Introduction About Site Map

XML
RSS 2 Feed RSS 2 Feed
Navigation

Main Page | Blog Index

Thursday, July 2nd, 2015, 8:54 am

Amazon Says I Need to Sue in Order to Merely Find Out Who Uses Their Own Facilities (AWS) to Attack My Site (Update)

AWS logo

OVER the past few days I spent a lot of time (never mind emotional impact) pressuring Amazon, having already spent a lot of time battling DDOS attacks which rendered my biggest site inaccessible. After much stonewalling (I had to repeat my request about 5 times only to receive useless replies or no replies at all) I got a message. It took a very long time and much strongly-worded nagging and I finally got a reply (after a day and a half of silence) saying that Amazon cannot “release any customer information upon request. You will need to provide a valid subpoena issued by a court of law” (i.e. start legal action).

So in layman’s terms, my site got attacked by Amazon servers which were rented out to an Amazon customer and when when I ask Amazon who is doing this (so that I can take action) they say they cannot tell me and that I must go to expensive lawyers to do so, wasting both time and money in a courtroom.

I have secured evidence of the attacks by now. Tomorrow I may visit some local attorneys, provided any of them might even know what DDOS means (British police certainly didn’t understand what I was talking about when I took my complaints to them).

Here is Amazon’s reply in full:

Hello Roy,

I apologize that you are not satisfied with the communication that you have been receiving. I’d also like to apologize that you were not told that our privacy policy does not permit us to release any customer information upon request. You will need to provide a valid subpoena issued by a court of law. I am sure that you understand that there are laws we need to follow and I would also like to thank you for reporting this as we take security very seriously.

Please forward the subpoena documentation to:

Amazon.com, Inc.
Corporation Service Company
300 Deschutes Way SW, Suite 304
Tumwater, WA 98501
Attn: Legal Department – Subpoena

The request should include the IP address(es) as well as an exact, accurate timestamp, including the timezone, associated with each address.

I apologize for any inconvenience caused by privacy laws. I can assure you that the matter is being dealt with by our specialized abuse team.

I hope that this is helpful.

Thank you for your inquiry. Did I solve your problem?

If yes, please click here:

http://www.amazon.com/gp/help/survey?p=A2O0DWEQD3E8HK&k=hy

If no, please click here:

http://www.amazon.com/gp/help/survey?p=A2O0DWEQD3E8HK&k=hn

Best regards,

[redacted]

http://aws.amazon.com

In short: Waste of money and time in order to find out who’s engaging in abuse, which is very much ridiculous. Amazon is just covering its own behind in case of lawsuits from the client over revelation of identity. Since the abusive servers are Amazon’s I suppose I can just start legal action against Amazon itself, both for DDOS and for refusal to respond to my questions regarding accountability.

My response to Amazon was as follows:

Unless Amazon is willing to settle, I am going to sue Amazon, not waste time and money sending a subpoena. The attacks on my site came, on numerous occasions, from servers owned and operated by Amazon.

Amazon, moreover, repeatedly stonewalled my requests to find out who is accountable, both inside Amazon and in its client/s, whom it is unwilling to unmask despite acknowledgement of abuse (AWS staff already confirmed this in writing).

Please provide me with the address to serve legal papers to, as I am going to sue Amazon for damages, misconducts, and waste of my time.

In the mean time, I shall continue to publicly shame Amazon for this abusive behaviour, in various social media sites and my own e.g. http://schestowitz.com/Weblog/archives/2015/06/28/aws-ddos/

Just because you rent out computing resources does not exempt you from accountability for how these are used.

Updated (29/7/2015): Amazon AWS has just replied to me. Almost ONE MONTH late. I think I know now who knocked the site offline. Bad publicly (online) probably caused this belated reaction from Amazon. To quote AWS:

Dear abuse reporter,

We sincerely apologize for the delay in addressing this abuse case. Our customer has confirmed that the party responsible for this traffic has modified their crawler appropriately. If you’d like to prevent them from crawling your site in future, you can add the following directive to your robots.txt file:

User-agent: revivebot
Disallow: /

If this problem recurs, please open a new abuse report with timestamped logs showing the unwanted traffic. We will make every effort to work with you and our customer to reach a solution.

Thank you for your patience and attention to this matter.

Regards,
AWS Abuse team

One Response to “Amazon Says I Need to Sue in Order to Merely Find Out Who Uses Their Own Facilities (AWS) to Attack My Site (Update)”

  1. http://toobusytodate.net Says:

    I’m curious to find out what blog platform you have been utilizing?
    I’m experiencing some minor security problems with my latest site and I’d
    like to find something more safe. Do you have any suggestions?

Technical Notes About Comments

Comments may include corrections, additions, citations, expressions of consent or even disagreements. They should preferably remain on topic.

Moderation: All genuine comments will be added. If your comment does not appear immediately (a rarity), it awaits moderation as it contained a sensitive word or a URI.

Trackbacks: The URI to TrackBack this entry is:

http://schestowitz.com/Weblog/archives/2015/07/02/aws-ddos-and-stonewalling/trackback/

Syndication: RSS feed for comments on this post RSS 2

    See also: What are feeds?, Local Feeds

Comments format: Line and paragraph breaks are automatic, E-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Back to top

Retrieval statistics: 21 queries taking a total of 0.270 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|