The “D” in “DDOS” stands for “distributed”, and it means that there are many computers on the attacking side.

Those can be from a botnet where the attacker has managed to install some sort of software on them. Or they can even be volunteers, where somebody posts a call for action on some forum and people voluntarily join in.

If you consider that somebody with a good connection might easily have 100 Mbps or more available, it adds up to big numbers very quickly.

Also consider that while Blizzard has a lot of servers, individually they’re not that strong. If a given machine has say, 10 Gbps networking, then that particular machine only needs to be attacked by about a hundred machines or so. Bringing down a single machine might be plenty. It could be a particular server the attacker wants down, or worse it might be some sort of central authentication server. Then nobody can log in even though you’ve just taken 1% of the datacenter’s total capacity.

Then there are amplification attacks. For instance, if you find something you can send to a server that’s small but produces a large response, this works in your favor. You send 100 bytes of junk, you get a 1KB error page back, that’s the victim doing your work for you. Now you only need 1/10th of the bandwidth on your side to take up all of theirs.

One can also attack other resources rather than just the network. For instance if disks are slower, or if some particular action consumes a lot of CPU time you can get a lot of effect that way. If the server needs 10 ms to process a given command, you only need to send 100 of those per second, and suddenly the CPU is 100% busy.