Slashdot Mirror
Why Anonymous Can't Take Down Amazon.com
suraj.sun writes "The website-attacking group 'Anonymous' tried and failed to take down Amazon.com on Thursday. The group's vengeance horde quickly found out something techies have known for years: Amazon, which has built one of the world's most invincible websites, is almost impossible to crash.... Anonymous quickly figured that out. Less than an hour after setting its sights on Amazon, the group's organizers called off the attempt. 'We don't have enough forces,' they tweeted."
Well done anonymous, you've just handed Amazon their marketing for their hosting services for the considerable future.
And even if you haven't, there's still a ton of suited fatcats chortling merrily about the concomitant stock price rise as they stuff their faces with expensive food and drink this holiday season.
Y'all better step it up, or this might be your Waterloo.
Linux, you magnificent bastard, I read the fucking manual!
They used the wrong tactic. The only thing that will bring down a beast like Amazon is a hardware malfunction
http://news.slashdot.org/story/10/12/13/1333223/Amazon-Says-Hardware-Not-Hackers-Caused-Outage
They should be tossing hamsters or other small rodents into their server rooms. That'll show em.
Looks like they've been officially downgraded from "hackers" to "website-attackers". Too bad.
But the collateral damage would be too high and piss off far too many other people. Plus it they would have to use a different tool.
Considering the volume of traffic that Amazon is designed to handle normally, it's no real surprise that an 'attack' that amounts to a slight bump in traffic for them would barely be noticed.
Further, unlike Gawker-clan, Amazon is likely to have actual IT people working on securing their servers from just such events.
They are a -much- harder target than most places.
That being said, they are far from invincible. There's always a way in, and if Anonymous and allied entities really worked on it for a long time, they would likely find a way to at least deface the site.
That would be rather beyond the usual level of patience that Anonymous exhibits, though.
A more effective (and more 'lulzy'--hence, more interesting for Anonymous) way of 'poisoning' Amazon would be to leverage the review process, injecting more noise than signal, and thus crippling one of the key selling points that Amazon has as a purchasing platform.
Other effective methods might be to 'punish' Amazon-affiliated sellers' websites, interfering with their ability to do business based on their association with Amazon. This might be insufficiently visible, though, unless they did so in a manner which caused many of them to complain to news organizations.
DDoSing Amazon itself is, and has been for years, a waste of time--there's nothing that an entity like Anonymous can do to it with LOIC that they don't get on Black Friday anyway.
In Xanadu did Kubla Khan
A stately pleasure dome decree
Amazon is one of the biggest (if not the biggest) shops on the internet. They need to stand up while taking a hammering every Xmas. If anyone is going to have a superior infrastructure it will be Amazon.
EC2 Standard On-Demand Instances Pricing
Linux/UNIX Usage Small (Default) $0.095 per hour Windows Usage $0.13 per hour
Features of Elastic Load Balancing
Using Elastic Load Balancing, you can distribute incoming traffic across your Amazon EC2 instances in a single Availability Zone or multiple Availability Zones. Elastic Load Balancing automatically scales its request handling capacity in response to incoming application traffic.
Elastic Load Balancing can detect the health of Amazon EC2 instances. When it detects unhealthy load-balanced Amazon EC2 instances, it no longer routes traffic to those Amazon EC2 instances instead spreading the load across the remaining healthy Amazon EC2 instances.
Elastic Load Balancing supports the ability to stick user sessions to specific EC2 instances.
Elastic Load Balancing supports SSL termination at the Load Balancer, including offloading SSL decryption from application instances and providing centralized management of SSL certificates.
Elastic Load Balancing metrics such as request count and request latency are reported by Amazon CloudWatch.
Linux instances are much, much cheaper.
He who knows best knows how little he knows. - Thomas Jefferson
In the black hat jargon impossible means that nobody has done it yet.
In soviet russia the government regulates the companies.
Death by snu-snu
I eat only the real part of complex carbohydrates.
But the collateral damage would be too high and piss off far too many other people. Plus it they would have to use a different tool.
Pfffffftttt. No they couldn't. Anonymous are a bunch of vigilante dorks with delusions of grandeur. They had no chance.
Next up, law enforcement will now start catching the kids and scaring the shit out of them while their mommies and daddies cough up their kid's college funds to keep them out of jail.
Morons.
Dear ANON;
Why not try a simple well organized boycott? I know, it sounds grossly old fashioned and just too far beneath your considerable talent, skill and angst. But, as you have found, these companies are actually trying to stay in business because they enjoy their revenue stream. If you could, say, interrupt that revenue you could get some attention. And it wouldn't be all negative attention. No one likes a screaming child, but they are soon forgot. A well mannered articulate child is remembered forever. The longer you can interrupt their revenue the more they're going to want to discuss this quibble. So... perhaps you may wish to think about a worldwide boycott? Try it for a day. If it's moderately successful, try it out for a week. Shut down Amazon, VISA and MC's money for a month and the entire globe will listen.
Look, in the history of the Internet (and I was on ARPA*NET) there is no such thing as an impregnable web site.
There are many ways - brute force attacks are the easiest for botnets run by scriptkidlings, but reverse engineering attempts inside the structure, provider links thru points of contacts, poisoning DNS entries, the methods are literally in the thousands that could easily be used.
When faced with a heavily defended commercial gate, realize that communication methods exist for suppliers, partners, consumer communication, etc.
Heck, just spam with login capture for valid accounts will get you the ability to poison the customer experience if you target it for stress time running up to Christmas.
There is no such thing as an impregnable commercial website.
Never has been.
Never will be.
-- Tigger warning: This post may contain tiggers! --
yet, that is ...
Read radical news here
...for sufficiently small values of 'legion'.
Account -> Discussions -> Disable Sigs
Probably Slashdot stories about Amazon denying hosting to Wikileaks harmed more the company than the combined Anonymous attack. There is no firewall against social attacks.
Any victory of Anonymous would have been a phyrric one. It would have alienated tons of people they can now still win over. If i try very hard, i can come up with something more stupid than attacking Amazon shortly before Christmas, but it would be quite a challenge. For >50% of all people their christmas presents are more important than the fate of Julian Assange (even if he is shot "trying to escape"). Unluckily they've got a vote too. So converting them from indifference to hostile would neither help Assange nor Wikileaks.
CU, Martin
"All you base are belong to..... oh, never mind........" ~Anonymous
Akamai had a role to play in the defense as well.
http://news.cnet.com/8301-31921_3-20025477-281.html
Akamai says it can defend against Anon attacks
Read more: http://news.cnet.com/8301-31921_3-20025477-281.html#ixzz187QnPlDV
Akamai managers say they could have bolstered the Web sites that buckled under attacks launched recently by Internet vigilantes.
The world's largest content delivery network says it has enough servers and the right kind of network to "mitigate distributed denial-of-service (DDoS) attacks," Neil Cohen, Akamai's senior director of product marketing told CNET. DDoS describes the practice of overwhelming a Web site with traffic so that it can't be accessed.
Some well-known sites were the targets of DDoS attacks launched by a loosely connected group of WikiLeaks supporters who call themselves Anonymous or Anon for short. The group lashed out at companies they consider to be hostile to WikiLeaks, the service responsible for publicizing an enormous amount of classified U.S. government documents. Some of those attacked were MasterCard, Visa, PayPal, and Amazon.
MasterCard, Visa, and PayPal stopped processing donations made to WikiLeaks while Amazon stopped hosting WikiLeaks servers. At this point it appears that Amazon was able to withstand the attack while MasterCard and Visa's sites were inaccessible for extended periods.
Cohen said few other companies have as much experience as his with defending Web sites from this kind of threat. He said that late last month, a number of U.S. retail sites came under DDoS attack from multiple different countries. Cohen said he was unaware of who was behind it or why, but he said that Akamai helped some of the retailers withstand the onslaught of hits to their sites, which in some cases reached to 10,000 times the normal daily traffic to some of these sites. None of the sites went down, he said.
"What we did over the last decade was built out our network and we now have 80,000 servers in 70 countries," Cohen said. "We can mitigate DDoS attacks by having a server extremely close to the court rather than try to absorb the attack in one centralized location. As an attack grows in size and distributes out to more bots, we have a server near the compromised machines. As the attack gets bigger, our network scales on demand."
While there are reports that Anonymous is giving up on DDoS attacks related to the WikiLeaks case, it is unlikely that we've seen the end of them. In retaliation against the entertainment industry's antipiracy attempts, Anonymous knocked out the Web sites belonging to the Motion Picture Association of America, the Recording Industry Association of America, Hustler magazine, and the U.S. Copyright Office.
Read more: http://news.cnet.com/8301-31921_3-20025477-281.html#ixzz187QiBtJU
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
I worked there from 2000 - 2002 and, yes, my Amazon.com knowledge might be a little dated, I can tell you one thing about Amazon.com that was just as true today as it was 10 years ago; they don't mess around when it comes to server capacity and bandwidth.
Their whole online infrastructure is built to handle the busiest hours of the busiest days of online Christmas shopping. Anonymous could never ever get enough people to make a noticeable dent in Amazon.com's ability to take orders.
Linux O Muerte!
It doesn't actually have to be "impregnable", it just has to be able to scale larger than the resources their opposition is able to muster. They got that.
Um. No.
The perception of safety and reasonable consumer response is what matters, not the reality.
-- Tigger warning: This post may contain tiggers! --
way of 'poisoning' Amazon would be to leverage the review process
Almost impossible, since comments are meta-moderated so junk would go to the bottom, and an automated comment poster would be easily detected and blocked.
As for punishing the affiliates, that's probably even harder than Amazon itself since there are so many...
I was thinking the same thing about Black Friday, Amazon did go a bit slow at times then. That was probably an exiting day for IT.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Amazon stated why on their blog - Wikileaks doesn't technically "own" the data, and Amazon doesn't want to be involved in distributing unauthorized material. Amazon also mentioned that there wasn't much attempt at redaction for purposes of keeping individuals safe (which is debatable). Why attack them when they aren't comfortable hosting the data?
Also, why not extend this to attacking those who aren't willing to host the data themselves? (e.g. harass random users until they setup a mirror, or at least distribute one page of a document.)
Seem like a large number of anon are younger kids and the "basement dweller" types. They are not really the sorts who spend a lot of money and thus not the sort who matter much in terms of a boycott. I doubt they'd be noticed. In terms of organizing larger groups, good luck with that. For that you need respect which is something they sorely lack. The people who inhabit /b/ are not the sorts that most people are going to be going to for advice.
The website-attacking group 'Anonymous' tried and failed to take down Amazon.com on Thursday. The group's vengeance horde quickly found out something techies have known for years: Amazon, which has built one of the world's most invincible websites, is almost impossible to crash.... Anonymous quickly figured that out.
Good thing they not only found it out, they figured it out.
~3k characters summary to 91 : "Amazon has famously massive server capacity in order to handle the December e-commerce rush." ..or was there any other info regarding the title of the article?
There's no patch for stupidity
http://xkcd.com/325/
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Assange is being called a terrorist by prominent government types, and not just in the US. He's not, even if the US or other countries have laws prohibiting publishing leaked classified material - whether or not he's bound by those laws. Terrorism is an effort to make political change by credibly threatening violence, typically by actual violence followed by explicit or implied threats to repeat it. Assange does not threaten violence, and the only change his (and Wikileaks behind him) efforts try to make is to reduce secrecy. Terrorism is arguably underwritten by violence against noncombatants, and only actual state actors (and their direct partners) are exposed in these Wikileaks releases. To call Assange a terrorist for that is to call any journalist who ever publishes a secret leaked to them a terrorist, even though Assange is not as recognizable a journalist. Indeed, it's because our journalists, especially in the US, have become nearly unrecognizable as people who would tell the public what many of these leaks reveal that Assange is not as recognizable as a journalist; if "real" journalists were busier exposing America's state secrets that Americans should know about, Assange would be more clearly one of them. But then he probably wouldn't be leaking these secrets, since others would be, and he wouldn't have an audience.
But now Anonymous "defends" Assange by actually terrorizing corporations and some (ie. Sweden and Switzerland) governments. That's terrorism: the violence and the threat (do what you did to Assange, and you get hit again) is designed to counteract the political activity that harassed Assange, which makes it equally political action - that's terrorism. Those targets might have had it coming. But now it's easy for the people calling Assange a terrorist to get people to believe it. Many won't distinguish between Assange and Anonymous; many will believe that Anonymous is really Assange; many will be unable to distinguish between "Assange the leaker" (which he isn't; he's the publisher) and "Anonymous the terrorist", especially as many think Assange is a "computer hacker" (which he isn't).
Geeks are becoming familiar with the "Streisand effect" when some controller tries to suppress some released info, which draws attention to it. But that's closely related to the effect where Assange's "defenders" make public perception of Assange worse, because his "allies" are what Assange's enemies call him. You're known by the company you keep, and Anonymous has now made Assange known as a terrorist.
--
make install -not war
It would be hard to be perceived as safe if their shit were always down. It isn't. Perception and reality aren't the same thing, but there's definitely a positive correlation.
Twitter is another one there was talk of them going for, which would have been futile. Recent data suggests that around 8% of internet users on any given day visit Twitter. Twitter is handling an average of 50000 requests/second (combined website users and API requests from programs).
You can't DDoS a site whose normal load from its customers is orders of magnitude more than what your 500-1000 participants can generate.
This is also why they failed to cause any serious damage to the credit card companies and to Paypal. All they got on those sites were machines that mostly just provide information. It would be the equivalent of anti-abortion protestors trying to take out an abortion clinic by going into the lobby and taking all the brochures.
As much as I silently approve of Anonymous' vengeance tactics here (implicitly by not condemning them), I'm glad they weren't able to crash Amazon simply because of my dedication to Penny Arcade's Child's Play Charity drive. The main vehicle for donations is Amazon and I'd hate to see the kids in Children's Hospitals make due with less because of a vengeance ploy.
We are using online payment services from SagePay in UK and almost all Mastercard transactions during the DDOS failed. Mastercard SecureCode was affected. No doubt they deny it to the press since it's quite a shame compared to Visa which had no problems with payments during DDOS.
They only prove when a site is ridiculously underpowered or trivially exploitable. For all the success they've had trolling local news pieces to portray them as scary, unstoppable hackers, they are a bunch of random people with time to browse the web for all sorts of details on random people and be script kiddies.
XML is like violence. If it doesn't solve the problem, use more.
The article says that Amazon can scale rapidly and quickly, but the title of the post led me to believe we would learn how they do this. I was expecting more...
It would be great to learn what technology is used to accomplish this rapid scale, as well as what network components support this.
That's no ordinary website, that's the most foul, cruel and bad tempered online store you ever set your browser to.
YOU tit! I soiled my internet botnet I was so scared.
Look, That online store has free shipping on eligable orders over $25.
CHAAAAAARG!!!!!
...
RUN AWAY! RUN AWAY!
Where was Tim The Enchanter during all of this? And is it wrong that this is the first thing I thought when I read the summary?
...CNN Money considers Amazon as a "website".
Amazon is perhaps the most DDOS resistant website of all ".com" servers on the planet now, this is further reinforced by the fact that they operate one of the largest cloud hosting in the cyberspace today, that means that they can offload tons of traffic to countless backup servers. It is futile to attack the disseminated state-of-the-art content servers behind their domain, on the other hand, attack on the their DNS servers could still be somewhat achievable, but I have no doubt they have huge scale-up and backup measures for those too.
..... I'm going to go do some shopping at Amazon. If we all shop their, eventually it will crash and they won't be able to do any more business.
Ceci n'est pas un sig.
They're just not smart enough to use them.
Should have used Amazon's EC cloud to attack Amazon itself, morons.
Classical Trojan Horse. Why bother storming the walls when once you've snuck inside you can wreak far more havoc?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
The only way to take down Amazon would be to announce super-special, super-limited deals, like an XBox or TV for 90% off, at a certain time of day. Or host a woot-off and bring up a bag of crap.
LRN 2 SWM
"...website-attacking group 'Anonymous' ..."
In other news, temporary lodging provider The US Army and shipping group The US Navy have blocked their members from using porn-delivery mechanism The Internet.
Oh wait...
The crimes of eBay are a disgrace to it's pig latin heritage!
If Anon were a Fight Club as soon as Edward Norton gave the signal all combatants would go to neutral corners and start masturbating. I read the xscript of a really funny xchange between some /b/tards and a livejasmin.com girl thje other night though. There's always that.
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
Nope, the best and optimal way to take down Amazon, or Sweden or Switzerland, is to blackhole them. Firewall a country so no IP network traffic comes in or out....in fact, I suspect the proper widgets may just be in place for such an event.
You after reading this litany of comments I just do not understand why many of you are alive. You are telling ANON to just give up. Fuck you. If everyone had ever given up then you'd not be in a position to make your comments with such ease. This post makes me rather disappointed.
Wasn't one of the reasons Amazon used to kick wikileaks the fact that they were getting DDoSed? And that it hurted their business?
So a DDoS directed at a site in EC2 is disruptive enough to kick them out, but a massive DDoS directed at Amazon is nothing special.
I think Anonymous at least proved that the real reason Amazon kicked wikileaks had nothing to do with DDoS.
Why not try a simple well organized boycott?
At first glance, I read that as bobcat, and I though, "That's silly, they would never fall for the old 'bobcat in the server room trick'". I think I have been reading too many Amazon product reviews....
HA! I just wasted some of your bandwidth with a frivolous sig!
Reminds me of the little story in The Hitchhikers Guide to the Universe, about the fleet created to attack Arthur Dent, but there was a slight miscalculation about size, and a dog ate the entire fleet. Seems like these guys also made a slight miscalculation.
Anonymous attacks, Amazon says "what is that stupid dog doing?"
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
They may bring down our diplomats.
They may bring down our banks.
But they CANNOT bring down our Kindles!
I am anarch of all I survey.
'We don't have enough forces,' they tweeted."
More like they retweeted!
I'll be here all night :-)
They should be tossing hamsters or other small rodents into their server rooms. That'll show em.
Sure, but it's awfully hard to do that from your mom's basement.
Not really, the Internet is like a series of tubes. Like a Habitrail.
Which, ironically, you can buy at Amazon during a DDoS attack!
I took down Amazon for about 5 minutes about 10 years ago. But I was their BGP guy back then.
-- I have a private email server in my basement.
i was actually wanting to say 'fisturize'
Read radical news here
Yeah! Take that, Amazon! The haxors wi... oh. Nevermind.
What we are seeing here has been seen before. If you ever wondered just why TV, radio and the newspapers all seem to be controlled by a handfull of men, then you must realize that this was not always the case. The first newspapers were created by concerned citizens, reasonably well off concernced citizens who could afford to setup a new business but hardly the super rich.
