• Recommend:
• 0 Comments

Hackers Hammer the Web

Denial of service attacks cripple Amazon.com, eBay, and other major sites.

By Martyn Williams, IDG News   

A denial of service attack involves not breaking into a target Web site but simply overloading it. In these attacks, routers connecting the sites to the rest of the Internet are flooded with so much fake traffic that the router becomes unable to cope. Once this is achieved and the site is overloaded, genuine users find themselves unable to get connections.

Bye-Bye Buy.com

First hit was Buy.com, which saw its Web site become virtually inaccessible just hours after the company successfully completed an initial public offering.

"At 10:50 a.m. PST our site experienced a slowdown due to a denial of service attack," said Buy.com in a statement attributed to Chief Executive Officer Greg Hawkins.

"We had 800 megabits per second hit the site, which equals eight times our capacity. On average, our site runs at only 30 percent capacity, which gives you an idea of how unprecedented this traffic hit was. Our support staff reacted immediately, our systems performed exactly as they should have. It was strictly an outside coordinated attack to our network that prevented access to our system."

A Buy.com spokesperson says the company's Web site is hosted with Exodus Communications and that the two companies are working together to discover as much as they can regarding the incident, but the company is "absolutely positive" the problem is the result of a malicious attack.

eBay: Going, Going, Gone

Later in the day it was the turn of Internet auction house eBay.

"We are experiencing an external denial of service attack," says eBay spokesperson Jennifer Chu, speaking while the attack, which began at 3 p.m. PST, was continuing late Tuesday.

"We are working with local and federal authorities, our Internet provider, ISPs, and other Internet sites that have been attacked," she adds. Chu says the attack affected its servers hosted at a data center run by AboveNet Communications.

The servers carry eBay's static pages--those that are not being continuously updated, such as its main home page and company profile. The dynamic pages, which are hosted by a different company, were unaffected. This enabled the company to claim that the majority of its site was up and running, but in reality it meant that users could not reach the functioning pages, which include those associated with bidding, listing, and searching, unless they had bookmarks that enabled them to bypass the home page.

Amazon.com Floods Out

Two hours later, at 5 p.m. PST, high-profile Internet retailer Amazon.com was attacked, the company says.

"Today, like several other major internet sites, Amazon.com came under a denial of service attack," spokesperson Bill Curry says. "A large amount of junk traffic was directed to our site, resulting in degraded service for about one hour."

At around the same time, the Web site of CNN also saw performance take a dive, says Dan Todd, director of public services at Internet performance measurement specialists Keynote Systems. The company saw performance at the CNN site, which is usually above 95 percent, drop to 18 percent in the period from 4 p.m. to 4:15 p.m. PST and then drop further still to hit zero between 5 p.m. and 5:15 p.m.

A spokesperson for CNN Interactive was not immediately available for comment.

The attacks came a day after Yahoo was hit by a similar assault. At the time, a company spokesperson described the attack as coordinated, coming from multiple points on the Internet, and said the amount of traffic directed at a router connecting the site to the Internet was "intense."