February 8, 2000 2:50 PM PST
Attack knocks out Buy.com
Mitch Hill, Buy.com's chief finanical officer, told CNET News.com that the e-tail site was virtually paralyzed about 10:50 a.m. PST as a result of a "coordinated denial of service attack."
"It does appear there was a coordinated outside attack on Buy.com," an Exodus spokeswoman said. She denied that Exodus was the target of the attack, as was previously reported.
The shutdown, less than one day after the Yahoo attack, raised troubling questions about the possibility of copycat incidents or a renegade group determined to wreak havoc throughout the Web. The FBI said it was meeting with Yahoo executives today to decide whether an investigation is warranted.
"We had over 800 megabits of data hitting our site per second, which is eight times normal capacity," Hill said. "On average our site runs at about 30 percent of capacity. Multiply that whole thing out, and it's like 24 times the normal flow of data through the site."
As of 2 p.m. PST, the site appeared to be back online.
Yesterday, Yahoo executives blamed a denial of service attack for knocking out the leading Net destination for nearly three hours. In Yahoo's case, the attackers targeted its Web hosting company, GlobalCenter.
A denial of service outage occurs when attackers bombard a Web site's servers with fake packets of requests for information. When the server responds, the attackers' system steps up the barrage by sending more requests. The affected Web site struggles to keep up with the mounting number of requests, slowing performance for users or ultimately crashing the system.
Keynote Systems, which measures the performance of Web sites, said activity on Buy.com began slowing to a trickle around 11 a.m. PST.
Daniel Todd, Keynote's director of public services, said the site was responding to only about 4.5 percent of all requests. During yesterday's Yahoo outage, fewer than 1 percent of requests for pages were filled.
"We are not seeing a complete blackout, although obviously the site is not keeping up with the traffic," he said.
The potential for such attacks is well-known to security experts. The National Institute of Standards and Technology, Carnegie-Mellon's Computer Emergency Response Team Center and the FBI all have issued alerts on the subject during the past few months.
The attack comes on the same day Buy.com launched a successful initial public offering.
The company, which sells a wide variety of products on the Internet, had a market capitalization of $3.5 billion after the offering, which raised $182 million.
Buy.com has adopted an expensive Web business strategy of luring customers by offering deep discounts on many of its products. The company plans to use the money raised to offset its losses as it expands.
News.com's Evan Hansen and Scott Ard contributed to this report.