"Denial Of Service" Attacks No Surprise To Industry Insiders, Says TRI

(Washington, D.C., March 8, 2000) – Recent "denial of service" attacks on Internet sites are worrisome, but hardly unexpected – and far from the most serious threat facing e-commerce, according to Telecommunications Reports International (TRI), the nation’s most respected publisher of telecommunications information (www.tr.com) and a unit of CCH INCORPORATED (CCH).

"Many in the network security community and trade press have been warning companies about this kind of threat for some time," notes Amy Fickling, managing editor of the TRI newsletter Telecom & Data Network Security (TDNS). "But attacks on high-profile businesses and the mainstream media coverage that followed somehow make it all real to CEOs."

The March edition of Telecom & Data Network Security reports what industry insiders have to say about the panic attack caused by the hacker exploits of the past month, and what it means for the future.

In the recent denial of service attacks, hackers commandeered large numbers of unsuspecting systems and sent messages from them that overwhelmed the capacity of target Web sites.

Ironically, the TDNS article "Denial of Service Attacks: Big Deal, Not Big Surprise" observes, the security controls on the hacked systems typically function perfectly but are aimed at providing security of transactions, an aspect the hackers don’t target because they work so well.

The companies are vulnerable because they use low-level security applications to support high-bandwidth networks. This is a common scenario among Internet site operators who may focus security efforts on electronic commerce protections and leave the doors open at other points on their networks.

Fickling observes that the phrase "denial of service" is not new to security circles and industry insiders, including TRI, which has tracked the issue for years.

Now, however, security experts fear that the attention focused on the attacks on sites such as Yahoo!, eBay, Datek and E*TRADE Securities may spread concern too far afield and give lawmakers eager to extend the reach of federal law enforcement agencies into cyberspace a new toehold. This consequence is worrisome for most of the communications industry, which does not believe that federal legislation is the answer.

But while security industry experts prefer that the federal government enforce existing laws and pursue those responsible for past attacks, they are bracing for the next variant in the hackers’ game.

As reported in the March issue of Telecom & Data Network Security, industry experts concur that, to date, denial of service attacks look like the work of "script kiddies" rather than of geniuses. More sophisticated, and more crippling, attacks are expected, however.

For example, just as administrators are becoming more alert to the rogue software that might be lurking on their networks, ready to play its role in an attack, the security community is noticing derivatives of denial of service tools that are encrypted, making them much more difficult to detect and remove.

"Many in the security community feel they will be playing a catch-up game for some time to come," Fickling said.

Availability and Pricing

TRI’s monthly newsletter Telecom & Data Network Security covers fraud prevention techniques to help safeguard telecom and data network systems. Each issue lists favorite tested techniques for fraud prevention, discusses how to avoid security breaches and recognize threats to networks and interviews industry insiders for forward-looking trends. For more information or to subscribe to Telecom & Data Network Security, call 1-800-822-6388. A one-year subscription is $345 plus tax, shipping and handling.

About TRI

Telecommunications Reports International is the oldest and most respected provider of communications industry information services. Since 1934, executives and policy-makers have relied on TRI’s comprehensive coverage and analysis of major issues and events in the multibillion-dollar communications business. TRI, a unit of CCH INCORPORATED, offers newsletters, online news services and industry reports as part of CCH's Business and Finance Group. The TRI web site can be accessed at www.tr.com.

About CCH INCORPORATED

CCH INCORPORATED, headquartered in Riverwoods, Ill., was founded in 1913 and has served four generations of business professionals and their clients. The company produces more than 700 electronic and print products for the tax, legal, securities, human resources, health care and small business markets. CCH is a wholly owned subsidiary of Wolters Kluwer U.S. The CCH web site can be accessed at www.cch.com. The CCH Business and Finance Group web site can be accessed at http://business.cch.com.

-- ### --

nb-00-57

TRI spokespersons are available as expert sources for interviews by contacting Leslie Bonacum.