Attacks that began Monday resulting in the crashing or freezing of Windows NT servers around the Net - including systems at NASA and the University of California at Berkeley - raised speculation that they were timed to coincide with Bill Gates' Senate testimony.
While the high number of attacks over such a short period of time might suggest that possibility, Richard Power, editorial director of the Computer Security Institute, said he would "only be surmising" to call them coordinated or specifically targeted.
The CERT Coordination Center (CERT stands for Computer Emergency Response Team) issued a warning on its security mailing list Wednesday after a number of sites around the Net were affected by relatively benign denial-of-service attacks.
Attackers were able to target a large number of hosts, CERT said, by modifying existing software tools - known variously as Bonk, NewTear, and Boink - that are only able to attack one host at a time. Although denial-of-service attacks are common on the Net, the automated and widespread nature of this week's attacks is unusual.
"Since NT was rolled out there are already 70 vulnerabilities [security holes]," Power said, "so any given day is a likely day for NT to be attacked somewhere."
"This is no big deal," agreed Peter Neumann, moderator of the RISKS Digest mailing list. Denial-of-service attacks on NT and other systems happen all the time. Rather than being noteworthy events in and of themselves, increasingly routine attacks on NT servers require fundamental action on the overwhelming vulnerabilty of systems everywhere, he said.
Power stopped well short of saying the attacks were timed to coincide with Gates' testimony. "Those are things that will hopefully be answered in an investigation."
The attack used a Windows NT security hole to simultaneously lock up multiple servers. Sites nationwide have reportedly been affected since Monday, especially university and government servers, including those at NASA.
The attacks were initiated by sending fragments of data packets to target machines, which are soon overwhelmed, resulting in a crash. Results have typically caused a system reboot or a frozen blue screen.
It's important that no attack be taken lightly, Power said, but the incident is one in an ongoing trend of the increasing vulnerability of networks, especially those using Windows NT servers.
"Our data shows pretty clearly that this is a growing problem.
While there's a heightened awareness of the problem as incidents increase, Power thinks the situation is still more insidious than people realize. Many - perhaps most - incidents go unreported since corporations and other organizations are reluctant to draw attention to their vulnerability.
Yet evidence of network insecurity is everywhere on the Net, Power said. Which get highlighted and which don't depends largely on where they happen and whether anyone reports them.
But for those in the business of computer security, this comes as no shock. "It's not surprising to anybody who keeps abreast of NT technology that it's been attacked."
As for the timing of the attacks with Gates' Senate appearance, Power shrugged. "Hacking is not Microsoft bashing."
"In cyberspace," Power said, "the doorknobs are rattled every day."