First radio? Amateurs, geeks and nerds of their day who took their hobby of messing about with this new stuff to a new level. Ham radio to the max. Television? Same thing, done from peoples living room. Some dutch broadcasting license holders still got it in their name AVRO (Algemene Vereniging Radio Omroep) Veronica started as a pirate station to bring the new music of the age to the airwaves that the by then established AVRO and others didn't play. Or not enough.
But Veronica, the pirate, went commerical and were bought out. Nothing of its original nature remains, it is now a mere name in SBS Broadcasting. A soulless mega-corp were absolutely nothing counts but ad-revenue.
Yet how did this happen? How did we go from amateur and politically motivated Radio, TV and newspapers to the current mass-produced elite controlled bland media?
It is simple. Scale. Veronica tried to go commercial on its own (the dutch broadcasting system is inexplainable but briefly, Veronica became part of the public network by a system where air time is allocated according to the number of subscribers a broadcaster has, there also exist commercial stations that opperate without a license fee support (used to be collected same as for the BBC, now it is part of normal taxes)) and failed. To small to survive this mistake it was bought and split up. A troublesome station, silenced. Veronica ONCE had a rather good news program with one of the few tv-presentors that actually followed up with though questions. Now it is the beavus and butthead station. It ALWAYS was young but with hints of rebellion and some principles, now it is just an MTV light. The young and mindless.
As time moved on, radio stations, newspapers and tv broadcasters were bought up, consolidated with any small operator being unable to afford any stumble without it being preyed upon by richer soulless companies. Meanwhile the costs of starting a new newspaper, a new radio staton a new tv station became higher and higher. Who after all is going to run an add on a local station with no known talent or must-watch-tv when for the same money he can air his add nationwide?
It has lead to the situation that right now a lot of media is controlled by just a few people who have very disturbing connections. Do you really expect Ruper Murdoch to dive into a banking scandal when he is close mated with the bankers? Of course not.
BUT the internet is free... yeah, it used to be... but now, even a widely distrubuted site like Wikileaks can be severely hampered, raising the cost to Wikileaks to remain online. And how are they going to pay for it? Maybe use a small banker with high principles... oh but all the banks consolidated. Maybe use a small ISP with high principles.... oh but all the ISP's consolidated... maybe use a DNS provider with high principles... oh but they can't afford to have their main business hurt by the DDOS attack from "unknown" sources, less the consoloidated banks that fund them recall their loans.
Freedom requires more then just a few words on a piece of paper or even an honest legal system. It requires the means to excercise the freedom or it becomes meaningless. Freedom to protest in your capitol means nothing if you have no means to get there. If taking a day to march means you are fired from your job, loose your mortage etc etc. This is nothing new. It has been common practice for the elite to use threath of unemployment, to stop workers from protesting, from forming unions, from voting for the wrong candidate. By all means vote left, just don't count on your local banker to grant you a mortage or to find a job at the local factory.
Amazon is
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
because they are an advertisement company, not a web hosting one.
Wealth is the gift that keeps on giving.
I concur with you on this. I would say that their only accomplishment is that, before Anonymous threw their antics, corporations were seen in public opinion as bullies who sued teenagers and who corrupted politicians to pass laws that screwed the consumers. Now, with the help of those self-elected heroes, the same corporations are getting free press staging as victims.
Interesting point. Anonymous is basically just the teenagers striking back at the corporations. The problem is that the corporations' attacks are legal and effective, whereas Anonymous's attacks are illegal and ineffective. Clearly, regular people need more effective legal weapons that they can use against corporations. (Well alright, there's always the boycott.)
...its a space station!
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Who gives a fuck about legal - I just hope some gray-hat vigilante hijacks a botnet or two and leaves a steaming ash covered crater where PayPal/Amazon/MasterCard/Visa/Sony/Disney/Time Warner/Government servers were. Think about it - say you only get 10k nodes × 10Mbps = 100Gbps. That's backbone grade bandwidth, and Anonymous would welcome anyone to their ranks. Well, a man can dream...
I know tobacco is bad for you, so I smoke weed with crack.