Computer users had difficulty accessing portions of the Internet's most highly trafficked Web sites yesterday after hackers launched an attack against DoubleClick Inc., the company that serves up online advertising to hundreds of commercial sites.
The attack followed one on four major search engines Monday, but it was not clear whether the two incidents were related.
Beginning about 10:30 a.m. yesterday, DoubleClick's Internet servers began to receive a flood of bogus Web page requests, creating a bottleneck that blocked many major sites from displaying ad images.
That jam in turn made it difficult for Internet users to reach certain pages at nearly all of the Internet's 40 most-visited Web sites. At the height of the assault, affected Web pages were available less than 25 percent of the time, according to Keynote Systems Inc., a Web performance monitoring company in San Mateo, Calif.
"One of the things that makes the Internet so survivable is that no one company or technology runs the whole thing," said Lloyd Taylor, Keynote's vice president of technology and operations. "In this case . . . the attackers targeted a common infrastructure relied upon by many companies."
DoubleClick spokeswoman Jennifer Blum said the attack targeted the company's domain name servers (DNS) -- machines that help direct Internet traffic -- causing "severe service disruptions" for all 900 of its customers. The unknown hackers apparently orchestrated the attack by hijacking an army of personal computers that had been previously infected by a virus. They then instructed the compromised machines to collectively bombard the company with page requests -- an assault known as a distributed denial-of-service attack.
Among the sites hardest hit were those of Nortel Networks Ltd., Gateway Inc., MCI Inc., CNN.com and Schwab.com, according to Keynote. Users also experienced delays accessing pages at washingtonpost.com before The Washington Post Co. blocked DoubleClick's ads from running on its site.
CNN.com Senior Vice President Monty Mullig said that several ads did not display properly on the site, but he said news content was unaffected because it runs on a different network.
Security experts said the DoubleClick attack today appears similar in nature to the assault hackers waged last month against Akamai Technologies, a company that distributes Web content for companies such as Google Inc., Microsoft Corp. and Yahoo Inc. In that attack, hackers apparently directed tens of thousands of hijacked computers to overwhelm Akamai's DNS servers, blocking access to many of the company's customers for nearly two hours.
The attack on DoubleClick suggests that hackers are beginning to target key Internet pressure points that -- when squeezed -- darken the Internet for most users, said Johannes Ullrich, chief technology officer for the SANS Institute's Internet Storm Center, which monitors hacker activity.
"The hackers don't need to attack the Internet. If you attack Akamai or DoubleClick you can take out 95 percent of what most people consider to be the Internet," Ullrich said.
Krebs is a staff writer for washingtonpost.com.