Watch CBS News
X-SciTech

Internet Worm's Potential Is Scary

By
Brian Dakss
Senior Editor
Brian Dakss is a longtime New York-based editor and writer for CBS News, at the Radio network and with CBSNews.com. He has written and edited for NBC News, Dow Jones and numerous radio stations and been a radio anchor and reporter.
Read Full Bio
Brian Dakss

/ CBS

Add CBS News on Google

Any thoughts that vital network services, including banking operations and 911 centers, are immune to Internet attacks are falling by the wayside after last weekend's attack.

"It is scary to think that it affected police and fire dispatches, it affected 911 systems, it affected financial institutions," said CBS Radio News Tech Analyst Larry Magid. "Nobody died as far as we know as a result of the attack, but certainly a lot of people were inconvenienced. It had a huge impact on South Korea's economy, and we don't yet know what impact it had on the U.S. economy."

Damage in some of these areas was worse than many experts had believed possible.

The nation's largest residential mortgage firm, Countrywide Financial Corp., told customers who called Monday that its systems were still suffering. Its Web site, where customers can make payments and check their loans, was closed most of the day.

Countrywide predicted it would be early Tuesday before all its computers were fully repaired and its systems validated for security, spokesman Rick Simon said.

Police and fire dispatchers outside Seattle resorted to paper and pencil for hours after the virus-like attack on the weekend disrupted operations for the 911 center that serves two suburban police departments and at least 14 fire departments.

American Express Co. confirmed that customers couldn't reach its Web site to check credit statements and account balances during parts of the weekend. The attack prevented many customers of Bank of America Corp., one of the largest U.S. banks, and some large Canadian banks from withdrawing money from automatic teller machines Saturday.

Microsoft Corp. itself was exposed to the virus-like attack that crippled global Internet activity last weekend because it failed to install crucial fixes to its own software on many Microsoft computer servers, according to internal e-mails obtained by The Associated Press.

Although Microsoft contends its failure to keep up with its own updates did not cause major problems, security experts said it points to a larger issue: Microsoft's process for keeping customers' software secure is hugely flawed.

The virus-like attack, called "slammer" or "sapphire," exploited a known flaw in Microsoft's "SQL Server 2000" database software, used by businesses, government agencies, universities and others around the world. Microsoft had issued a patch for the flaw in July, but many — including some units within Microsoft — had failed to install it.

The result was that the attacking software scanned for victim computers so randomly and so aggressively that it saturated many of the Internet's largest data pipelines, slowing e-mail and Web surfing around the world.

"The fact that financial systems, from American Express, Countrywide Financial and Bank of America, were affected shows that these worms and viruses and hacker attacks aren't simply disruptions in e-mail and Web surfing," said Magid. "They're going after our infrastructure."

President Bush's No. 2 cyber-security adviser, Howard Schmidt, acknowledged that what he called "collateral damage" stunned even the experts who have warned about uncertain effects on the nation's most important electronic systems from mass-scale Internet disruptions.

"This is one of the things we've been talking about for a long time, getting a handle on interdependencies and cascading effects," he said.

Miles McNamee, a top official with the technology industry's Internet early warning center, said the attack was "comparable to the worst of previous denial of service attacks."

The White House and Canadian defense officials confirmed they were investigating how the attack, which started about 12:30 a.m. EST Saturday, could have affected ATM banking and other important networks that should remain immune from traditional Internet outages.

"I find it disturbing that automatic teller machine networks are linked to the public Internet," said Magid. "Anything that's connected to the Internet is vulnerable to an attack."

Microsoft said it has sold 1 million copies of the SQL Server 2000 software, but the flawed code was also included in some popular consumer products from Microsoft, including the latest version of its Office XP collection of business programs.

The attacking software scanned for victim computers so randomly and aggressively that it saturated many of the Internet's largest data pipelines, slowing e-mail and Web surfing globally.

"A hacker attack can be a weapon of mass disruption," said Magid. "If it goes after our financial institutions or our medical systems or any vital parts of our infrastructure. We can't afford to jeopardize our national security to a hacker who could be anywhere in the world going after us on the Internet."

Congestion from the Internet attack is almost completely cleared. That has left investigators poring over the blueprints for the Internet worm for clues about its origin and the identity of its author.

Complicating the investigation was how quickly the attack spread across the globe, making it nearly impossible for researchers to find the electronic equivalent of "patient zero," the earliest-infected computers.

"Basically within one minute, the game was over," said Johannes Ullrich of Boston, who runs the D-Shield network of computer monitors.

Experts said blueprints of the attack software were similar to a program published on the Web months ago by David Litchfield of NGS Software Inc., a respected British security expert who last year discovered the flaw in Microsoft's database software that made the attack possible. NGS Software sells a program to improve security for such databases.

The attack software also was similar to computer code published weeks ago on a Chinese hacking Web site by a virus author known as "Lion," who publicly credited Litchfield for the idea.

Litchfield said he deliberately published his blueprints for computer administrators to understand how hackers might use the program to attack their systems.

"Anybody capable of writing such a worm would have found out this information without my sample code," Litchfield said.

Still, Litchfield's disclosure was likely to re-ignite a dispute about how much information to disclose serious vulnerabilities are found in popular software.

© 2003 CBS. All rights reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue