The Washington-based National Infrastructure Protection Center (NIPC) issued an advisory last Friday saying that FBI investigations and unspecified additional information point to an increase "in hacker activity specifically targeting U.S. systems associated with e-commerce and other Internet-hosted sites."

The NIPC, which is located at FBI headquarters, said most of the intrusions were made against systems running Microsoft Corp.'s Windows NT operating system, although Unix-based machines also were reported to have been victimized. The center didn't include any specific examples of attacks in its advisory, and a spokeswoman for the NIPC declined to comment on that today.

According to the NIPC's advisory, attackers "are exploiting at least three known system vulnerabilities to gain unauthorized access [to systems] and download proprietary information" from unsuspecting companies. Most of the attacks had been under way for several months before being discovered, the center added.

"Although these vulnerabilities are not new, this recent activity warrants additional attention by systems administrators," the advisory said. "The NIPC strongly recommends that all computer network systems administrators check relevant systems and apply updated patches as necessary. Specific emphasis should be placed on systems related to e-commerce or e-banking/financial business."

Eric Hemmendinger, a security analyst at Aberdeen Group Inc. in Boston, said the agency's alert should be taken seriously by IT managers because it comes from the government, not from security firms or antivirus software vendors warning of the end of the world as we know it.

"What might be a little bit unusual about this is not what the warning is, but where it's coming from," Hemmendinger said. "When the federal government wakes up to a problem, they're usually not the first ones [to see it]. That means it's worth paying attention to."

Hemmendinger said users can defend themselves against virus attacks and network intrusions by updating their antivirus programs and making sure they apply any available security patches to their applications. But companies are still vulnerable to distributed denial-of-service attacks, which can crash their Web sites, he added. "In the case of denial-of-service attacks, there is no really good answer right now," Hemmendinger said.

That problem was evident last February, when major Web sites such as the ones operated by Yahoo Inc., eBay Inc. and Buy.com Inc. were shut down by a string of denial-of-service attacks (see story).

In a more recent high-profile security incident, Microsoft Corp. confirmed that its internal computer network was broken into by an attacker who was able to view some of the software vendor's source code for a future product that's under development (see story). Microsoft said it tracked the intruder's movements inside its network for 12 days before reporting the attack to the FBI.

The NIPC's advisory points users to Web site links with information about how to plug the security holes that it said are being exploited by attackers. The center, which is continuing its investigations into the attacks that have been reported thus far, also asked companies to report any suspicious online activities to it or to the FBI.

Related links:

• For more security coverage, visit our Security Watch page.
• Have opinions on security issues? Head to the Computerworld security forum. (Note: Registration required to post message; anyone may read messages. To register on Computerworld's forums, click here).