Major outage hits Amazon Web Services; many sites affected
Washington, Dec 8 (AP) Amazon's cloud-service network suffered a major outage Tuesday, the company said, disrupting access to many popular sites. The service provides remote computing services to many governments, universities and companies, including The Associated Press.
Roughly five hours after numerous companies and other organizations began reporting issues with Amazon Web Services, the company said in a post on the AWS status page that it had mitigated the underlying problem responsible for the outage. Shortly thereafter, it reported that many services have already recovered but noted that others were still working toward full recovery.
The issue primarily affected Amazon web services in the eastern U.S., it said. Problems began midmorning on the U.S. East Coast, said Doug Madory, director of internet analysis at Kentik Inc, a network intelligence firm - among them, Amazon's own e-commerce operations.
In a statement, Amazon spokesperson Richard Rocha confirmed that Amazon's warehouse and delivery operations had also experienced issues as a result of the AWS outage. Rocha added that the company is working to resolve the issue as quickly as possible.
Customers trying to book or change trips with Delta Air Lines had trouble connecting to the airline. Delta is working quickly to restore functionality to our AWS-supported phone lines, said spokesperson Morgan Durrant. The airline apologised and encouraged customers to use its website or mobile app instead.
Dallas-based Southwest Airlines said it switched to West Coast servers after some airport-based systems were affected by the outage. Customers were still reporting outages to DownDetector, a popular clearinghouse for user outage reports, more than three hours after they started. Southwest spokesman Brian Parrish said there were no major disruptions to flights.
Toyota spokesman Scott Vazin said the company's U.S. East Region for dealer services went down. The company has apps that access inventory data, monthly payment calculators, service bulletins and other items. More than 20 apps were affected.
Also according to DownDetector, people trying to use Instacart, Venmo, Kindle, Roku, and Disney+ reported issues. The McDonald's app was also down. But the airlines American, United, Alaska and JetBlue were unaffected. Kentik saw a 26% drop in traffic to Netflix, among major web-based services affected by the outage.
Madory said he did not believe the outage was anything nefarious. He said a recent cluster of outages at providers that host major websites reflects how the networking industry has evolved. More and more these outages end up being the product of automation and centralization of administration, he said. This ends up leading to outages that are hard to completely avoid due to operational complexity but are very impactful when they happen.
Technologist and public data access activist Carl Malamud said the outage highlights just how badly the internet's original design goal -- to be a distributed network with no central point of failure, making it resilient to mass disasters such as nuclear attack -- has been warped by Big Tech.
When we put everything in one place, be it Amazon's cloud or Facebook's monolith, we're violating that fundamental principle, said Malamud, who developed the internet's first radio station and later put a vital U.S. Security and Exchange Commission database online. We saw that when Facebook became the instrument of a massive disinformation campaign, we just saw that today with the Amazon failure.
It was unclear how, or whether, the outage was affecting the federal government. The U.S. Cybersecurity and Infrastructure Security Agency said in an email response to questions that it was working with Amazon to understand any potential impacts this outage may have for federal agencies or other partners.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
CERT-In warns of ‘ghostpairing’ attack targeting whatsApp users, flags high-risk account takeovers
New Delhi: India’s national cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), has issued a high-severity alert warning WhatsApp users of an active account takeover campaign using a new technique known as “GhostPairing," in an advisory released on December 19.
CERT-In said cybercriminals are exploiting WhatsApp’s device-linking feature to gain unauthorised access to user accounts without the need for passwords or SIM card swaps, as reported by The Indian Express. The attackers, the agency warned, deceive users into entering pairing codes, which silently grants control of the account to a malicious device.
ALSO READ: Teen killed in alleged honour killing over inter-community relationship, brother, his friend arrest
According to CERT-In, the GhostPairing method works by tricking victims into approving an attacker’s browser as a trusted linked device. The advisory said, “The attack manipulates users into granting access through a pairing code that appears legitimate." It further added that once access is granted, attackers can fully operate the account through WhatsApp Web.
Last month, the Department of Telecommunications directed messaging platforms such as WhatsApp, Signal and Telegram to implement continuous SIM binding which required accounts to remain linked to an active SIM card. As part of this directive, companion web sessions are expected to be logged out periodically and re-authenticated using QR codes.
CERT-In said the GhostPairing campaign typically begins with a message appearing to come from a trusted contact, often reading, “Hi, check this photo”. The message contains a link designed to mimic a Facebook-style preview, and clicking the link leads users to a fake verification page, where they are prompted to enter their phone number and a code. Victims unknowingly allow attackers to link their WhatsApp account to an external device, by completing these steps,.
Once compromised, attackers can access messages, photos, videos and voice notes in real time, and can impersonate the victim to send messages to individual contacts or groups, the agency said.
The advisory also noted that WhatsApp currently allows multiple devices to be linked to a single account, a feature that is being misused in such attacks. In October, the Indian Cybercrime Coordination Centre under the Ministry of Home Affairs had flagged a related trend involving scammers using social media advertisements to lure users into linking their WhatsApp accounts.
While the government’s SIM-binding push is intended to limit such fraud, it has raised concerns among legal experts and digital rights groups, who argue that constant SIM verification, could affect privacy and disrupt multi-device usage, particularly for professionals.
To reduce risk, CERT-In has urged users to avoid clicking on suspicious links, even if they appear to come from known contacts, and to never enter phone numbers or verification codes on external websites claiming to be linked to WhatsApp or Facebook. Users have also been advised to regularly review the “Linked Devices” section within WhatsApp settings and immediately log out of any unfamiliar sessions.
For organisations relying on WhatsApp for communication, the agency has recommended security awareness training, closer monitoring for phishing attempts, and the establishment of clear response protocols to detect and contain account compromises quickly.
