Anonymous and DoS Attacks in General

I'm sure everyone's heard of Anonymous and groups perpetrating DoS attacks (especially recently on RIAA, MPAA, DoJ, etc for MegaUpload). I'm curious what sort of harm, if any, this does to these websites that are being attacked?

Does it affect email and all that stuff? The media seems to make it seem like some big deal, but as far as I can tell, it's just a mild inconvenience when you can't access the homepage of the Motion Pictures Association for two hours.

Am I missing something? Simply organizing a DoS of that sort just doesn't seem like too big of a deal.

Well our Anonymous friends in protest of the San Francisco BART transit system's actions of shutting off the underground cell phone relays during an anti-police demonstration decided to hack the transit system website and thought that they'd perform a wonderful public service by revealing the email address and password of some 35,000 transit riders.

Most company and organization websites do business, a DoS attack interrupts their business. Attacking a site such as Amazon for even a few hours could cause millions of dollars in actual demonstrable damages.

Whenever I read about things like this I cheer for arrests to be made.

As far as the DDoS attacks go, they are nothing more than a mild inconvenience. None of those organizations relies significantly on their website for business, and they are big enough that they can easily afford to isolate their web servers from their other servers (email, databases, internal ops, etc.). So a DDoS against their public site really does nothing except stop people from accessing their public site. Since their sites are primarily for publicity, the DDoS attacks might actually help these organizations more than they hurt them, since the attack tends to focus the media on the attacked organization (giving them free publicity).

Additionally, the only reason a group like Anonymous is able to DDoS them at all is precisely because their public sites are not important. The RIAA/MPAA/DoJ/etc. don't get many visitors at all relative to Amazon or Google, so an attack from Anonymous generates a large spike in traffic. Major E-Commerce sites like Amazon and Google that actually deal with large volumes of traffic on a regular basis would be totally unaffected by even the largest DDoS attack Anonymous has ever run.

Furthermore, the Anonymous DDoS attacks are not very sophisticated. They can easily be blocked with a few carefully crafted firewall rules.

The leaking of account details is just dumb. Those people deserve lengthy jail sentences.

This is what I was primarily curious about and pretty much what I figured.

And yeah, I feel the same way y'all do about the information releasing...especially in respect to the AZ border patrol officers info that was released back in June or so.

"Doxing" someone, releasing their personal information online as a sort of vigilante justice, is different than randomly dumping a customer database in public. In some cases, like the recent lawsuit which was finally brought against Anthony Bologna, doxing public figures was the only way anyone was going to actually get justice.

DDoS isn't the only talent Anon has, however. If anyone remembers the HB Gary incident, an entire company collapsed and Aaron Barr's life was ruined over an Anonymous attack, which is my opinion was completely justified, as Barr was about to incriminate innocent people using his ridiculous "algorithms."

To answer your question directly: Against an online merchant, a DDoS will interrupt their core business operations. They will be unable to take orders and will be unable to make money. A clever network admin will be able to restore functionality, but sites without decent networking guys (Which are incredibly common) will suffer.

Against a government service, public organization, or any other non-money-taking website, a DDoS will only generate media interest and sympathy on both sides of the argument.

Deeper hacks can do a lot more, to both sides.

Although a DDoS attack does what has already been mentioned, methinks the biggest reason from Anonymous' point of view is the media interested generated by these attack. Almost everytime they do a new attack on a website, it's widely publicized.