Last week was a tough one for Microsoft’s online business. After an
apparent employee error caused the company’s main Web sites to go down for
some 22 hours, the same sites subsequently came under attack on Thursday and
Friday from hackers who unleashed a series of denial-of-service attacks on the
company’s sites.
The disruptions started just hours after Microsoft began a $200 million
marketing campaign touting the reliability of its networking operating software.
"Microsoft accepts full responsibility for the inconvenience that our
customers have experienced over the past couple of days,'' said Rick Devenuti,
Microsoft vice president and chief information officer, who conceded that
Microsoft had not deployed "sufficient self-defense techniques" at the
front-end of its networks.
In the "denial-of service" attacks, hackers unleashes a massive
flood of e-mail requests on the targeted sites, effectively shutting them down.
Microsoft’s decision to maintain all of its domain servers on one computer
network compounded the problem. It was unknown whether the same group of hackers
was responsible for the second wave of attacks. That would seem likely
considering the amount of planning necessary to coordinate a denial-of-service
attack. In such instances, the information requests come from a large number of
"zombie" computers spread around the world which have previously been
infiltrated with a virus that allows the attacker to command the systems to
commence an attack at a certain date and time.
A year ago, a similar series of attacks was launched against a broad range of
popular Web sites, including Yahoo!, ESPN.com, Amazon.com and eBay.
Denial-of-service attacks have become very common. "Each site that we
monitor is attacked almost every single day," said Amit Yoran, chief
executive of network security firm, Riptech. "When I say the Internet is a
hostile environment, it's a hostile environment."
There are few defenses against attacks as most of the requests arrive as
seemingly legitimate information requests. But Microsoft said that in response
to the attacks, it has hired Akamai Technologies to operate a backup Internet
network. If a Web user cannot access a Microsoft site, the user will be directed
to Akamai's backup network. In September 1999, Microsoft bought a $15 million
stake in Akamai of Cambridge, Massachusetts.