But they are still looking for where the attack originated. "There is no indication that the attack came from anyone in the university," said Kevin Schmidt, network programmer at the university's Santa Barbara campus.

  FBI and Justice Department officials had no comment on the role of the computers at UC-Santa Barbara.

  Schmidt said a desktop computer in a research lab at the Santa Barbara campus was electronically broken into by a hacker sometime before Tuesday night's attack on the cable television network's computer Web site.

  Checking from home near midnight Tuesday, Schmidt discovered an abnormality in the university's computer traffic. By Wednesday morning, he was able to tell CNN that a UC-Santa Barbara computer was involved in the denial-of-service attack on its site.

  CNN notified the FBI. Schmidt has been assisting the FBI since then in trying to locate the origin of the attack.

  Denial-of-service attacks like those that struck half a dozen Internet sites this week often involve dozens or even hundreds of unwitting middleman computers, often at large sites like universities. The middleman computers are known as "zombie" computers.

  UC-Santa Barbara was a pioneer in computer science, one of the first four nodes on the precursor of the Internet, a Pentagon-backed system known as Arpanet.

  CNN also said Friday that the FBI was "zeroing in on undisclosed locations in California and Oregon" in its effort to reach the ultimate launch pad for the attacks.

  In Washington, FBI spokesman Bill Carter had no comment on that report. FBI agent Gordon Compton in Portland, Ore., said the matter was being handled by the San Francisco office and that there would be no further comment.

  In the midst of a difficult investigation, federal investigators gained cold comfort from the fact that this week's massive attacks on the Internet sites woke people up to the risks of the digital age.

  "This week's events did more than we have ever been able to do with white papers and posting fixes on our Web site to alert the private sector to the dangers out there," John Bentivoglio, counsel to the deputy attorney general, said Thursday.

  Private Internet service providers and Internet sites have been turning over computer logs to help trace the attacks that temporarily overloaded sites such as eBay and ETrade, Bentivoglio said. Requests for protective software have surged.

  Investigators prefer to trace attacks while still in progress, but that is difficult and has not been possible this week. So they are relying on computer transaction records at dozens, possibly hundreds, of company sites, university computer systems and other places. The quality of these records varies.

  "This is going to be a difficult case to crack," acknowledged Deputy Attorney General Eric Holder. "These are people who are criminals, and we will do all that we can ... to put them in jail."

  With tens of millions of dollars in losses possible, Holder said the attacks might lead to tougher penalties than the current 10-year maximum prison sentence for second offenses.

  President Clinton will meet next week with computer security experts and technology executives to talk about the attacks and his proposal for US$2 billion to protect the country's most important computer systems.

  Months ago, a Carnegie Mellon University team issued a white paper warning about denial-of-service attacks like those this week. Over the New Year's weekend, the FBI posted free software on its Web site that would allow computer owners to detect whether denial-of-service tools, known as daemons, had been secretly placed on their computers. Some 2,600 companies and others downloaded the free software, and three found daemons, triggering FBI criminal investigations.

  Daemons are later activated by a signal from a remote location or an internal timer to attack a victim computer site with so many messages it cannot handle them all. The sites get tied up and shut down, like an overloaded telephone system that gives only busy signals or no dial tone.

  The Pentagon began checking for daemons Thursday on all its computers with Internet access. The General Services Administration alerted all federal agencies about ways to detect and disable daemons.

  Dozens, or even hundreds, of zombie computers, those housing daemons, have been used in past attacks, Bentivoglio said. The daemons arrive at the victim site with phony return addresses, making them harder to trace.

  Holder said there was no evidence overseas computers were used this week, but that isn't being ruled out.

  So little is known about who launched these attacks or why, said Ron Dick, head of the FBI's computer investigations section, that potential suspects range "from a teen-aged hacker to state-supported terrorists."

  The Justice Department has trained prosecutors throughout the nation to respond quickly to computer attacks, but the law poses obstacles to cracking an attack in progress, Bentivoglio said.

  To tap a telephone line carrying an attack requires a court order, he said. Just to trace the origin of an ongoing transmission without monitoring its content also requires a court order, but one that is easier to get.

  This week, the administration sought US$37 million in additional money to set up 10 regional computer laboratories, train state and local officers and add 100 members to its computer response teams.