Our Terms of Service and Privacy Policy have changed.

By continuing to use this site, you are agreeing to the new Privacy Policy and Terms of Service.

Why attackers can't take down Amazon.com

anonymous_amazon.top.gifThe organizers of an attempted Amazon takedown called off the attack less than an hour later. By Julianne Pepitone, staff reporter


NEW YORK (CNNMoney.com) -- The website-attacking group "Anonymous" tried and failed to take down Amazon.com on Thursday. The group's vengeance horde quickly found out something techies have known for years: Amazon, which has built one of the world's most invincible websites, is almost impossible to crash.

Amazon has famously massive server capacity in order to handle the December e-commerce rush. That short holiday shopping window is so critical, and so intense, that even a few minutes of downtime could cost Amazon millions.

So Amazon (AMZN, Fortune 500) has spent years creating and refining an "elastic" infrastructure, called EC2, designed to automatically scale to handle giant traffic spikes. The company has so much spare server capacity, in fact, that it runs a sideline business hosting other websites. Its customers include the New York Times, Second Life, Etsy, Playfish, the Indianapolis 500 and the Washington Post.

Until last week, WikiLeaks was one of Amazon's website-hosting customers. Amazon gave WikiLeaks the boot in the wake of the site's controversial release of a trove secret U.S. State Department documents.

That put Amazon in the crosshairs of Anonymous, a group that originated on image-board site 4chan.org, which organizes swarms to try to crash the websites of those it deems enemies. In the past, Anonymous has taken down several high-profile sites, including those of the Motion Picture Association of America and the Recording Industry Association of America.

This week, Anonymous launched takedown campaigns against organizations that have shunned the site WikiLeaks. Under the banner "Operation Payback," the Anonymous group successfully crashed Mastercard.com and strained the websites of Visa and PayPal. (Mastercard and Visa's transaction networks -- which run completely independently of their websites -- were unaffected.)

Anonymous makes its attacks not through hacking, but merely by directing a giant traffic surge to the targeted website. That's called a DDoS attack, short for distributed denial-of-service -- and it's hard for most websites to defend against. The attack itself isn't sophisticated. It's the equivalent of simply hitting the "refresh" button on a website thousands of times, which attackers use automated programs to do.

But Amazon's entire business model is built around handling intense traffic spikes. The holiday shopping season essentially is a month-long DDoS attack on Amazon's servers -- so the company has spent lavishly to fortify itself.

Anonymous quickly figured that out. Less than an hour after setting its sights on Amazon, the group's organizers called off the attempt. "We don't have enough forces," they tweeted.

Instead, they decided to go hammer PayPal's API, which seems to be holding up fine under the attack. "These attacks have at times slowed the website itself down, but have not significantly impacted payments," a PayPal representative said.

So click away, holiday shoppers. Amazon's got your back.  To top of page

Index Last Change % Change
Dow 16,374.76 23.38 0.14%
Nasdaq 4,733.50 -16.48 -0.35%
S&P 500 1,951.13 2.27 0.12%
Treasuries 2.17 -0.02 -1.14%
Data as of 3:52am ET
Company Price Change % Change
Bank of America Corp... 15.94 0.09 0.57%
Apple Inc 110.37 -1.97 -1.75%
Freeport-McMoRan Inc... 10.13 0.23 2.32%
Intel Corp 29.08 0.48 1.68%
Frontier Communicati... 5.52 0.31 5.95%
Data as of Sep 3
Sponsors

Sections

Americans are transforming how they eat -- paying more attention to the origins of their food and how it's made. And Kimbal Musk is at the forefront of a movement that is accelerating the rate of change. More

The Labor Department releases its August jobs report on Friday, and it will have big implications for the Federal Reserve. More

The BauBax travel jacket, with 15 built-in features, needed $20,000 on Kickstarter, but got $9 million. More

Pimco's famous fund once managed by star manager Bill Gross has less than $100 billion in management for the first time since 2007. More