December 16, 1996 5:15 PM PST
Hack attack strikes again
That's when a hacker shut down Web Communications, which hosts 3,000 commercial Web sites, with a denial-of-service attack.
Technically, it was Saturday the 14th--12:30 a.m. PT Saturday--but considering what happened to Webcom today, a Friday the 13th curse is sounding more and more plausible to Chris Schefler, president and cofounder of the two-year-old Web service provider.
After suffering from a nearly 40-hour outage over the weekend, the folks at Webcom, along with their commercial base, were glad to be up on 3 p.m. Sunday until today, when they went down again.
This time, there's no hacker involved, and just a connection problem: Webcom's telecommunications carrier accidentally dropped the company, Schefler said. He added that he expected the network to be back up late today.
"I think it's just really bad luck," Schefler said. "When I realized it started Friday the 13th, I thought there must be some curse," he joked.
While Schefler tried to find the humor in the situation, for his customers it was no laughing matter. Many e-commerce Web sites that run off Webcom were counting on selling goods during this important pre-Christmas weekend.
Schefler insists that these events were flukes and not a reflection of the company's overall service record. "This is by far the worst service interruption in two years," he said. "It looks really bad for us right now. But overall, we've had excellent service."
The first outage was caused by a so-called SYN flood attack, which occurs when a hacker sends a flood of bogus service connection requests to a network that clog it up so that no one else can get online. Many systems have come out with patches to stop or prevent these kind of attacks, but Schefler said patches were unavailable for his system.
That meant that technicians at Webcom had the arduous work of tracking the attack. First, they contacted the provider, PSINet. PSINet, with pressure from Webcom, traced the attack to MCI's network. Within 24 hours, MCI traced the attack to CANet, a Canadian ISP, according to Schefler.
At that point, MCI was able to block all traffic from CANet going into Webcom, bringing the service back up for business.
Meanwhile, CANet continued tracking the attack to a router at Malaspina College in British Columbia.
"We contacted them today," Schefler said. "They say they provide network connectivity from the surrounding school districts. It could have come from anywhere in that district." But, he added, "their network administrator had somebody in mind who had a history of trying to shut down Web sites." An investigation is under way.
While Webcom hosts plenty of sites that might conceivably provoke an attack, chances are that the attack came from the same source as most others: a bored hacker.
"MCI told us that they've found out that so far [when they've found the attacker] it's been a teenager with too much time on their hands," Schefler said.