Anonymous attack on Amazon.com appears to fail
Group shifts focus of attacks on perceived WikiLeaks foes to PayPal's secure payment site
Computerworld - This morning's planned distributed-denial-of-service (DDoS) attack against Amazon.com by Anonymous, a hacker group that has launched similar attacks against organizations it sees attempting to censor WikiLeaks, appears to have failed.
Anonymous started attacking Amazon's Web site at 11 a.m. Eastern time, but it appeared to quickly abandon the effort after realizing how little impact it was having, said Paul Mutton, a security analyst at U.K.-based Internet monitoring firm Netcraft.
"The attack didn't seem to make a dent on Amazon.com," which is not surprising, considering Amazon's network infrastructure, he said. "The size of [the Anonymous] botnet was not large enough to have any impact."
Instead, the group now appears to be focusing its attention on Paypal's api.Paypal.com secure payment transaction-handling Web site, Mutton said.
That site is not currently accessible, which could be because of the attacks or because of the defensive measures PayPal is taking to protect the site, he said. An Anonymous attack earlier today knocked Paypal's main site, Paypal.com, offline for about an hour, he said.
The planned attack on Amazon.com was announced in an Anonymous tweet posted by Netcraft.
The reason for the attack on Amazon.com appears to be the fact that the online retailer decided to start selling a Kindle e-book version of the leaked U.S. State Department cables after it had earlier booted WikiLeaks from its hosted cloud service.
The e-book includes the first 5,000 leaked State Department cables posted by WikiLeaks in tagged, searchable format. Amazon is offering the e-book on its U.K site for £7.37 ($11.62 U.S.).
Anonymous has begun using Internet Relay Chat (IRC) and a newly established Twitter account to announce new DDoS targets. The group's main Web site, AnonOps.net, has been hit with numerous DDoS attacks over the past few days, and it was suspended by its ISP yesterday.
Nonetheless, support for Anonymous appears to be growing, as has the sophistication and use of its DDoS tools, according to security researchers.
Up to now, the loosely affiliated group of Internet vigilantes had been more known DDoS attacks on various entertainment industry Web sites over copyright enforcement issues, in an effort called Operation Payback.
Earlier this month, Anonymous' organizers announced plans to extend Operation Payback by attacking any organization perceived as attempting to censor WikiLeaks.
Over the past few days, support for the Anonymous group appears to have grown substantially, according to Sean-Paul Correll a security researcher from PandaLabs. Correll has been chronicling the attacks in a blog that is now under a DDoS attack.
The Anonymous group has made available a DDoS tool called LOIC, or Low Orbit Ion Canon, that anyone can use to link their computer into a voluntary botnet for launching DDoS attacks against specific targets.
Security firm Imperva's Hacker Intelligence Initiative, which has been closely tracking Anonymous and its attacks against various Web sites, said that LOIC was originally developed as an open-source network stress-testing tool. It was recently tweaked to include a central command-and-control module, Imperva added.
"Operation Payback's ability to challenge serious sites and do that simultaneously is very much coupled to the introduction of the new version with its [command-and-control] capabilities," said Amichai Schulman, chief technology officer at Imperva in an e-mail. "My speculation is that due to the substantial increase in downloads, it is highly likely this is no longer just a social movement, but also a technical movement like a botnet."
According to Imperva, the hacker group is in the process of coordinating botnets with over 100,000 computers capable of generating 800MGBPS traffic to increase the attack horsepower. An attack of that magnitude is likely to better test Amazon's ability to deal with DDoS attacks.
Anonymous has so far claimed responsibility for DDoS attacks against MasterCard, Visa, PayPal, EveryDNS and Swiss payment transaction firm PostFinance. Each of those organizations terminated its service to WikiLeaks after the whistleblower Web site began posting thousands of leaked classified cables from the U.S. State Department earlier this month.
Anonymous has also launched attacks on the Web sites of U.S. Sen. Joseph Lieberman (I-Conn.), former Alaska Gov. Sarah Palin and the Web sites of the Swedish prosecutors who are pursuing rape charges against WikiLeaks founder Julian Assange.
The attacks resulted in each of the Web sites becoming unavailable for varying lengths of time. PostFinance's Web site, for instance, was knocked offline for more than 33 hours, while MasterCard's main Web site was down for much of Wednesday. A note posted on MasterCard's site suggested that service has not yet been fully restored.
Visa initially appeared to fend off the Anonymous DDoS attacks before it was finally knocked offline yesterday. The site appeared to be working normally this morning.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- Amazon.com security slip allowed unlimited password guesses on mobile apps
- Huge turnout at RSA shows hackers are winning
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts