Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Networking Security

Holiday E-Commerce DDoS Attack Hits EC2 Cloud 75

Posted by Soulskill from the tis-the-season dept.
ARos writes "A holiday DDoS attack targeted a west-coast DNS provider, which is known for serving large-scale E-Commerce sites (including amazon.com and walmart.com). 'Neustar, which provides DNS services to high profile website addresses under the UltraDNS brand, said the flood of malicious traffic, just two days before Christmas, was directed at the company's facilities in San Jose and Palo Alto, and that the effects were mostly limited to California users.' CNet adds: 'In addition to the high-profile sites, dozens of smaller sites that rely upon Amazon for Web-hosting services were also taken down by the attack. Amazon's S3 and EC2 services were affected by the problems, according to Jeff Barr, Amazon's lead Web Evangelist, who retweeted a report to that effect without clarification and confirmed it in later tweets.'"
This discussion has been archived. No new comments can be posted.

Holiday E-Commerce DDoS Attack Hits EC2 Cloud More

Holiday E-Commerce DDoS Attack Hits EC2 Cloud

Comments Filter:

  • Consider extortion (Score:5, Interesting)

    by grolaw ( 670747 ) on Friday December 25, 2009 @10:00PM (#30553700) Journal

    One reason for DDoS attacks is to prove that you can shutdown a site.

    The site will pay for protection from future attacks. The offshore gambling sites have been "victims" of these attacks according to Steve Gibson.

  • Attack vectors shifting? (Score:5, Interesting)

    by horatio ( 127595 ) on Friday December 25, 2009 @10:10PM (#30553730)
    Maybe I'm wrong, but it seems like the attack vectors are shifting away from going after your target directly, but instead attacking the critical infrastructure support services like DNS.

  • Re:Why? (Score:1, Interesting)

    by Anonymous Coward on Friday December 25, 2009 @10:16PM (#30553746)

    Who is so damn board that they have nothing better to do than "attack" a web site? What feeling of accomplishment do they really get and/or what point are they trying to make? They need to get out of their mothers basement and do something with there lives.

    Step 1. DOS existing DNS server
    Step 2. Make rogue DNS server active, which returns URL's for phishing organization's transparent proxy.
    Step 3. Phish out all login, pw, and CC information.
    Step 4. Launder info or use to run fraudulent transactions.
    Step 5. Profit!

    The technical details vary, of course, as well as the specific mechanism. But in essence this is most likely what was being attempted... how successful it was remains to be seen. Or it could be any number of people, organizations, or governments that would like to see a big hit to the largest online retailers during their busiest time of year.

  • Re:Why? (Score:5, Interesting)

    by AigariusDebian ( 721386 ) <aigarius@debia[ ]rg ['n.o' in gap]> on Friday December 25, 2009 @11:13PM (#30553924) Homepage

    Ever heard of DNS cache poisoning? There really should be an investigation into this. One of the attack vectors is pretty simple - use a DDOS to slow down the response time of the real DNS servers of *.amazon.com, use a cache poisoning timing-based attack on some subset of DNS servers further down the chain (like for example at a medium-sized ISP) to replace the IP of Amazon servers with an IP of your specially prepared hijacking servers, a client goes to amazon.com, but get redirected to your server, you proxy their traffic (use a man-in-the-middle attack to defeat SSL or just use human-engineering for that) until they make a purchase and instead of proxing their credit-card info you just keep it for your self and transfer money to your accounts. Profit!

    Something like that could have taken place here, but you cann't know that until you analyse logs at Amazon and all the ISP DNS servers that could have beenaffected by this.

  • Re:East Coast, no problem (Score:3, Interesting)

    by shentino ( 1139071 ) <shentino@gmail.com> on Saturday December 26, 2009 @12:46AM (#30554144)

    Ok, here's a solution.

    Trace as many of the IPs as possible and let their owners know their computers have been jacked.

    Any of them don't do squat about it after X amount of time, confiscate their computer for knowingly aiding and abetting a criminal offense. Or something.

    Enough people get in trouble for not doing jack about their computers being infected and you can see vigilance going up.

  • Re:Why? (Score:3, Interesting)

    by tlhIngan ( 30335 ) <slashdot.worf@net> on Saturday December 26, 2009 @03:19AM (#30554624)

    Who is so damn board that they have nothing better to do than "attack" a web site? What feeling of accomplishment do they really get and/or what point are they trying to make? They need to get out of their mothers basement and do something with there lives.

    Money.

    Online gambling sites are constantly attacked by DDoS, because they have money, and their continued revenue relies on people being able to connect reliably to their servers. Thus, you can threaten to shut down a site or ask they pay $5000 or so to avoid a protection fee.

    I'm guessing in this economy, big sites like Amazon and the like are the next tempting targets. Imagine being able to shut them down during the critical shopping periods and how much money you could extort out of them.

    And with EC2, many sites are probably running on it or relying on it for backup. Kill it and you've proved to many sites that their service could go down, and hey, would you like to pay $5000 to ensure it stays up? And heck, the sites that go down, you don't even have to know what they are. If it's a big site, the news will report it. If it's a small site, you'll hear about it through various forums. Boom, instant target list for extortion.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close