Service provider's collapse: Size matters in fending off hacker attacks

Tuesday, February 5th 2002, 12:00 am

By: News On 6

LONDON (AP) _ When a small Internet service provider called Cloud Nine Communications Ltd. crashed to earth, it blamed hackers for overwhelming its networks with bogus traffic.

The blitz cut short Cloud Nine's six-year existence and underscored the mounting costs of protecting online businesses against increasingly sophisticated attackers.

With the cost and complexity of computer security rising, experts suggest only the largest companies can now survive in the lawless world of the Internet.

Cloud Nine suffered last month from a sustained denial of service, or DoS, attack that lasted four to five days and paralyzed its ability to provide its customers with service.

In February 2000, Yahoo!, Amazon.com, CNN, eBay and other major Internet sites were crippled for hours at a time by similar attacks.

``This activity was of such magnitude and viciousness that we took the decision that we could not continue to operate our Internet services with the resources we had available,'' Cloud Nine said.

The firm insisted its collapse wasn't due to financial problems. It said it had been solvent prior to the attack, with cash in the bank, but had burned through its savings trying to defend itself.

Some analysts weren't convinced.

``You can always recover from a Denial of Service attack. It doesn't make any sense that you'd have to go out of business,'' said Russ Cooper of TruSecure Corp. of Herndon, Va.

``A DoS is not uncommon at all. There are kids who do these things in chat rooms just because someone says something they don't like,'' he said.

Still, Cooper warned that Internet firms must be vigilant, especially the smaller Internet service providers that proliferated in the mid-1990s. Small ISPs, he said, are ``very vulnerable'' because they can't afford all the people and software necessary to prevent these attacks.

Cloud Nine, based in Basingstoke, England, said the assault was so severe it knocked out the company's internal communications systems, forcing employees to rely on Hotmail accounts to send e-mails to the outside world.

The company's chief executive, Emeric Miszti, said that the computer crimes division of the local police force was investigating the attacks.

``It's one thing to prove someone intruded into your system,'' he said. ``It's another thing to prove they committed an offense.''

Cloud Nine negotiated with several companies before agreeing to let Zetnet, a British business-to-business ISP, take on its 2,400 customers for an undisclosed sum.

``The Cloud Nine attack was particularly bad because hackers gained access to all their systems prior to the attack,'' said Zetnet sales director Jon Earnshaw. ``A larger company would be able to throw resources at the problem and recover.''

Bruce Schneier, chief technology officer for Counterpane Internet Security Inc., said a larger company also might be able to afford better security.

``Economies of scale help big ISPs in many ways. Buying security systems is just one of them,'' said Schneier, based in Cupertino, Calif.

Hackers now use specialized software to trawl the Internet and probe Web sites for weaknesses. When they find a vulnerable site, they can take command of a machine and program it to launch a DoS attack in concert with other similarly infiltrated computers.

DoS attacks occur often but rarely make news anymore, experts say.

``It's the attacks against large media companies that we hear about, but they're just as likely to occur against small and mid-sized companies that deal with Joe Average,'' said Matthew Nordan, research director for Forrester Research BV in Amsterdam, the Netherlands.