If you haven’t heard about it, Amazon was hit by a pretty interesting attack a few days back, and I thought I should quickly talk about it. A guy named weev was upset that Amazon was pulling the adult content off the site because they were keeping gay and lesbian content. So he found himself a CAPTCHA breaking crew (presumably from this site since he mentioned it) and paid them to create a ton of accounts. Then he used those account to mark all the homosexual materials as offensive content. It took a while for Amazon to recover. You can find a lot of references to the event on Twitter.
So in looking at the scripts weev wrote, although simple they were very effective in the short term. It cause Amazon a lot of grief. There’s a new company called Silver Tail Systems that’s working on an anti-automation/anti-fraud system that would have caught this type of attack in a number of different ways. Namely things like IP address, failure to follow flows properly, HTTP headers, and so on - all leave pretty obvious signals to an automated process. Anyway, I thought it was an interesting attack. Certainly not something you see every day.