Anonymous attack on appears to fail

Group shifts focus of attacks on perceived WikiLeaks foes to PayPal's secure payment site

This morning's planned distributed denial of service (DDoS) attack against by Anonymous, a hacker group that has launched similar attacks against organizations it sees attempting to censor WikiLeaks, appears to have failed.

Anonymous started attacking Amazon's website at 11 a.m. EST, but quickly appeared to abandon the effort after realizing how little impact it was having, said Paul Mutton, a security analyst with U.K.-based Internet monitoring firm Netcraft.

"The attack didn't seem to make a dent on," which is not surprising considering Amazon's network infrastructure, he said. "The size of [the Anonymous] botnet was not large enough to have any impact."

Instead, the group now appears to be focusing its attention on, a secure payment transaction handling Web site, Mutton said.

The site is not currently accessible, which could be due to the attacks or because of defensive measures PayPal is taking to protect the site, he said. An Anonymous attack earlier today knocked offline for about an hour, he said.

The planned attack on was announced in an Anonymous tweet posted by Netcraft.

The provocation for attacking appears to be due to the online retailer's decision to start selling a Kindle e-book version of the leaked U.S. State Department cables after it had earlier booted WikiLeaks from its hosted cloud service.

The e-book includes the first 5,000 leaked State Department cables posted by WikiLeaks in tagged, searchable format. Amazon is offering the e-book on its U.K site for 7.37 ($11.62 U.S.).

Anonymous has begun using Internet Relay Chat (IRC) and a newly established Twitter account to announce new DDoS targets. The group's main website has been hit with numerous DDoS attacks over the past few days, and yesterday was suspended by its ISP.

Nonetheless, support for Anonymous appears to be growing as has the sophistication and use of its DDoS tools, according to security researchers.

Up to now, the loosely-affiliated group of Internet vigilantes had been more known DDoS attacks on various entertainment industry Websites over copyright enforcement issues, in an effort called Operation Payback.

Earlier this month, Anonymous' organizers announced plans to extend Operation Payback by attacking any organization perceived as attempting to censor WikiLeaks.

Over the past few days, support for the Anonymous group appears to have grown substantially, according to Sean-Paul Correll a security researcher from PandaLabs. Correll has been chronicling the attacks in a blog that is now under a DDoS attack.

The Anonymous group has made available a DDoS tool called LOIC, or Low Orbit Ion Canon, that anyone can use to link their computer into a voluntary botnet for launching DDoS attacks against specific targets.

Security firm Imperva's Hacker Intelligence Initiative, which has been closely tracking the Anonymous Group and its attacks against various Web sites, said that LOIC was originally developed as an open source network stress testing tool. It was recently tweaked to include a central command and control module, Imerva added.

LOIC host GitHub shows more than 37,000 downloads of of the tool set so far. In addition to the downloadable version of LOIC, users can install a JavaScript version of the program that does not require a download, according to Imperva.

"Operation Payback's ability to challenge serious sites and do that simultaneously is very much coupled to the introduction of the new version with its C&C capabilities," said Amichai Schulman, chief technology officer at Imperva in an e-mail. "My speculation is that due to the substantial increase in downloads, it is highly likely this is no longer just a social movement, but also a technical movement like a botnet."

According to Imperva, the hacker group is in the process of coordinating botnets with over 100,000 computers capable of generating 800 MGBPS traffic to increase the attack horsepower. An attack of this scope is likely to better test Amazon's ability to deal with DDoS attacks.

Anonymous has so far claimed responsibility for DDoS attacks against MasterCard, Visa , PayPal, EveryDNS and Swiss payment transaction firm PostFinance . Each of these organizations terminated their services to WikiLeaks after the whistleblower website began posting thousands of leaked classified cables from the U.S. State Department earlier this month.

Anonymous has also launched attacks on the Web sites of U.S. Sen. Joseph Lieberman (I-Conn.), former Alaska Gov. Sarah Palin and the Web sites of the Swedish prosecutors who are pursuing rape charges against WikiLeaks founder Julian Assange.

The attacks resulted in each of the Websites becoming unavailable for varying lengths of time. PostFinance's web site, for instance, was knocked offline for more than 33 hours, while MasterCard's main Website was down for much of Wednesday. A note posted on MasterCard's site suggested that service is still not yet fully restored.

Visa initially appeared to fend off the Anonymous DDoS attacks before it was finally knocked offline yesterday. The site appeared to be working normally this morning.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and Hackingamazon.comsecurityNetcraftpaypalgovernmentGovernment/Industries

More about Amazon.comAmazon Web ServicesCanonetworkImpervaNetcraftPayPalVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place