Our Terms of Service and Privacy Policy have changed.

By continuing to use this site, you are agreeing to the new Privacy Policy and Terms of Service.

Why attackers can't take down Amazon.com

anonymous_amazon.top.gifThe organizers of an attempted Amazon takedown called off the attack less than an hour later. By Julianne Pepitone, staff reporter

NEW YORK (CNNMoney.com) -- The website-attacking group "Anonymous" tried and failed to take down Amazon.com on Thursday. The group's vengeance horde quickly found out something techies have known for years: Amazon, which has built one of the world's most invincible websites, is almost impossible to crash.

Amazon has famously massive server capacity in order to handle the December e-commerce rush. That short holiday shopping window is so critical, and so intense, that even a few minutes of downtime could cost Amazon millions.

So Amazon (AMZN, Fortune 500) has spent years creating and refining an "elastic" infrastructure, called EC2, designed to automatically scale to handle giant traffic spikes. The company has so much spare server capacity, in fact, that it runs a sideline business hosting other websites. Its customers include the New York Times, Second Life, Etsy, Playfish, the Indianapolis 500 and the Washington Post.

Until last week, WikiLeaks was one of Amazon's website-hosting customers. Amazon gave WikiLeaks the boot in the wake of the site's controversial release of a trove secret U.S. State Department documents.

That put Amazon in the crosshairs of Anonymous, a group that originated on image-board site 4chan.org, which organizes swarms to try to crash the websites of those it deems enemies. In the past, Anonymous has taken down several high-profile sites, including those of the Motion Picture Association of America and the Recording Industry Association of America.

This week, Anonymous launched takedown campaigns against organizations that have shunned the site WikiLeaks. Under the banner "Operation Payback," the Anonymous group successfully crashed Mastercard.com and strained the websites of Visa and PayPal. (Mastercard and Visa's transaction networks -- which run completely independently of their websites -- were unaffected.)

Anonymous makes its attacks not through hacking, but merely by directing a giant traffic surge to the targeted website. That's called a DDoS attack, short for distributed denial-of-service -- and it's hard for most websites to defend against. The attack itself isn't sophisticated. It's the equivalent of simply hitting the "refresh" button on a website thousands of times, which attackers use automated programs to do.

But Amazon's entire business model is built around handling intense traffic spikes. The holiday shopping season essentially is a month-long DDoS attack on Amazon's servers -- so the company has spent lavishly to fortify itself.

Anonymous quickly figured that out. Less than an hour after setting its sights on Amazon, the group's organizers called off the attempt. "We don't have enough forces," they tweeted.

Instead, they decided to go hammer PayPal's API, which seems to be holding up fine under the attack. "These attacks have at times slowed the website itself down, but have not significantly impacted payments," a PayPal representative said.

So click away, holiday shoppers. Amazon's got your back.  To top of page

Index Last Change % Change
Dow 17,888.35 168.43 0.95%
Nasdaq 5,156.31 47.64 0.93%
S&P 500 2,102.63 22.22 1.07%
Treasuries 2.16 -0.06 -2.84%
Data as of 1:00am ET
Company Price Change % Change
Bank of America Corp... 17.81 0.38 2.18%
General Electric Co 30.17 0.23 0.77%
Pfizer Inc 33.62 0.85 2.59%
Microsoft Corp 55.22 0.87 1.60%
Apple Inc 117.34 -0.96 -0.81%
Data as of Dec 1


Cyber Monday saw an increase in the number of out-of-stock items this year, according to data from Adobe. More

Strong November U.S. car sales has industry poised to set a record for sales once December results are reported. More

Hive, a startup funded by the UN, is tasked with getting more Americans engaged with the refugee crisis. More

Have you heard of Harvey Mudd College? A degree from this small liberal arts school can cost more than a house, but grads earn about $92,300 a year after getting their degree. Google hired 11 Mudders last year. More