Reno vows fed help in combating Net vandalism

After numerous cyberattacks knocked out major Web sites, Reno vowed to ensure that "e-commerce remains a safe place to do business."

The attorney general said law enforcement had detected no motive for the attacks, "but they appear to be intended to interfere with and disrupt electronic commerce. That is why the FBI has initiated a federal investigation into this matter.

"We are committed in every way possible to tracking down those who are responsible," she said.

The FBI will mobilize massive resources to try to hunt down and prosecute the attackers in cooperation with federal, state and local law enforcement, government and private sector computer experts, the intelligence community, and military experts.

Denial of service attacks knocked out major Web sites this week--including Yahoo, Amazon, eBay and CNN--by flooding them with fake packets of information requests. "These cyberassaults have caused millions of Internet users to be denied services," Reno said.

The FBI would not disclose how many agents it is dedicating to the effort, but Ron Dick, chief of the Investigations and Operations section for the National Infrastructure Protection Center (NIPC), said: "As many as it takes."

At this point, the Justice Department is treating this as a computer crime and not as an act of terrorism, said Marc Zwillinger, deputy section chief overseeing the agency's Computer Crime and Intellectual Property section.

Those prosecuted for the cyberattacks would be prosecuted under Title 18, United States Code Section 1030.

"Basically what that says is: 'Anyone who knowingly causes the transmission of a program or information code or command, and as a result of such conduct, intentionally causes damage without authorization to the protected computer,'" Dick said.

The penalty is a maximum five years in prison and a minimum six-month incarceration for each offense. Repeat offenders could face a maximum 10-year prison term and fines ranging from $250,000 to twice the gross losses incurred by the victims. The law also allows those affected to file civil suits against their attackers.

Federal investigators could not say whether the attacks had been launched by hackers working inside or outside the United States, or both. Zwillinger made it clear the law would allow prosecution if the attackers were outside the United States but used U.S. computers for the assaults. He did not say whether any foreign governments were participating in the investigation.

Dick compared the denial of service attacks to a telephone system overloaded with calls and returning a busy signal.

"Denial of service is a planned action by an attacker," making the target "network dysfunctional," he said.

Dick warned the problem was not one of poor security at the Web sites attacked this week. The problem lies in intrusions to other systems used in the attacks. Lack of security causes harm to others, he said.

Federal investigators would not say whether one type of computer system was being subverted for use in the attacks, but Tom Burke, the General Services Administration's assistant commissioner for information security, said they had "not identified any government computers" used in the cyberassaults.

Internet service providers are asked to keep logs so that if they are attacked, authorities can use the information to help track down the hackers.