Editor’s Note: A taste of things to come?
From: Wired (UK)
By Ian Steadman
A cyber attack described as the largest in history is currently underway, and it’s apparently all because of an argument over some spam.
The Spamhaus Project, based in both London and Geneva, produces lists of email addresses and servers that are known to send out things that most people won’t want, from penis enlargement scams to malware and viruses. Its decisions are incredibly influential, and it seems as though someone isn’t too happy about being blocked, since right now, a vast cyber attack is directed right at Spamhaus, threatening the internet’s core infrastructure.
The distributed denial of service (DDoS) attacks are so large that, currently, they’re peaking at a reported 300gb/s (that’s three hundred gigabits a second) of data. For comparison, that’s roughly a sixth the practical functioning capacity of one of the major transatlantic cables, TAT-14. Most people are judging this to be the largest DDoS attack in the history of the internet. Spamhaus’s Vincent Hanna confirmed that this was the largest such attack aimed at Spamhaus so far, and confirmed that it could “certainly” affect internet traffic elsewhere.
He said: “Core internet infrastructure may get overwhelmed by the amount of traffic involved in an attack. When this happens other traffic may get impacted too. Compare it to a big highway: If the traffic jam gets big enough the onramps will slow down and fill up, and the roads to the onramps will fill up too.”
According to a blog on the site of web security company Cloudfare (we were directed to it by Hanna), the first attack happened on 18 March. It said: “The attack was large enough that the Spamhaus team wasn’t sure of its size when they contacted us. It was sufficiently large to fully saturate their connection to the rest of the internet and knock their site offline. These very large attacks, which are known as Layer 3 attacks, are difficult to stop with any on-premise solution. Put simply: if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn’t matter what intelligent software you have to stop the attack because your network link is completely saturated.”
The attacks have been continuing since then, growing larger and larger in size. For most people, there’s one main suspect. Last month, Spamhaus added the servers of Cyberbunker to its spam lists. Cyberbunker is a server company based in a decommissioned Nato bunker in the Dutch town of Kloetinge. Outside of the bunker live dozens of rabbits; inside are servers which host everything “except child porn and anything related to terrorism”, according to its website.
The sheer quantiy of spam emanating from Cyberbunker’s servers (showing as the address “cb3rob.net”) led Spamhaus to block all of its traffic, a decision which infuriated many people. Cyberbunker has been linked with criminal gangs from Russia and other Eastern European nations, contributing to Spamhaus’s decision to block its traffic.
This isn’t the first large attack on Spamhaus — as you might expect, an organisation dedicated to stopping spam and scammers isn’t going to be popular with some shady people — but it is remarkable in it scale.
Hanna said: “Some people online claim that we are not accountable and can just ‘censor’ anything we want. This is obviously not the case. Not only do we have to operate within the boundaries of the law, we are also accountable to our users. If we started advising our users not to accept mail from certain places where they actually do want email from, they would be very quick to stop using our data because it’s obviously not working right for them.”
The attacks coincide with the launch of a new initiative by the British government to help businesses and law enforcement agencies better share information on cyber attacks, which has been rather optimistically likened to a “secure Facebook“. Cyber crimes units are currently looking into the Spamhaus attacks.