Buy.com CEO Reflects on the Hack

SAN FRANCISCO (02/11/2000) - The hacker attacks that shut down major Internet sites earlier this week hit Buy.com at a particularly bad time: The company's stock was making its debut on Wall Street. When the denial-of-service attack came, CEO Greg Hawkins was in New York, talking with investors and the press.

On Thursday, he spoke about the incident and its repercussions with Industry Standard Senior Writer Miguel Helft. What follows is an edited transcript of that conversation:

Q: When did you first find out you were being hit? A: It was about 3 o'clock Eastern time. That's when I heard about it, in between some PR meetings. The first thing I got was that it was an attack. I said, "You got to get me the specifics." As you can surmise, I was running around doing a bunch of interviews, and some of them were on TV.

Q: What was your reaction? A: The obvious reaction was, "What could be worse on IPO day?" Obviously, we worked as rapidly as we could to get the information understood. At the same time, our guys back in California were working as rapidly as possible to get our site performance restored. I just had to go do the best I could, letting the press know that this was a massive denial-of-service attack. Unfortunately, like Yahoo [the day before], we met with similar results. At about 5 o'clock our service was restored and we haven't had any issues since.

Q: Did you ever panic? A: The luck is that I got all the data about 5 minutes before a TV interview. It was the first question, and fortunately we had all the specifics.

Q:Did you know others were suffering too? A: At that point in time, I knew about Yahoo being hit the day before. We were the second one, and then after us other people were hit.

Q:What did you do to get the site restored? A: We have some anti-crawler software that we use and have used to monitor our site for unusual amounts of traffic. When the site gets crawled it comes from a single IP address, and we can just block that traffic. In the denial-of-service attack, traffic doesn't come from a single place. It just bombarded us, hitting us at eight to 10 times our normal capacity. We noticed it immediately and quickly started to work with [our hosting center] Exodus Communications to get the site restored.

Q: Have you ever had this type of problem before? A: No. All the things we have seen to date have been individual IP crawls. We've had the technology to be able to block those things. But boy, nothing of this magnitude. This was an extraordinarily big attack. We experienced almost 1 gigabit per second, which is just enormous.

Q: How disruptive to you think it was for your IPO? A: I can't speak to that.

But we were certainly pleased with the way the stock traded on Tuesday. It didn't appear to affect it.

Q: How much did you lose in sales? A: The reality is, it was an IPO day, and we had good traffic before and good traffic after. So anything I would tell you would be purely speculative. We are taking the approach that it wasn't a material event from the point of view of sales lost.

Q: What have you heard from law enforcement? A: We have been cooperating with the FBI. They are focusing on the investigation. I am hopeful that as a result of our efforts and those of others we will be able to find out who did this.

But that's all I know at this point.

Q: Did you personally talk with folks at the other companies that have been hit? A: Yes, we have been in contact with some of the other companies. We've been working with them to try to identify how we can prevent this from happening in the future. I prefer not to give specifics but it is fair to say that I [personally] had dialogues.

Q: Is there a sense that people are trying to cooperate? A: Absolutely.

Everybody is in the same boat on this one. And it does none of us any good to do anything but try to stop this from occurring.

Q: Can you say with any confidence that you can stop this from happening again?

A: There are many people who think you can't stop it. I don't want to say that there is no way to stop it, because we are trying to identify and understand that. But as I am talking today, if they were to hit us again, I believe we might be able to handle it a bit more rapidly. But I don't have any confidence that we could stop it altogether.

Q: Who should deal with making sure that this doesn't happen again? Is it up to law enforcement or industry? A: It is the industry's responsibility to try to find solutions to this. I don't view it as something where we ask the federal government to deal with it. Technology is a beautiful thing, and over the years we have found ways to solve a lot of challenging problems. To the extent that we can't, I do believe that the FBI is the appropriate agency to deal with it.

Q: Do you think these attacks could become more frequent and throw a monkey wrench into the current e-commerce boom? A: I am hopeful that the FBI's involvement to the point of making it clear that this stuff will not be tolerated will be adequate to actually deter these things from happening.

Q: Do you think any permanent damage has been done to e-commerce from these incidents? A: I don't believe so. Because it has been made pretty clear to the consumer that this, other than an inconvenience, is not a security issue, and they should not be worried about shopping with confidence.

Q: Why do you think you were targeted? A: They appeared to have targeted all the leading Internet players and leading commerce sites. They hit us, eBay and Amazon. I think they just picked folks who were the most visible and went after them.

Q: So this is a badge of honor? A: [Laughs.] That's an interesting way to put it.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark