Tweet
December 14, 2010, 10:58 am F.B.I. Memos Reveal Cost of a Hacking Attack
By VERNE G. KOPYTOFF
Repelling a hacker attack can be costly as PayPal, Visa and MasterCard undoubtedly found out last week as they tried – with mixed success – to keep their Web sites from being knocked offline by supporters of Wikileaks.
How much money exactly? An unrelated attack several years earlier on Google may provide some insight.
In 2005 Google was battling the Santy worm, a bit of malicious software that caused infected computers across the globe to automatically enter search queries – so many, in fact, that Google was overwhelmed. Details of the episode are chronicled in internal F.B.I. memos obtained by The New York Times through a Freedom of Information Act request.
On Dec. 22, 2005, Google complained to the F.B.I. that the attack had slowed its search engine’s performance. For 12 to 18 months previous, Google said it had been plagued by variants of the worm, which used search queries to find vulnerable Web sites and deface them by exploiting a security hole in community forum software PHP Bulletin Board.
Under pressure from antivirus groups, Google had tried to filter queries containing phrases linked to the worm, but with limited success.
“As Google filters out certain string search phrases, within minutes, the subjects modify the search phrase to once again bypass Google’s filters,” an F.B.I. agent in San Francisco wrote to colleagues in recommending that an investigation be opened.
Moreover, Google’s efforts to stop the worm had unintended consequences. Its filters blocked legitimate searches, the agent wrote.
In a measure in the seriousness of the attack, Google devoted an entire engineering team to the battle. Preliminary estimates put the cost to the company in terms of man hours and lost revenue at up to $500,000, according to the report.
A year earlier, Google suffered a $100,000 loss from the MyDoom virus, which caused Google’s search engine to slow or stall for several hours, according to documents from a separate F.B.I. investigation.
In examining the software code used in one variant of the Santy worm, Google engineers found a potential lead to the person responsible. In the code was embedded a Gmail address for a technical contact that the F.B.I. said may belong to the variant’s creator. That e-mail address was redacted from the document as were the names of any Google employees who spoke with the F.B.I.
The F.B.I. issued two subpoenas shortly thereafter for an individual or individuals to appear before a federal grand jury in San Jose. All information about the subpoenas’ recipient was redacted.
A few weeks later, Google had a change of heart. On Jan. 31, 2006, the F.B.I. noted that Google’s legal department had told the agency that the company was no longer interested in any further investigation.
“Inasmuch as Google is the victim and their assistance in the form of providing logs is necessary to pursue prosecution, it is recommended this case be administratively closed,” the F.B. I. agent wrote.
Google, of course, recovered from the attack and continued its rapid growth.
http://bits.blogs.nytimes.com/2010/1...ing-attack/?hp
By VERNE G. KOPYTOFF
Repelling a hacker attack can be costly as PayPal, Visa and MasterCard undoubtedly found out last week as they tried – with mixed success – to keep their Web sites from being knocked offline by supporters of Wikileaks.
How much money exactly? An unrelated attack several years earlier on Google may provide some insight.
In 2005 Google was battling the Santy worm, a bit of malicious software that caused infected computers across the globe to automatically enter search queries – so many, in fact, that Google was overwhelmed. Details of the episode are chronicled in internal F.B.I. memos obtained by The New York Times through a Freedom of Information Act request.
On Dec. 22, 2005, Google complained to the F.B.I. that the attack had slowed its search engine’s performance. For 12 to 18 months previous, Google said it had been plagued by variants of the worm, which used search queries to find vulnerable Web sites and deface them by exploiting a security hole in community forum software PHP Bulletin Board.
Under pressure from antivirus groups, Google had tried to filter queries containing phrases linked to the worm, but with limited success.
“As Google filters out certain string search phrases, within minutes, the subjects modify the search phrase to once again bypass Google’s filters,” an F.B.I. agent in San Francisco wrote to colleagues in recommending that an investigation be opened.
Moreover, Google’s efforts to stop the worm had unintended consequences. Its filters blocked legitimate searches, the agent wrote.
In a measure in the seriousness of the attack, Google devoted an entire engineering team to the battle. Preliminary estimates put the cost to the company in terms of man hours and lost revenue at up to $500,000, according to the report.
A year earlier, Google suffered a $100,000 loss from the MyDoom virus, which caused Google’s search engine to slow or stall for several hours, according to documents from a separate F.B.I. investigation.
In examining the software code used in one variant of the Santy worm, Google engineers found a potential lead to the person responsible. In the code was embedded a Gmail address for a technical contact that the F.B.I. said may belong to the variant’s creator. That e-mail address was redacted from the document as were the names of any Google employees who spoke with the F.B.I.
The F.B.I. issued two subpoenas shortly thereafter for an individual or individuals to appear before a federal grand jury in San Jose. All information about the subpoenas’ recipient was redacted.
A few weeks later, Google had a change of heart. On Jan. 31, 2006, the F.B.I. noted that Google’s legal department had told the agency that the company was no longer interested in any further investigation.
“Inasmuch as Google is the victim and their assistance in the form of providing logs is necessary to pursue prosecution, it is recommended this case be administratively closed,” the F.B. I. agent wrote.
Google, of course, recovered from the attack and continued its rapid growth.
http://bits.blogs.nytimes.com/2010/1...ing-attack/?hp
Comment