- A day after the US Web sites of Yahoo were targeted with a denial of service attack, Amazon.com, eBay and Buy.com have all said problems experienced by their Web sites yesterday were due to similar attacks.
A denial of service attack involves not breaking into a target Web site but simply overloading it. In these attacks, routers connecting the sites to the rest of the Internet have been flooded with so much fake traffic that the router becomes unable to cope. Once this is achieved and the site is overloaded, genuine users find themselves unable to get connections.
First to be hit was Buy.com, which saw its Web site become virtually inaccessible just hours after the company successfully completed an initial public offering on the Nasdaq market in New York.
"At 10:50am PST our site experienced a slowdown due to a denial of service attack," said Buy.com in a statement attributed to chief executive officer Greg Hawkins.
"We had 800Mbit/s hit the site, which equals eight times our capacity. On average, our site runs at only 30% capacity, which gives you an idea of how unprecedented this traffic hit was. Our support staff reacted immediately, our systems performed exactly as they should have. It was strictly an outside coordinated attack to our network that prevented access to our system."
A Buy.com spokeswoman said the company's Web site was hosted with Exodus Communications Inc. and that the two companies were working together to discover as much as they could regarding the incident, but the company was "absolutely positive" the problem was a result of a malicious attack.
Later in the day it was the turn of Internet auction house eBay.
"We are experiencing an external denial of service attack," said eBay spokeswoman Jennifer Chu, speaking while the attack, which began at 3 p.m. PST, was continuing late yesterday.
"We are working with local and federal authorities, our Internet provider, ISPs and other Internet sites that have been attacked," she added. The spokeswoman said the attack affected its servers hosted at a data center run by AboveNet Communications, a San Jose, California-based unit of Metromedia Fiber Network.
The servers carried eBay's static pages -- those that are not being continuously updated, such as its main home page and company profile -- while the dynamic pages, which are hosted by a different company, were unaffected. This enabled the company to claim that the majority of its site was up and running, but in reality it meant that users could not reach the functioning pages, which include those associated with bidding, listing and searching, unless they had bookmarks that enabled them to bypass the home page.
Two hours later, at 5 p.m. PST, high-profile Internet retailer Amazon.com was attacked, the company said.
"Today, like several other major internet sites, Amazon.com came under a denial of service attack," spokesman Bill Curry said, reading from a prepared statement. "A large amount of junk traffic was directed to our site resulting in degraded service for about one hour."
At around the same time, the Web site of CNN also saw performance take a dive, said Dan Todd, director of public services at Internet performance measurement specialists Keynote Systems Inc. The company saw performance at the CNN site, which is usually above 95%, drop to 18% in the period from 4 p.m. to 4:15 p.m. PST and then drop further still to hit zero percent between 5 p.m. and 5:15 p.m.
A spokesperson for CNN Interactive was not immediately available for comment.
The attacks came a day after several of the U.S. Web sites of Yahoo were hit by a similar assault. At the time, a company spokeswoman described the attack as coordinated, coming from multiple points on the Internet, and said the amount of traffic directed at a router connecting the site to the Internet was "intense."