If you launch a DDoS attack against Amazon, it’s unwise to brag about it..

Amazon. Image from ShutterstockAuthorities in the United States have charged two men in connection with a DDoS (distributed denial-of-service) attack that crippled websites such as Amazon.com in June 2008.

25-year-old Dmitry Olegovich Zubakha, of Moscow, was arrested in Cyprus last week under an international arrest warrant, having been indicted in a federal court last year for launching botnet-powered denial-of-service attacks against Amazon.com, eBay and Priceline.

The impact of these attacks meant that customers had problems accessing the websites – meaning, effectively, that the sites stopped making money.

Here’s how the problem was described on an online forum for Amazon sellers on 6 June 2008:

Sign up to our free newsletter.
Security news, advice, and tips.

Amazon down statement, from 2008

Ars Technica reports that the indictment claims that another Russian, Sergey Viktorovich Logashov, was an accomplice of Zubakha, who contacted Priceline to offer his expertise in countering the DDoS attack they were suffering.

If that’s true, that would mean that the motive for the attacks was financial.

The two men are alleged to have – perhaps unwisely – bragged about the attacks in underground hacking forums, where it is alleged Zubakha marketed various cybercriminal services, including botnets for hire.

Law enforcement authorities have also claimed that they have traced more than 28,000 stolen credit card numbers to the men.

The American authorities are seeking Zubakha’s extradition from Cyprus, while Logashov remains at large.

Of course, there are many people around the world who have been involved in DDoS attacks. Some have done it for political or hacktivist reasons, others have tried to blackmail money out of large companies.

It’s unlikely that the DDoS problem is going to go away anytime soon – so now would be a good time to ensure that you have good defences in place to prevent your personal computer from being recruited for someone else’s online fight, and for computer users to remember that intentionally participating in a denial-of-service attack is illegal, and punishable by prison in some countries.

Image credit: Annette Shaff / Shutterstock.com


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.