Our Terms of Service and Privacy Policy have changed.

By continuing to use this site, you are agreeing to the new Privacy Policy and Terms of Service.

Why attackers can't take down Amazon.com

anonymous_amazon.top.gifThe organizers of an attempted Amazon takedown called off the attack less than an hour later. By Julianne Pepitone, staff reporter


NEW YORK (CNNMoney.com) -- The website-attacking group "Anonymous" tried and failed to take down Amazon.com on Thursday. The group's vengeance horde quickly found out something techies have known for years: Amazon, which has built one of the world's most invincible websites, is almost impossible to crash.

Amazon has famously massive server capacity in order to handle the December e-commerce rush. That short holiday shopping window is so critical, and so intense, that even a few minutes of downtime could cost Amazon millions.

So Amazon (AMZN, Fortune 500) has spent years creating and refining an "elastic" infrastructure, called EC2, designed to automatically scale to handle giant traffic spikes. The company has so much spare server capacity, in fact, that it runs a sideline business hosting other websites. Its customers include the New York Times, Second Life, Etsy, Playfish, the Indianapolis 500 and the Washington Post.

Until last week, WikiLeaks was one of Amazon's website-hosting customers. Amazon gave WikiLeaks the boot in the wake of the site's controversial release of a trove secret U.S. State Department documents.

That put Amazon in the crosshairs of Anonymous, a group that originated on image-board site 4chan.org, which organizes swarms to try to crash the websites of those it deems enemies. In the past, Anonymous has taken down several high-profile sites, including those of the Motion Picture Association of America and the Recording Industry Association of America.

This week, Anonymous launched takedown campaigns against organizations that have shunned the site WikiLeaks. Under the banner "Operation Payback," the Anonymous group successfully crashed Mastercard.com and strained the websites of Visa and PayPal. (Mastercard and Visa's transaction networks -- which run completely independently of their websites -- were unaffected.)

Anonymous makes its attacks not through hacking, but merely by directing a giant traffic surge to the targeted website. That's called a DDoS attack, short for distributed denial-of-service -- and it's hard for most websites to defend against. The attack itself isn't sophisticated. It's the equivalent of simply hitting the "refresh" button on a website thousands of times, which attackers use automated programs to do.

But Amazon's entire business model is built around handling intense traffic spikes. The holiday shopping season essentially is a month-long DDoS attack on Amazon's servers -- so the company has spent lavishly to fortify itself.

Anonymous quickly figured that out. Less than an hour after setting its sights on Amazon, the group's organizers called off the attempt. "We don't have enough forces," they tweeted.

Instead, they decided to go hammer PayPal's API, which seems to be holding up fine under the attack. "These attacks have at times slowed the website itself down, but have not significantly impacted payments," a PayPal representative said.

So click away, holiday shoppers. Amazon's got your back.  To top of page

Index Last Change % Change
Dow 17,751.39 121.12 0.69%
Nasdaq 5,111.73 22.53 0.44%
S&P 500 2,108.57 15.32 0.73%
Treasuries 2.28 0.03 1.29%
Data as of 4:12am ET
Company Price Change % Change
Bank of America Corp... 18.16 0.28 1.57%
Facebook Inc 96.99 1.70 1.78%
Ford Motor Co 15.21 0.53 3.61%
Pfizer Inc 35.76 0.41 1.16%
AT&T Inc 34.69 0.36 1.05%
Data as of Jul 29
Sponsors

Sections

India is set to surpass China as the world's most populous country -- and much sooner than previously thought. More

A study by research institute Data & Society claims Uber uses phantom cars to attract customers. More

Walter Palmer's dental business is effectively frozen after he admitted killing Zimbabwe's protected lion Cecil. More

You can't blame it on the economy anymore. More Millennials now have jobs, but are still living at home. More