Internet Attack Targets DoubleClick

DoubleClick Inc., the company that provides online advertising services for some of the nation's most popular Web sites, was the target of a sophisticated attack today, the third time in two months that hackers have targeted a major player in the commercial Internet.

Beginning at roughly 10:30 a.m. ET, unknown attackers overwhelmed DoubleClick's Internet servers with a flood of bogus Web page requests, blocking many major sites from loading ad images on their sites.

The attack made it difficult for Internet users to load pages at nearly all of the 40 most-visited Web sites. At the height of the assault, affected Web pages were available less than 25 percent of the time, according to Keynote Systems Inc., a Web performance monitoring company in San Mateo, Calif.

DoubleClick spokeswoman Jennifer Blum said the attack targeted the company's domain name servers (DNS) -- machines that help direct Internet traffic -- causing "severe service disruptions" for all 900 of its customers. Blum said the outage was caused by a distributed denial-of-service attack, in which hackers use the firepower of thousands of hijacked computers to flood a Web site with so many bogus Web page requests that it renders the site unavailable to legitimate users.

"Beginning this morning our DNS infrastructure came under a denial-of-service attack from outside sources," Blum said. "The situation has improved over the last few hours and we continue to take steps to resolve the situation permanently."

Blum said that the company has contacted the "proper authorities" but would not say which ones DoubleClick contacted. FBI spokeswoman Megan Baroska said that DoubleClick did not report the incident to the bureau. Officials at the U.S. Department of Homeland Security did not return telephone calls seeking comment.

Among the sites hardest hit were those of Nortel Networks, Gateway Inc., MCI Inc., CNN.com and Schwab.com, according to Keynote. washingtonpost.com also was loading slowly for several hours earlier today before the company blocked DoubleClick's ads from running on the site.

CNN.com Senior Vice President Monty Mullig said that several ads did not appear properly on the site, but said the news content is run on a different network. Officials at several other companies were unavailable for comment.

The attack on DoubleClick happened less than 24 hours after hackers released a new version of the "MyDoom" worm, which harnessed the power of Google, Yahoo and two other Internet search engines to aid in its spread. The massive number of queries from MyDoom-infected computers left many Internet users unable to reach those sites, although security experts said that impact on the search engines probably was unintentional.

But security experts said the DoubleClick attack today appears similar in nature to the assault hackers waged last month against Akamai Technologies, a company that distributes Web content for companies such as Google, Microsoft and Yahoo. In that attack, hackers used tens of thousands of enslaved computers to overwhelm Akamai's DNS servers, blocking access to many of the company's customers for nearly two hours.

"One of the things that makes the Internet so survivable is that no one company or technology runs the whole thing," said Lloyd Taylor, Keynote's vice president of technology. "In this case, as with the Akamai problem, the attackers targeted a common infrastructure relied upon by many companies."

The attack on DoubleClick is another sign that attackers are beginning to target key Internet pressure points that -- when squeezed -- darken the Internet for most users, said Johannes Ullrich, chief technology officer for the SANS Institute's Internet Storm Center.

"The hackers don't need to attack the Internet. If you attack Akamai or DoubleClick you can take out 95 percent of what most people consider to be the Internet," Ullrich said.