Hacker damage at US$1.2 billion

The wave of hacker attacks that temporarily disabled popular Web sites like Yahoo Inc. and eBay Inc. may have cost the industry in excess of US$1.2 billion, according to an estimate released yesterday by one market research firm.

The Yankee Group Inc. arrived at its figure by estimating revenue losses at the affected Web sites, losses in market capitalization and the amount that will be spent on upgrading security infrastructures as a result of the attacks, the research firm said in a statement.

What’s more, the situation could get worse in the foreseeable future, according to Matthew Kovar, the senior Yankee Group analyst who compiled the estimate.

The attacks were initiated by hackers who penetrated insecure servers hosted by large organizations like universities and research institutions, according to Kovar. While the number of those types of servers is limited, similar attacks could be launched in the future from PCs equipped with high-speed Internet connections, the analyst said.

“The always-on cable and DSL (digital subscriber line) Internet companies must examine their networks, which traditionally do not provide for home user PC-level security, to see whether their networks can be used as the next launching points of such future attacks,” Kovar wrote in the statement, adding that such companies should be held liable for attacks that are initiated through their networks.

Yankee Group recommended a series of steps to protect against the attacks, which includes installing an extensive array of security software and apparatus.

As of press time, the source of the on-line assaults still hadn’t been traced. The FBI is on the case, and the U.S. Department of Commerce has asked companies and universities to search their computer systems for malicious code that could be used unwittingly to help launch the attacks.

The assaults have all been of a type known as “distributed denial of service” attacks, in which a Web site is bombarded with thousands of requests for information in a very short period of time, causing it to grind to a halt.

Sites affected include news provider CNN, technology news site ZDNet, Buy.com Inc. and ETrade Group Inc. The sites experienced slowdowns in service that ranged from two hours and 45 minutes to five hours, Yankee Group said.

Market capitalization losses in the days of the attacks exceeded US$1 billion, according to Yankee Group. Revenue lost in sales and advertising by the affected sites is expected to exceed US$100 million, and Internet companies will spend an additional US$100 million to US$200 million on security upgrades in fiscal 2000, the research firm predicted.

Damage to the affected companies’ brands, partnerships and customer relations could push the damages tally higher, Yankee Group said.