January 10, 2001, 11:36 AM — AS THE BUSY holiday shopping season gets into full swing, a federal security agency affiliated with the FBI is warning that attacks by malicious hackers against e-commerce Web sites and other companies doing business online are on the rise.
The Washington-based National Infrastructure Protection Center (NIPC) issued an advisory last Friday saying that FBI investigations and unspecified additional information point to an increase "in hacker activity specifically targeting U.S. systems associated with e-commerce and other Internet-hosted sites."
The NIPC, which is located at FBI headquarters, said most of the intrusions were made against systems running Microsoft's Windows NT operating system, although Unix-based machines also were reported to have been victimized. The center didn't include any specific examples of attacks in its advisory, and a spokesperson for the NIPC declined to comment on that Tuesday.
According to the NIPC's advisory, attackers "are exploiting at least three known system vulnerabilities to gain unauthorized access [to systems] and download proprietary information" from unsuspecting companies. Most of the attacks had been under way for several months before being discovered, the center added.
"Although these vulnerabilities are not new, this recent activity warrants additional attention by systems administrators," the advisory said. "The NIPC strongly recommends that all computer network systems administrators check relevant systems and apply updated patches as necessary. Specific emphasis should be placed on systems related to e-commerce or e-banking/financial business."
Eric Hemmendinger, a security analyst at Aberdeen Group, in Boston, said the agency's alert should be taken seriously by IT managers because it comes from the government, not from security firms or antivirus software vendors warning of the end of the world as we know it.
"What might be a little bit unusual about this is not what the warning is, but where it's coming from," Hemmendinger said. "When the federal government wakes up to a problem, they're usually not the first ones [to see it]. That means it's worth paying attention to."
Hemmendinger said users can defend themselves against virus attacks and network intrusions by updating their antivirus programs and making sure they apply any available security patches to their applications. But companies are still vulnerable to distributed denial-of-service attacks, which can crash their Web sites, he added. "In the case of denial-of-service attacks, there is no really good answer right now," Hemmendinger said.
That problem was evident last February when major Web sites such as the ones operated by Yahoo, eBay, and Buy.com were shut down by a string of denial-of-service attacks.