FBI arrests man for plan to kill 70% of Internet in AWS bomb attack

Authored by bleepingcomputer.com and submitted by Snardley

The FBI arrested a Texas man on Thursday for allegedly planning to "kill of about 70% of the internet" in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia.

Seth Aaron Pendley, 28, was charged via criminal complaint on Friday morning for attempting to destroy a building using C-4 plastic explosives he tried to buy from an undercover FBI employee.

The FBI got wind of the suspect's plans in January when he revealed his plot on the MyMilitia website using a 'Dionysus' handle, a forum used by militia members and supporters to organize and communicate.

FBI agents found in late January from another source Pendley contacted using the Signal encrypted messaging app that he was planning to use C-4 plastic explosives to attack Amazon's data centers in an attempt to "kill off about 70% of the internet," according to the criminal complaint filed today.

In February, Pendley shared with the source a hand-made map of Amazon's Virginia-based AWS data center "featuring proposed routes of ingress and egress at the facility."

The same source introduced the suspect to an undercover FBI employee posing as an explosives supplier at the end of March.

Pendley told the "supplier" that he was planning to bomb servers he believed were used by the FBI, CIA, and other US federal agencies. His plot also included taking down the "oligarchy" currently leading the United States.

Undercover FBI employee hands suspect a dud

He met with the undercover FBI employee on April 8 to get what he believed were explosive devices. Instead, he received inert devices.

The suspect was arrested by FBI agents after placing them into his car, following a demonstration from the "explosives supplier" on how to arm and detonate them.

If he is found guilty of planning to blow up Amazon's Virginia data center, Pendley faces up to 20 years in federal prison.

"We are indebted to the concerned citizen who came forward to report the defendant’s alarming online rhetoric," Acting US. Attorney Prerak Shah said.

"In flagging his posts to the FBI, this individual may have saved the lives of a number of tech workers.

"We are also incredibly proud of our FBI partners, who ensured that the defendant was apprehended with an inert explosive device before he could inflict real harm."

Amazon shared the following statement with BleepingComputer about the planned attack.

“We would like to thank the FBI for their work in this investigation. We take the safety and security of our staff and customer data incredibly seriously, and constantly review various vectors for any potential threats. We will continue to retain this vigilance about our employees and customers.” - An AWS Spokesperson.

Update 4/9/21 6:02 PM EST: Added statement from Amazon

tristanjones on April 10th, 2021 at 01:43 UTC »

For everyone wondering, no that is not how that works.

70% of the internet is not critically dependent on a single building. Even if 70% of traffic were to flow through a single building, it can be rerouted.

Most of AWS services have these redundancies built in automatically. For the cases where you would be at risk, any minimally competent company has implemented what they need to fall over to other buildings if an outage occurred. (Don't worry I don't trust most companies to be competent, just that outages have occurred before, so they've already learned this the hard way).

Lastly, the majority of your internet usage is via a very small subset of services. Netflix, Google, Facebook, Reddit, etc. All of these companies already make the same info available on the fly anywhere in the world.

When you watch a movie on Netflix on the West Coast, you are not streaming from a datacenter on the East Coat. Netflix uploads their videos to hundreds of datacenters around the world. If you blew up a datacenter in Virginia, all you likely did was make some videos take a millisecond longer to load.

Now in fairness there would be some impact. When AWS has outages websites are effected, but a temporary impact to websites like these is not the end of the world: 1Password, Acorns, Adobe Spark, Anchor, Autodesk, Capital Gazette, Coinbase, DataCamp, Getaround, Glassdoor, Flickr, iRobot, The Philadelphia Inquirer, Pocket, RadioLab, Roku, RSS Podcasting, Tampa Bay Times, Vonage, The Washington Post, and WNYC

riazrahman on April 9th, 2021 at 22:54 UTC »

Someone was watching too much Mr. Robot

Acceptable-Task730 on April 9th, 2021 at 22:16 UTC »

Was his goal achievable? Is 70% of the internet in Virginia and run by Amazon?