Massive Cyberattack ‘Slows Down The Internet’
A row between an anti-spam firm and a web-hosting company leads to the largest DDoS attack ever recorded, with knock-on effects.
A dispute between a web-hosting company and a spam-prevention group has unleashed a cyberattack so concentrated it is reportedly slowing down the internet. Spamhaus offers spam-blocking services by patrolling the web for prolific spammers and publishing server details of the worst offenders. It claims to block 50 billion junk emails every day. Cyberbunker offers web-hosting services. The Dutch company has previously been accused of turning a blind eye when organisations host illegal content on their servers.
The dispute began when Spamhaus allegedly added Cyberbunker to its blacklist. Spamhaus’ internet servers were soon after subject to a Distributed Denial of Service attack (DDoS). A DDoS attack floods its target with vast amounts of meaningless data from multiple sources distributed across the internet until the target’s computers cannot cope and its internet traffic becomes “jammed”. At its height, the strike on Spamhaus is understood to have involved an attack rate of 300 gigabytes per second, making it the largest DDoS attack ever recorded.
The attacks have reportedly had the knock-on effect of slowing down traffic on other parts of the internet.
David Emm, a senior security researcher with Kaspersky Labs, explained how the large amount of data flowing towards Spamhaus was affecting other parts of the internet. “Data flow generated by the attack can affect the performance of the network nodes on the internet it flows through,” he said. “It’s like if someone wanted to flood my letterbox with junk mail it would all have to go through the delivery office and that would have an effect on the delivery of other people’s letters. If the mail is coming from all over the place it will have some impact on the wider delivery.”
Despite the scale of the attack, at UK broadband provider Thinkbroadband claimed the affect on overall internet speeds would be negligible. A spokesperson said: “Thinkbroadband’s latest speed tests in the UK reveals there has been no major slow down at UK Internet providers. Although some parts of the Internet and services may be having problems, it is not a major meltdown or logjam.”
Although it is not clear whether the attack originated from Cyberbunker, Spamhaus has accused it of co-operating with cybercrime organisations from Eastern Europe to orchestrate the attacks. Spamhaus issued a statement saying: “Spamhaus experienced a large-scale DDoS attack over the past weekend and extending into this week. “Although this site and our mail were knocked down for a while, our data systems continued to work normally throughout the attack. Due to the unpredictable nature of DDoS attacks, we can’t provide an estimate of that progress, but we want those systems up as much as you do”.
Internet security firm CloudFlare was asked by Spamhaus to help defend against the attacks. A statement posted on the CloudFlare website warned these types of cyber-strikes are difficult to defend. “These very large attacks are known as Layer 3 attacks,” the company said. “Put simply, if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn’t matter what intelligent software you have to stop the attack because your network link is completely saturated. While we don’t know who was behind this attack, Spamhaus has made plenty of enemies over the years. Spammers aren’t always the most lovable of individuals and Spamhaus has been threatened, sued and DDoSd regularly.”
Cyberbunker claims to host any material, with the exception of those containing child abuse images or terrorism-related content. The company states on its website: “We do not poke around on your servers. Customers are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine.
“Cyberbunker has adopted a policy not to mind our clients’ business. Most of our customers desire to stay anonymous. In most cases we have no idea who or where our customers actually are. We do not know and we simply don’t care.”
The company takes its name from the location of its internet servers; a former military bunker located outside the town of Kloetinge in the Netherlands.
Five cybercrime agencies are reportedly looking into the attacks.