THE WAVE of hacker attacks that this week temporarily disabled popular Web sites such as Yahoo and eBay may have cost the industry in excess of $1.2 billion, according to an estimate released Thursday by one market research firm.


Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft

»  AT&T; buys high-speed wireless spectrum for $2.5 billion
»  Update: Sprint chief Forsee resigns
»  IT trainer offers master's degree for hackers
»  Wireless RSS feed 

More Network LAN/WAN News...  (ComputerWorld)
Wireless EV-DO on board  (ComputerWorld)



The Yankee Group arrived at the $1.2 billion figure by estimating revenue losses at the affected Web sites, losses in market capitalization, and the amount that will be spent on upgrading security infrastructures as a result of the attacks, the research firm said in a statement issued Thursday.

What's more, the situation could get worse in the foreseeable future, according to Matthew Kovar, the senior analyst at Yankee Group who compiled the estimate.

The attacks this week were initiated by hackers who penetrated insecure servers hosted by large organizations such as universities and research institutions, according to Kovar. While the number of those types of server is limited, similar attacks could be launched in the future from PCs equipped with high-speed Internet connections, the analyst said.

"The always-on cable and DSL Internet companies must examine their networks, which traditionally do not provide for home user PC-level security, to see whether their networks can be used as the next launching points of such future attacks," Kovar wrote in the report, adding that such companies should be held liable for attacks that are initiated through their networks.

Yankee Group recommended a series of steps to protect against the attacks, which includes installing an extensive array of security software and apparatus.

As of Thursday afternoon, the source of the online assaults, which began early Monday, still had not been traced. The FBI is on the case, and the U.S. Department of Commerce has asked companies and universities to search their computer systems for malicious code that could be used unwittingly to help launch the attacks.

The assaults have all been of a type known as "distributed denial of service" attacks, through which a Web site is bombarded with thousands of requests for information in a very short period of time, causing it to grind to a halt.

Other sites affected so far include news provider CNN, technology news site ZDNet, , and E*Trade. The sites experienced slowdowns in service that ranged from 2 hours 45 minutes to five hours, Yankee Group said.

Market capitalization losses in the days of the attacks exceeded $1 billion, according to Yankee. Revenue lost in sales and advertising by the affected sites is expected to exceed $100 million, and Internet companies will spend an additional $100 million to $200 million on security upgrades in fiscal 2000, the research firm predicted.

Damage to the affected companies' brands, partnerships, and customer relations could push the damages tally higher, Yankee Group said.

Yankee Group Inc., in Boston, is at