If you launch a DDoS attack against Amazon, it's unwise to brag about it..

Filed Under: Denial of Service, Featured, Law & order, Malware, Vulnerability

Amazon. Image from ShutterstockAuthorities in the United States have charged two men in connection with a DDoS (distributed denial-of-service) attack that crippled websites such as Amazon.com in June 2008.

25-year-old Dmitry Olegovich Zubakha, of Moscow, was arrested in Cyprus last week under an international arrest warrant, having been indicted in a federal court last year for launching botnet-powered denial-of-service attacks against Amazon.com, eBay and Priceline.

The impact of these attacks meant that customers had problems accessing the websites - meaning, effectively, that the sites stopped making money.

Here's how the problem was described on an online forum for Amazon sellers on 6 June 2008:

Amazon down statement, from 2008

Ars Technica reports that the indictment claims that another Russian, Sergey Viktorovich Logashov, was an accomplice of Zubakha, who contacted Priceline to offer his expertise in countering the DDoS attack they were suffering.

If that's true, that would mean that the motive for the attacks was financial.

The two men are alleged to have - perhaps unwisely - bragged about the attacks in underground hacking forums, where it is alleged Zubakha marketed various cybercriminal services, including botnets for hire.

Law enforcement authorities have also claimed that they have traced more than 28,000 stolen credit card numbers to the men.

The American authorities are seeking Zubakha's extradition from Cyprus, while Logashov remains at large.

Of course, there are many people around the world who have been involved in DDoS attacks. Some have done it for political or hacktivist reasons, others have tried to blackmail money out of large companies.

It's unlikely that the DDoS problem is going to go away anytime soon - so now would be a good time to ensure that you have good defences in place to prevent your personal computer from being recruited for someone else's online fight, and for computer users to remember that intentionally participating in a denial-of-service attack is illegal, and punishable by prison in some countries.

Image credit: Annette Shaff / Shutterstock.com

, , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.