zombie program used in the Berlin-based attacks, said that university networks were good targets for this kind of attack. A home PC with a standard 56kbps modem would be inadequate for the task.

"Distributed denial of service" attacks have been used against smaller websites but the newer program coordinated the attack over tens or even hundreds of computers.

"The data is of a type that is difficult, if not impossible, to track," Mr Cormack said. "This is low-level stuff. Most programs use the sorts of packets that go around the net checking whether a particular machine is down or not. It is hard to tell true packets from fake.

"Also, university networks exist in a fairly open culture, unlike businesses, and are therefore always easy to break into.

"Universities need to educate all their people that the network they use is not as simple and easy to use as buying a PC and plugging it into a wall socket. These people would not buy a car without learning how to lock the doors. On the net, national boundaries are pretty much ignored. This is good news for those trying to conceal their activity," Mr Cormack said.

Ukerna network traffic monitors had established that the recent attacks were not generated from United Kingdom-based machines. Monitoring would ensure that Ukerna could detect sharp increases in data traffic, stop the flow and alert the institutions involved.

Mr Cormack advised universities to reduce the number of network computers visible to the outside world, including potential entry points for a security breach.

They should also install tracking software. Free versions and detailed information are available on the net at More comprehensive security software is available for free from Network Associates (, which also has a free network analyser service ( that can detect zombie programs.

Register to continue

Why register?

  • Registration is free and only takes a moment
  • Once registered, you can read 3 articles a month
  • Sign up for our newsletter
Please Login or Register to read this article.