Akamai says attack targeted specific customers

One day after an apparent attack on its systems slowed access to leading Web sites such as yahoo.com, google.com and microsoft.com, distributed computing company Akamai Technologies Inc. said that it was the victim of a sophisticated, large-scale attack aimed at specific customer Web sites.

The Cambridge, Massachusetts, company on Wednesday backed away from earlier statements that it was caught up in a broad attack on the Internet infrastructure, saying that the company's DNS (domain name system) service was attacked for two hours Tuesday, affecting about 4 percent of its customers. Akamai is working with U.S. federal law enforcement to investigate the attack, the company said in a statement.

Monitoring systems at the company quickly detected the attack on Tuesday and the company's staff worked with customers and network providers to shut off the source of the attack. The company's DNS service had returned to normal by 10:45 a.m. Eastern Daylight Time Tuesday, Akamai said.

Akamai apologized to customers affected by the slow downs, but took issue with estimates from Keynote Systems Inc. of San Mateo, California, that access to some sites was diminished by as much as 80 percent during the attack.

Less than 1 percent of Akamai customers experienced disruptions affecting more than 20 percent of their users, Akamai said.

Monitoring services often use private DNS servers to check Web site availability, while most Internet users rely on public servers to find Web pages. If private DNS servers cannot resolve a request to visit a site, the site might be labeled "unavailable," while public DNS servers would try repeatedly to contact the site, Akamai said.

On Tuesday, public DNS name servers used by most end-users worldwide were able to find the Web sites that were under attack using DNS resolutions from Akamai, the company said.

Staff at Microsoft Corp. were aware of the service interruptions at Akamai but did not receive any registered reports of a direct customer impact from the attacks, according to a company spokeswoman.

Word of a problem at leading sites circulated on the Internet in news groups and on IRC (Internet relay chat) channels Tuesday, as Web surfers received error messages when trying to reach google.com, yahoo.com and other sites.

An Akamai spokesman initially acknowledged that the company's DNS service was under attack, but attributed the problem to a larger attack not limited to Akamai's systems. Akamai, however, was unable to name other sites that were experiencing a problem and companies that monitor prominent Web sites said that they couldn't find evidence of a widespread attack.

Akamai technical staff spent much of Tuesday analyzing the attack and concluded that it targeted specific Web sites that use Akamai's DNS service, rather than the broader DNS infrastructure, spokesman Jeff Young said Wednesday.