DDOS attack on Spamhaus: biggest network security attack in history slows down internet access across the world

The internet around the world was slowed down last week in what network security experts are describing as the biggest cyber-attack of its kind in history. As network security attacks go, they can’t have come much bigger than this one. The slow-down was caused because of an escalating row between the spam-fighting group, Spamhaus, and a hosting firm, Cyberbunker. This led to a series of retaliation attacks which eventually affected the wider internet. Experts are now expressing concerns that this row has the potential to escalate even further and could eventually affecting global banking and email systems. The threat of the retaliation attacks was so overwhelming that five national cyber-police forces are now running investigations.

Spamhaus, a spam-fighting group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content. To achieve this, the group maintains a number of blocked lists; this is effectively a database of servers that are known to be being used for illegal or malicious purposes. In its most recent action Spamhaus blocked servers maintained by the Dutch web host, Cyberbunker. Cyberbunker has publicly claimed it will host anything, other than sites that contain terrorism-related material and child pornography. It was leniency, or rather a lack of robustness against network security threats that Spamhaus claimed forced its hand.

In a message published online, Sven Olaf Kamphuis, who claimed to be a spokesman for Cyberbunker, claimed that Spamhaus was abusing its position, and should not be allowed to decide “what goes and does not go on the internet”. Spamhaus, however, has alleged that Cyberbunker, in cooperation with “criminal gangs” from Eastern Europe and Russia, is unquestionably behind the attack. As yet Cyberbunker has refused to make a formal statement or issue a concrete denial.

Speaking to the BBC, Spamhaus chief executive, Steve Linford, claimed the sheer scale of the attack was unprecedented, stating:

“We’ve been under this cyber-attack for well over a week. But we’re up – they haven’t been able to knock us down. Our engineers are doing an immense job in keeping it up – this sort of attack would take down pretty much anything else.”

Mr Linford claimed he was unable to disclose more details because the five national cyber-police forces investigating the attacks were concerned that they too may suffer attacks on their own infrastructure.

The attackers used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable. In this particular case, Spamhaus’s Domain Name System (DNS) servers were targeted – the infrastructure that joins domain names – the website’s numerical internet protocol address. Mr Linford stated that the power of the attack was so strong as to be able to take down even government infrastructure:

“If you aimed this at Downing Street they would be down instantly,” he said. “They would be completely off the internet. These attacks are peaking at 300 Gbps. Normally when there are attacks against major banks, we’re talking about 50 Gbps.”

Spamhaus maintained that it had been able to cope as it had highly distributed infrastructure in a number of countries. The group is known to be supported by many of the world’s largest internet companies, including the likes of Google, who rely on it to filter unwanted material. These companies made their resources available to help Spamhaus absorb the extraordinary amount of high-activity traffic.

If your business needs help with security reviews, penetration testing or web security solutions, please contact Krypsys on 01273 044 072 or [email protected].