The failed attack was noted on Anonymous’ twitter account, where it said:
“Okay, we have changed our target — the Hive isn’t big enough to attack Amazon. NEW TARGET: api.paypal.com. Port: 443. SPREAD THE WORD.
“Listen up, we’re NOT targeting Amazon. Please join The Hive or attack manually to api.paypal.com.”
Several more tweets were posted that revealed that Amazon was too big a target and that Anonymous did not have enough resources to bring it down, thought it appears that Anonymous intends to try to attack it again at a later date:
“Okay, here’s the real deal – We can not attack Amazon, currently. The previous schedule was to do so, but we don’t have enough forces.
“Though our final intention is to DDoS Amazon.com, we currently CAN NOT. The target is api.paypal.com, port 443 as shown on the main channel.”
The attack was scheduled for around 4:00pm GMT yesterday after Anonymous posted a tweet setting Amazon.com as the next DDoS target:
“New target: www.amazon.com. Time check: 1h50m. They are selling the cables. Connect your LOICs to the Hive. Attack will start soon.”
The comment about Amazon selling the cables relates to a Kindle book by Heinz Duthel which features the first 5,000 cables in the latest leak. Many have seen this as hypocrisy on Amazon’s part, since it previously pulled web hosting support for Wikileaks.
So what went wrong for Anonymous? In many ways, it’s simply a matter of Amazon having built-in capability to fend off DDoS attacks. It has a huge array of datacentres and its clouds services, including EC2, allow for rapid scaling of web hosting to cope with heavy loads, either from genuine customers in the busy Christmas shopping season or from a DDoS attack.
In fact, its European datacentre, which previously hosted Wikileaks, is in Dublin and is so large that it accounts for “more than a third of all internet-facing web servers in Ireland,” according to internet security firm Netcraft. Considering that Ireland hosts many of the big technology firms’ European datacentres, including Microsoft, Google, Yahoo, Vodafone and EMC, Amazon clearly has a large infrastructure in place that Anonymous may find impossible to bring down.
Paul Bristow Chief Operating Officer of DDoS protection firm Webscreen, speaks to TechEye:
“The Anonymous DDoS attacks first and foremost rely on there being enough “public support” to launch a DDoS attack powerful to cause a service interruption or outage.
“I believe that in the case of Amazon there was not the same level of public support for an attack as there was for attacks on MasterCard, PayPal, Visa and Swiss Bank, who because of the financial nature of their business are easy targets.
“With regards to what should the companies that suffered service interruptions do, first they need an urgent independent review of their systems and infrastructure to establish the reasons why they suffered service interruptions. Typically the “Targeted Flash Crowd” DDoS attacks used by Anonymous and others exploit backend weakness, so having huge amount of bandwidth does not help.
“Targeted Flash Crowd” attacks are designed to exploit the inherent weaknesses of old fashioned “rules” based security products and that is why so many organisations are today investing in Heuristic DDoS technology with its inbuilt intelligence and real time dynamic functionality.”