DDoS-Attacks disable many shopping websites, including Amazon

Just in time for last minute Christmas shopping major shopping sites disabled

by Michael Smith (Veshengro)

London, December 26, 2009: An attack directed at the DNS provider for some of the Internet's larger e-commerce companies – including Amazon, Wal-Mart, and Expedia – took several Internet shopping sites offline on the evening of Wednesday, December 23, 2009, just two days before Christmas Day.

Neustar, the company that provides DNS services under the UltraDNS brand name, confirmed an attack took place on Wednesday afternoon, taking out sites or rendering them extremely sluggish for about an hour. A representative who answered the customer support line said the attacks were directed against Neustar facilities in Palo Alto and San Jose, Calif., and Allen Goldberg, vice president of corporate communications for Neustar, confirmed that at about 4:45 p.m. PST, "our alarms went off."

Goldberg said the company received a disproportionately high number of queries coming into the system, and analyzed it as an attack. Neustar deployed "a mitigation response" within minutes of the attack, he said, and brought matters under control within an hour. The response limited the problems to Northern California, he said.

In addition to the high-profile sites, dozens of smaller sites that rely upon Amazon for Web-hosting services were also taken down by the attack. Amazon's S3 and EC2 services were affected by the problems, according to Jeff Barr, Amazon's lead Web Evangelist, who retweeted a report to that effect without clarification and confirmed it in later tweets.

Web sites need DNS providers to translate the character-based URLs that people can remember to the IP addresses that Web sites actually use to list themselves on the Internet. When a DNS provider is overwhelmed with malicious requests for IP addresses, the system can overload and prevent legitimate users from reaching their destinations.

Amazon's Web Services Health Dashboard declared an all-clear around 6:40 p.m. PST, saying that DNS resolution had returned to normal. Amazon and several other big sites seemed to recover around 5:40 p.m., but some other sites continued to report problems until around 6 p.m.

Needless to say, the timing of such an outage could not have been much worse, as holiday procrastinators rushed to make sure they could get one-day shipping for gifts to be delivered before Christmas Day on Friday.

UltraDNS suffered a similar attack earlier this year, which took out Amazon, Salesforce.com, and other sites. Goldberg described Wednesday's attack as smaller than that one, in that it affected fewer customers.

However, Amazon is no small customer. Goldberg declined to comment on specific customers affected by the outage, and said Neustar had not yet determined the source of the attack.

One expert thought the attack might have been more widespread.

"This was wider than just UltraDNS," said Bill Woodcock, research director at Packet Clearing House, which operates domain name servers and supports Internet exchange points around the globe.

"It's difficult to tell at this point how much is a DDoS attack and how much is collateral damage from the attack that is being felt in other ways," like a domino effect, he said. "There were routing problems at some major European exchanges at the same time that caused major Internet service providers' routers to encounter a higher load and pass fewer packets."

This shows, yet again, the vulnerability of online shopping site and similar and I sincerely doubt that it will make people who have before had bad feelings about online transactions of this kind feel any better.

It could even turn ardent Internet shoppers and users of such sites off using them if such issues can occur again and again.

Not just could things go awry as regards to the shopping but it would even be possible, I should think, that such attacks are also used to get into the systems in order to obtain the details of people.

It proves, yet again, as if any more such proof was needed, that operators of sites are not tough enough on their security audit and do not play hard enough as far as defenses goes.

Alarms are fine but it should not come to a penetration at all.

© 2009