Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

The BBC's Rory Cellan Jones
"It was absolutely unprecedented"
 real 28k

The BBC's Alfred Hermida
"A flood of fake e-mails"
 real 28k

Wednesday, 9 February, 2000, 14:15 GMT
Yahoo attack exposes web weakness

Worst outage in Yahoo's history

By BBC News Online's Alfred Hermida

It may be one of the most popular sites on the internet, but even Yahoo could not cope with a sustained electronic attack.

In an instant, its services were put out of action. The crash was the worst in Yahoo's history, challenging the increasingly popular notion of the internet as a reliable system for the exchange of information.

The fact that such a well-established company could be so vulnerable to sabotage is a sobering reminder of the unknown hazards which face internet-based businesses.

"It basically says nobody is safe, if Yahoo can be taken down with all the resources behind them," said Elias Levy, of in California.

Virtual traffic jam

Yahoo is much more than a search engine. It offers a variety of online services like e-mail, online calendering, news and auctions. For millions, it is their first stop when they go online.

Yet during the outage, anyone trying to pick up their e-mail, use the search engine or access the auctions sites would not have been able to get through.

Vulnerabilities are widespread, well-known and readily accessible on most networked systems
Yahoo says its servers were overloaded by a bombardment of fake messages. The huge amounts of data created a traffic jam in cyberspace, blocking users from getting through to the site.

In this case, Yahoo was not able to reroute the traffic to prevent the disruption of service.

The attack was targeted on one of the data centres used by Yahoo, GlobalCenter. Most big internet companies use data centres to host critical computers and servers to make them more secure.

It took Yahoo three hours to identify the problem and put into action filters to block the fake e-mails. But the company insists that its security was not breached and the hackers did not get access to the servers.

Serious threat

The technique used to bring down Yahoo is called a denial of service. It is seen as a serious threat by the FBI's National Infrastructure Protection Center (NIPC).

In its latest advisory, the bureau said that vulnerabilities were "widespread, well-known and readily accessible on most networked systems."

The NIPC brings together representatives from the FBI, other US Government agencies, state and local governments and the private sector.

It has warned that it has received multiple reports of hackers breaking into computer systems and installing programs designed to cause a denial of service.

It also said that some of these programs, called distributed denial of service (DDOS) tools, are available on the internet.

Perhaps more worrying, it said that hackers were using the internet to develop, test and deploy these tools.

"These DDOS tools, such as 'trin00' and 'Tribe Flood Network', are capable of generating sufficient network traffic to render the targeted network or computer system inoperable," it said.

"Basically, these tools allow an intruder to have multiple victim systems launch denial of service attacks against other systems that are the ultimate target."

Cyber-assaults like these are hard to prevent. The FBI itself was the victim in April last year when its own website was inaccessible for days after hackers overwhelmed its internet computers.

And in June, the auction site, eBay, crashed for about 22 hours. The outage caused the company┐s stock to lose a quarter of its value in five days.

The FBI has developed software to try to detect the presence of a significant hacker tool and neutralise it.

The impact of the attack on Yahoo is hard to predict. Immediately after the outage, its share price held steady.

It may have caused some inconvenience to its millions of its users and advertisers, but they may be willing to overlook the incident. They could be less forgiving if it happens again.

Search BBC News Online

Advanced search options
Launch console

See also:
08 Feb 00 |  Sci/Tech
Yahoo brought to standstill
11 Jan 00 |  Business
Yahoo denies merger plans
19 Jan 00 |  Business
Yahoo Japan shares nudge $1m
26 Jan 00 |  Asia-Pacific
Japan fights 'cyber-terrorists'

Internet links:

The BBC is not responsible for the content of external internet sites
Links to other Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories