Slashdot Mirror
Why Anonymous Can't Take Down Amazon.com
suraj.sun writes "The website-attacking group 'Anonymous' tried and failed to take down Amazon.com on Thursday. The group's vengeance horde quickly found out something techies have known for years: Amazon, which has built one of the world's most invincible websites, is almost impossible to crash.... Anonymous quickly figured that out. Less than an hour after setting its sights on Amazon, the group's organizers called off the attempt. 'We don't have enough forces,' they tweeted."
Well done anonymous, you've just handed Amazon their marketing for their hosting services for the considerable future.
And even if you haven't, there's still a ton of suited fatcats chortling merrily about the concomitant stock price rise as they stuff their faces with expensive food and drink this holiday season.
Y'all better step it up, or this might be your Waterloo.
Linux, you magnificent bastard, I read the fucking manual!
They used the wrong tactic. The only thing that will bring down a beast like Amazon is a hardware malfunction
http://news.slashdot.org/story/10/12/13/1333223/Amazon-Says-Hardware-Not-Hackers-Caused-Outage
They should be tossing hamsters or other small rodents into their server rooms. That'll show em.
Considering the volume of traffic that Amazon is designed to handle normally, it's no real surprise that an 'attack' that amounts to a slight bump in traffic for them would barely be noticed.
Further, unlike Gawker-clan, Amazon is likely to have actual IT people working on securing their servers from just such events.
They are a -much- harder target than most places.
That being said, they are far from invincible. There's always a way in, and if Anonymous and allied entities really worked on it for a long time, they would likely find a way to at least deface the site.
That would be rather beyond the usual level of patience that Anonymous exhibits, though.
A more effective (and more 'lulzy'--hence, more interesting for Anonymous) way of 'poisoning' Amazon would be to leverage the review process, injecting more noise than signal, and thus crippling one of the key selling points that Amazon has as a purchasing platform.
Other effective methods might be to 'punish' Amazon-affiliated sellers' websites, interfering with their ability to do business based on their association with Amazon. This might be insufficiently visible, though, unless they did so in a manner which caused many of them to complain to news organizations.
DDoSing Amazon itself is, and has been for years, a waste of time--there's nothing that an entity like Anonymous can do to it with LOIC that they don't get on Black Friday anyway.
In Xanadu did Kubla Khan
A stately pleasure dome decree
In the black hat jargon impossible means that nobody has done it yet.
In soviet russia the government regulates the companies.
Death by snu-snu
I eat only the real part of complex carbohydrates.
Dear ANON;
Why not try a simple well organized boycott? I know, it sounds grossly old fashioned and just too far beneath your considerable talent, skill and angst. But, as you have found, these companies are actually trying to stay in business because they enjoy their revenue stream. If you could, say, interrupt that revenue you could get some attention. And it wouldn't be all negative attention. No one likes a screaming child, but they are soon forgot. A well mannered articulate child is remembered forever. The longer you can interrupt their revenue the more they're going to want to discuss this quibble. So... perhaps you may wish to think about a worldwide boycott? Try it for a day. If it's moderately successful, try it out for a week. Shut down Amazon, VISA and MC's money for a month and the entire globe will listen.
...for sufficiently small values of 'legion'.
Account -> Discussions -> Disable Sigs
Probably Slashdot stories about Amazon denying hosting to Wikileaks harmed more the company than the combined Anonymous attack. There is no firewall against social attacks.
Any victory of Anonymous would have been a phyrric one. It would have alienated tons of people they can now still win over. If i try very hard, i can come up with something more stupid than attacking Amazon shortly before Christmas, but it would be quite a challenge. For >50% of all people their christmas presents are more important than the fate of Julian Assange (even if he is shot "trying to escape"). Unluckily they've got a vote too. So converting them from indifference to hostile would neither help Assange nor Wikileaks.
CU, Martin
Akamai had a role to play in the defense as well.
http://news.cnet.com/8301-31921_3-20025477-281.html
Akamai says it can defend against Anon attacks
Read more: http://news.cnet.com/8301-31921_3-20025477-281.html#ixzz187QnPlDV
Akamai managers say they could have bolstered the Web sites that buckled under attacks launched recently by Internet vigilantes.
The world's largest content delivery network says it has enough servers and the right kind of network to "mitigate distributed denial-of-service (DDoS) attacks," Neil Cohen, Akamai's senior director of product marketing told CNET. DDoS describes the practice of overwhelming a Web site with traffic so that it can't be accessed.
Some well-known sites were the targets of DDoS attacks launched by a loosely connected group of WikiLeaks supporters who call themselves Anonymous or Anon for short. The group lashed out at companies they consider to be hostile to WikiLeaks, the service responsible for publicizing an enormous amount of classified U.S. government documents. Some of those attacked were MasterCard, Visa, PayPal, and Amazon.
MasterCard, Visa, and PayPal stopped processing donations made to WikiLeaks while Amazon stopped hosting WikiLeaks servers. At this point it appears that Amazon was able to withstand the attack while MasterCard and Visa's sites were inaccessible for extended periods.
