By Rajiv Chandrasekaran
During business hours yesterday and Wednesday, the BLS's World Wide Web site was flooded with hundreds of thousands of fake information requests a minute, a tactic known in the computer world as "spamming," officials said.
The tide of spam has shut down the Web site, frustrating scores of economists and investors who have started to depend on the Internet to receive the latest economic data.
The site's inoperability drew attention yesterday morning when the bureau released one of the most-watched monthly economic indicators, the producer price index. Most people who tried to reach the site, located at http://stats.bls.gov, received error messages saying their computer could not make the connection.
"Our home page has been brought to its knees," said William G. Barron, the bureau's deputy commissioner.
He said he doesn't know why someone would want to attack the BLS site. "Maybe it's just mischievousness," he said. He also acknowledged it could be an attempt to manipulate financial markets by delaying the release of economic information to some investors.
The BLS has not identified who was responsible for the attack, Barron said. He said BLS computer technicians have traced the fake messages back to "a handful" of Internet addresses, although those addresses could be forgeries. He said the bureau plans to notify the FBI.
The disruption began Wednesday morning, but ended at about 4:30 p.m. that day, Barron said. It resumed yesterday morning, also ending at the same time, he said.
During the attack, BLS received about 200,000 false requests each minute to establish a connection to the site. Although the bureau's computers were able to reject each fake message after a few seconds, the sheer tide of requests crippled the site.
There is little a Web site operator can do to prevent such attacks because the hacker doesn't immediately look different from a legitimate user to the Web site's computers, said Peter S. Tippett, president of the International Computer Security Association in Carlisle, Pa.
"These are particularly difficult to trace and defend against," he said. "With almost all other types of attacks, you can do something to tighten up your [site] to make it tougher to attack. But this is different."
Tippett said Internet service providers, which carry the messages from hacker to Web site, are starting to prevent messages that don't have legitimate return addresses. Despite those efforts, Tippett said such spamming -- a term that also refers to the sending of unsolicited electronic mail -- "is becoming increasingly common."
© Copyright 1998 The Associated Press
Federal Community | Go to