Cohen said few other companies have as much experience as his with defending Web sites from this kind of threat. He said that late last month, a number of U.S. retail sites came under DDoS attack from multiple different countries. Cohen said he was unaware of who was behind it or why, but he said that Akamai helped some of the retailers withstand the onslaught of hits to their sites, which in some cases reached to 10,000 times the normal daily traffic to some of these sites. None of the sites went down, he said.
"What we did over the last decade was built out our network and we now have 80,000 servers in 70 countries," Cohen said. "We can mitigate DDoS attacks by having a server extremely close to the court rather than try to absorb the attack in one centralized location. As an attack grows in size and distributes out to more bots, we have a server near the compromised machines. As the attack gets bigger, our network scales on demand."
While there are reports that Anonymous is giving up on DDoS attacks related to the WikiLeaks case, it is unlikely that we've seen the end of them. In retaliation against the entertainment industry's antipiracy attempts, Anonymous knocked out the Web sites belonging to the Motion Picture Association of America, the Recording Industry Association of America, Hustler magazine, and the U.S. Copyright Office.
Read more: http://news.cnet.com/8301-31921_3-20025477-281.html#ixzz187QiBtJU
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
I worked there from 2000 - 2002 and, yes, my Amazon.com knowledge might be a little dated, I can tell you one thing about Amazon.com that was just as true today as it was 10 years ago; they don't mess around when it comes to server capacity and bandwidth.
Their whole online infrastructure is built to handle the busiest hours of the busiest days of online Christmas shopping. Anonymous could never ever get enough people to make a noticeable dent in Amazon.com's ability to take orders.
Linux O Muerte!
There is no such thing as an impregnable commercial website.
Never has been.
Never will be.
It doesn't actually have to be "impregnable", it just has to be able to scale larger than the resources their opposition is able to muster. They got that.
How do you get $83K? 0.095 * 24 * 365 = $832.20/year. 0.13 * 24 * 365 = $1,138.80/year. The difference is $306.60/year. It's too much for hosting either way, but we're talking about a ~36% Microsoft tax, which isn't far from the ordinary.
Amazon stated why on their blog - Wikileaks doesn't technically "own" the data, and Amazon doesn't want to be involved in distributing unauthorized material. Amazon also mentioned that there wasn't much attempt at redaction for purposes of keeping individuals safe (which is debatable). Why attack them when they aren't comfortable hosting the data?
Also, why not extend this to attacking those who aren't willing to host the data themselves? (e.g. harass random users until they setup a mirror, or at least distribute one page of a document.)
http://xkcd.com/325/
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Assange is being called a terrorist by prominent government types, and not just in the US. He's not, even if the US or other countries have laws prohibiting publishing leaked classified material - whether or not he's bound by those laws. Terrorism is an effort to make political change by credibly threatening violence, typically by actual violence followed by explicit or implied threats to repeat it. Assange does not threaten violence, and the only change his (and Wikileaks behind him) efforts try to make is to reduce secrecy. Terrorism is arguably underwritten by violence against noncombatants, and only actual state actors (and their direct partners) are exposed in these Wikileaks releases. To call Assange a terrorist for that is to call any journalist who ever publishes a secret leaked to them a terrorist, even though Assange is not as recognizable a journalist. Indeed, it's because our journalists, especially in the US, have become nearly unrecognizable as people who would tell the public what many of these leaks reveal that Assange is not as recognizable as a journalist; if "real" journalists were busier exposing America's state secrets that Americans should know about, Assange would be more clearly one of them. But then he probably wouldn't be leaking these secrets, since others would be, and he wouldn't have an audience.
But now Anonymous "defends" Assange by actually terrorizing corporations and some (ie. Sweden and Switzerland) governments. That's terrorism: the violence and the threat (do what you did to Assange, and you get hit again) is designed to counteract the political activity that harassed Assange, which makes it equally political action - that's terrorism. Those targets might have had it coming. But now it's easy for the people calling Assange a terrorist to get people to believe it. Many won't distinguish between Assange and Anonymous; many will believe that Anonymous is really Assange; many will be unable to distinguish between "Assange the leaker" (which he isn't; he's the publisher) and "Anonymous the terrorist", especially as many think Assange is a "computer hacker" (which he isn't).
Geeks are becoming familiar with the "Streisand effect" when some controller tries to suppress some released info, which draws attention to it. But that's closely related to the effect where Assange's "defenders" make public perception of Assange worse, because his "allies" are what Assange's enemies call him. You're known by the company you keep, and Anonymous has now made Assange known as a terrorist.
--
make install -not war
The correct term is "script kiddies".
We are using online payment services from SagePay in UK and almost all Mastercard transactions during the DDOS failed. Mastercard SecureCode was affected. No doubt they deny it to the press since it's quite a shame compared to Visa which had no problems with payments during DDOS.
They're just not smart enough to use them.
Should have used Amazon's EC cloud to attack Amazon itself, morons.
Classical Trojan Horse. Why bother storming the walls when once you've snuck inside you can wreak far more havoc?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.